[st3fan]

I don't think the Content Security Policy for standalone Firefox OS apps allows that. I think it is all or nothing; you are either a packaged and self-contained 'privileged' app, or you are a web app that is loaded from the web.

[kumar303]

You can use CORS in a packaged app to talk to your own web service http://en.wikipedia.org/wiki/Cross-origin_resource_sharing or you need XHR permissions such as

"permissions": { "systemXHR": {} }

https://developer.mozilla.org/en-US/docs/Apps/App_permission... Some info

[briansmith]

The way pnathan described his app, systemXHR doesn't seem to make sense for it. You usually only need systemXHR when you are writing an app that talks to a third-party server that you cannot control and that you cannot convince to enable CORS. systemXHR also has different handling of cookies and HTTP authentication credentials.

[st3fan]

Yes, but you cannot load external scripts. Only content or XHR. I thought the OP was talking about loading code over the network.

[pnathan]

It'll be a web app loaded from the web.