Security.fileuri.origin policy

From MozillaZine Knowledge Base

The title given to this article is incorrect due to technical limitations. The correct title is security.fileuri.origin_policy.

This article describes the preference security.fileuri.origin_policy. To add, delete, or modify this preference, you will need to edit your configuration — do not edit this article.

1 Background
2 Possible values and their effects
- 2.1 0
- 2.2 1
- 2.3 2
- 2.4 3
- 2.5 4
3 Caveats
4 Recommended settings
5 First checked in
6 Has an effect in
7 Related bugs
8 See also

[edit]

Background

When local HTML files (e.g., those located on your hard drive) are loaded into the browser, the scripts and links within have restrictions on what they can see and do. Those restrictions are determined by the same-origin policy for local files, which this preference controlled. This preference has since been replaced with security.fileuri.strict_origin_policy.

[edit]

Possible values and their effects

[edit]

0

Local documents only have access to themselves.

[edit]

1

Local documents have access to themselves and any other documents in the same directory.

[edit]

2

Local documents have access to themselves, any documents in the same directory, and any documents in subdirectories. (Default)

[edit]

3

Local documents have access to all other local documents, but not directory listings.

[edit]

4

Local documents have access to all other local documents, including directory listings.

[edit]

Caveats

Before this preference was implemented, the security policy was the same as this preference set to 4 (local documents have no restrictions).

[edit]

Recommended settings

If you do development with local files and need to be able to retrieve other local files, you’ll need to set this preference to 3. Otherwise, lower settings offer the most security.

[edit]