Closed
Bug 502421
Opened 16 years ago
Closed 16 years ago
capability.policy.default.XMLHttpRequest.open=sameOrigin does not work in 3.5
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: v7tw7v, Unassigned)
References
Details
Attachments
(1 file, 1 obsolete file)
|
883 bytes,
text/html
|
Details |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5
How to disable XMLHttpRequest cross-origin in 3.5?
Setting capability.policy.default.XMLHttpRequest.open to sameOrigin does not work
Reproducible: Always
Steps to Reproduce:
1. put user_pref("capability.policy.default.XMLHttpRequest.open", "sameOrigin"); in prefs.js
2. run cross-origin XMLHttpRequest, such as in attached html
|
Reporter | |
Comment 1•16 years ago
|
||
|
||
Comment 2•16 years ago
|
||
I get "Error: returned status code 0 Found" as result. This started on 30 Sep 2008: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=1949346e6006&tochange=6e39da3e3e20
Blocks: xxx
Version: unspecified → 3.5 Branch
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=1949346e6006&tochange=6e39da3e3e20 looks like the obvious pick.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Or https://bugzilla.mozilla.org/show_bug.cgi?id=389508 . In fact that one is far more likely, lol.
|
|
Reporter | |
Comment 5•16 years ago
|
||
|
|
Reporter | |
Updated•16 years ago
|
Attachment #386853 -
Attachment is obsolete: true
|
|
Reporter | |
Updated•16 years ago
|
Attachment #386883 -
Attachment description: XMLHttpRequest example → update XMLHttpRequest example, shows if cross-site is ok or not
|
|
Reporter | |
Updated•16 years ago
|
Attachment #386883 -
Attachment description: update XMLHttpRequest example, shows if cross-site is ok or not → updated XMLHttpRequest example, shows if cross-site is ok or not
|
|
Reporter | |
Comment 6•16 years ago
|
||
updated example to show if cross-site is ok or not
so it's been fixed already?
Indeed, CAPS simply wasn't powerful enough to be able to support the old preference here. Instead set the pref "content.cors.disable"
|
||
Updated•16 years ago
|
Component: Preferences → DOM
Product: Firefox → Core
QA Contact: preferences → general
Version: 3.5 Branch → unspecified
|
|
||
Comment 8•16 years ago
|
||
Is this WONTFIX, then?
IMHO yes
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → WONTFIX
|
Assignee | |
Updated•7 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•