Why Does My Firefox OS App Get a 'Cross-Origin Request Blocked' Error Even with CORS Enabled?

Cross-Origin Request Blocked Due to XMLHttpRequest Restriction

Question:

Attempting to access a RESTful POST service from a Firefox OS app results in a "Cross-Origin Request Blocked" error, even though the back-end server has set "Access-Control-Allow-Origin: *" in its HTTP response headers.

Solution:

The issue lies in the JavaScript code creating the XMLHttpRequest request:

var request = new XMLHttpRequest();

To make cross-site POST requests in a Firefox OS app, the XMLHttpRequest object must be created in privileged mode, using mozSystem:

var request = new XMLHttpRequest({mozSystem: true});

Implementation Details:

1. mozSystem: Setting mozSystem to true permits cross-site connections without needing CORS server-side configuration. However, it requires setting mozAnon: true, which prevents sending cookies or other user credentials. This feature is only available to privileged (reviewed) apps and not arbitrary web pages.
2. Manifest Update: To grant your app the necessary permission, include the following line in your manifest's "permissions" section:

"permissions": {
       "systemXHR" : {},
}

By implementing these changes, your Firefox OS app will be able to make cross-origin POST requests to your Go service.

The above is the detailed content of Why Does My Firefox OS App Get a 'Cross-Origin Request Blocked' Error Even with CORS Enabled?. For more information, please follow other related articles on the PHP Chinese website!