Security.fileuri.strict origin policy

From MozillaZine Knowledge Base

The title given to this article is incorrect due to technical limitations. The correct title is security.fileuri.strict_origin_policy.

This article describes the preference security.fileuri.strict_origin_policy. To add, delete, or modify this preference, you will need to edit your configuration — do not edit this article.

1 Background
2 Possible values and their effects
- 2.1 True
- 2.2 False
3 Recommended settings
4 First checked in
5 Has an effect in
6 Related bugs
7 Related preferences
8 See also

[edit]

Background

When local HTML files (e.g., those located on your hard drive) are loaded into the browser, the scripts and links within have restrictions on what they can see and do. Those restrictions are determined by the same-origin policy for local files, which this preference controls.

This preference obsoletes security.fileuri.origin_policy.

[edit]

Possible values and their effects

[edit]

True

Local documents have access to other local documents in the same directory and in subdirectories, but not directory listings. (Default)

[edit]

False

Local documents have access to all other local documents, including directory listings.

[edit]

Recommended settings

If you do development with local files and need to be able to retrieve other local files, you may need to set this preference to false. Otherwise, leaving it set to true offers the most security.

[edit]