Security.fileuri.origin policy: Difference between revisions
No edit summary |
No edit summary |
||
| Line 2: | Line 2: | ||
==Background== | ==Background== | ||
When local HTML files (e.g., those located on your hard drive) are loaded into the browser, the scripts and links within have restrictions on what they can see and do. Those restrictions are determined by the same-origin policy for local files, which this preference | When local HTML files (e.g., those located on your hard drive) are loaded into the browser, the scripts and links within have restrictions on what they can see and do. Those restrictions are determined by the same-origin policy for local files, which this preference controlled. This preference has since been replaced with [[security.fileuri.strict_origin_policy]]. | ||
==Possible values and their effects== | ==Possible values and their effects== | ||
| Line 30: | Line 30: | ||
==Has an effect in== | ==Has an effect in== | ||
* Mozilla Firefox (nightly builds | * Mozilla Firefox (nightly builds between 2007-09-06 and 2008-03-20) | ||
* SeaMonkey (nightly builds | * SeaMonkey (nightly builds between 2007-09-06 and 2008-03-20) | ||
==Related bugs== | ==Related bugs== | ||
* [https://bugzilla.mozilla.org/show_bug.cgi?id=209234 Bug 209234 - local files can read directory listings] | * [https://bugzilla.mozilla.org/show_bug.cgi?id=209234 Bug 209234 - local files can read directory listings] | ||
* [https://bugzilla.mozilla.org/show_bug.cgi?id=230606 Bug 230606 - Tighten the same-origin policy for local files (file: URLs, trusted, security)] | * [https://bugzilla.mozilla.org/show_bug.cgi?id=230606 Bug 230606 - Tighten the same-origin policy for local files (file: URLs, trusted, security)] | ||
* [https://bugzilla.mozilla.org/show_bug.cgi?id=402983 Bug 402983 - Security checks that should be symmetric are now asymmetric] | |||
==See also== | ==See also== | ||
* [[Links to local pages do not work]] | * [[Links to local pages do not work]] | ||
[[Category: | [[Category:Unused preferences]] | ||
Latest revision as of 01:10, 28 March 2008
Background
When local HTML files (e.g., those located on your hard drive) are loaded into the browser, the scripts and links within have restrictions on what they can see and do. Those restrictions are determined by the same-origin policy for local files, which this preference controlled. This preference has since been replaced with security.fileuri.strict_origin_policy.
Possible values and their effects
0
Local documents only have access to themselves.
1
Local documents have access to themselves and any other documents in the same directory.
2
Local documents have access to themselves, any documents in the same directory, and any documents in subdirectories. (Default)
3
Local documents have access to all other local documents, but not directory listings.
4
Local documents have access to all other local documents, including directory listings.
Caveats
- Before this preference was implemented, the security policy was the same as this preference set to 4 (local documents have no restrictions).
Recommended settings
If you do development with local files and need to be able to retrieve other local files, you’ll need to set this preference to 3. Otherwise, lower settings offer the most security.
First checked in
Has an effect in
- Mozilla Firefox (nightly builds between 2007-09-06 and 2008-03-20)
- SeaMonkey (nightly builds between 2007-09-06 and 2008-03-20)
Related bugs
- Bug 209234 - local files can read directory listings
- Bug 230606 - Tighten the same-origin policy for local files (file: URLs, trusted, security)
- Bug 402983 - Security checks that should be symmetric are now asymmetric
