Firefox 48 has a new security restriction that blocks javascript calls in iframes if the port is different. Is there a way to disable this in about:config or some other setting (basically disable the same origin policy)?
I work on an enterprise website. The site has a page like a.site.com:12345 which has an iframe b.site.com:12346. We are setting document.domain=".site.com" for both pages. The b.site.com iframe is able to make javascript calls to the parent window and access the a.site.com dom. This is working for all current versions of browsers and works in firefox 47 and lower. The new firefox 48 does not allow these calls since the ports are different.
Our production environment is fine since in prod all servers use the same SSL port but in our test environment all the servers use different/non standard SSL ports. This means we are not able to test firefox 48 without moving code to production and is halting testing efforts. While disabling the same origin policy is not desirable it is better than not testing at all. How can I disable this new security restriction?
The issue is fixed in firefox 49 nightly beta build. Looks like this was a firefox 48 issue alone.