localhost :: cross domain ajax

ajax localhost

It's very possible. Let's start with a dev browser.

Step 1: Download Chromium

Windows -- http://www.chromium.org/getting-involved/download-chromium

Mac -- http://www.macupdate.com/app/mac/36244/chromium/

There should be a build ready to go, but these locations change over time. So if these end up with 404's do a Google search for Windows Chromium Download and you'll find it.

Step 2: Then run the executable with this flag after it. --disable-web-security

Windows -- Create a shortcut to the executable and tag this in the Properties. Or run from [CMD].

Mac -- Open up a terminal and run this straight from there with the flag.

And, you should be good to go. I also setup a quick Apache service and run through a 127.0.0.1 configured domain, but localhost should be just fine. Here's proof.

Cross-domain security block disabled

I hope this helps you!


No, it's absolutely not possible. If it could be disabled by the user then it would be the main target for anyone with nefarious or dubious intent, and as prone as any other software to exploitation. It's difficult enough making secure software, without painting on even more attractive targets.

The only way to implement cross-domain Ajax is to route requests via a server-side script.

It's worth mentioning that there is, perhaps, a glimmer of hope for you: in the form of cross-window messaging with HTML 5 postMessage

It's probably worth your having a read of some related (though I'm not sure they're duplicate) questions:

  • Why the cross-domain Ajax is a security concern?
  • Firefox Cross Domain Request

Edited in response to comment:

So you mean have a script that takes the params, adds them to the request, sends it out, and then echos out the response object?

Essentially yes. In picture format:

client  |--------------> | server side |----------------------->  | remote domain
browser | <----ajax------|   script    | <------------------------|--/

Edited to add that this is now sort of possible, using Cross-Origin Resource Sharing (CORS); in which a script from one domain sends an Origin HTTP header stating the URL of the page, and the server can respond (if configured to do so) with either an error (if CORS is disabled, or unsupported) or with any requested data.

References:

  • CORS compatibility.
  • Cross-Origin Resource Sharing, at the W3.org.
  • Enable Cross-Origin Resource Sharing.

Related

QTextEdit and colored bash-like output emulation
What happens when an object is assigned to another object
Forced conversion of non-numeric numpy arrays with NAN replacement
GLUT on OS X with OpenGL 3.2 Core Profile
Browser displays � instead of ´
Why this behavior when coercing a list to character via as.character()?
Reference javax.script.ScriptEngine in android or evaluate a javascript expression
How to enable auto start for an app in xiaomi programmatically
transition for background-image in firefox?
How to connect to external MongoDB instance in Meteor?
How to insert Hindi language in Mysql
R: What do you call the :: and ::: operators and how do they differ?