Almost everywhere you look, people refer to the about:config and the security.fileuri.strict_origin_policy. Sometimes also the network.http.refere.XOriginPolicy.
For me, none of these seem to have any effect.
This comment implies there is no built-in way in Firefox to do this (as of 2/8/14).
Related Contents:
- In what cases will HTTP_REFERER be empty
- When do browsers send the Origin header? When do browsers set the origin to null?
- Disable firefox same origin policy
- Firefox ‘Cross-Origin Request Blocked’ despite headers [closed]
- Is it safe to enable CORS to * for a public and readonly webservice?
- Is it safe to enable ”Access-Control-Allow-Origin: *“ (wildcard) for a public and readonly webservice?
- How does the SQL injection from the “Bobby Tables” XKCD comic work?
- What is the best way to implement “remember me” for a website? [closed]
- How to redirect all HTTP requests to HTTPS
- Difference between Hashing a Password and Encrypting it
- Are HTTP cookies port specific?
- Is “double hashing” a password less secure than just hashing it once?
- How do I create a self-signed certificate for code signing on Windows?
- What is token-based authentication?
- What is the best way to prevent session hijacking?
- The necessity of hiding the salt for a hash
- How to create cross-domain request?
- Best way to handle security and avoid XSS with user entered URLs
- SSL and man-in-the-middle misunderstanding
- What are the integrity and crossorigin attributes?
- Will HTML Encoding prevent all kinds of XSS attacks?
- Where do you store your salt strings?
- How to enable cross-origin resource sharing (CORS) in the express.js framework on node.js
- SPA best practices for authentication and session management
- Why is using a Non-Random IV with CBC Mode a vulnerability?
- What algorithm should I use to hash passwords into my database? [duplicate]
- Differences Between Rijndael and AES
- Best Practices: Salting & peppering passwords?
- How are software license keys generated?
- Payment Processors – What do I need to know if I want to accept credit cards on my website? [closed]
- What is the most secure seed for random number generation?
- How do I store and retrieve credentials from the Windows Vault credential manager?
- Why not use MD5 for password hashing?
- Are Google Cloud Functions protected from DDoS attacks?
- Docker and securing passwords
- Send mail via Gmail with PowerShell V2’s Send-MailMessage
- CORS and phonegap apps
- IIS7, web.config to allow only static file handler in directory /uploads of website
- How to pass the value of a variable to the standard input of a command?
- Javascript module not working in browser?
- How will a server become vulnerable with chmod 777?
- What is a retpoline and how does it work?
- Is it worth encrypting email addresses in the database?
- SSL Error: unable to get local issuer certificate
- curl – Is data encrypted when using the –insecure option?
- Is it OK to return a HTTP 401 for a non existent resource instead of 404 to prevent information disclosure?
- Enable CORS in Golang
- Why does a cross-origin HEAD request need a preflight check?
- Difference between CSRF and X-CSRF-Token
- Understanding CSRF