MozillaZine

Security.fileuri.origin policy

From MozillaZine Knowledge Base

Contents

Background

When local HTML files (e.g., those located on your hard drive) are loaded into the browser, the scripts and links within have restrictions on what they can see and do. Those restrictions are determined by the same-origin policy for local files, which this preference controlled. This preference has since been replaced with security.fileuri.strict_origin_policy.

Possible values and their effects

0

Local documents only have access to themselves.

1

Local documents have access to themselves and any other documents in the same directory.

2

Local documents have access to themselves, any documents in the same directory, and any documents in subdirectories. (Default)

3

Local documents have access to all other local documents, but not directory listings.

4

Local documents have access to all other local documents, including directory listings.

Caveats

  • Before this preference was implemented, the security policy was the same as this preference set to 4 (local documents have no restrictions).

Recommended settings

If you do development with local files and need to be able to retrieve other local files, you’ll need to set this preference to 3. Otherwise, lower settings offer the most security.

First checked in

2007-09-06 by Daniel Veditz

Has an effect in

  • Mozilla Firefox (nightly builds between 2007-09-06 and 2008-03-20)
  • SeaMonkey (nightly builds between 2007-09-06 and 2008-03-20)

Related bugs

See also