diff options
author | wolfbeast <mcwerewolf@wolfbeast.com> | 2019-07-20 14:56:26 +0200 |
---|---|---|
committer | wolfbeast <mcwerewolf@wolfbeast.com> | 2019-07-20 14:56:26 +0200 |
commit | 33b6f178d16f94df7de98d1316f563f14a2bedd5 (patch) | |
tree | e16427f59d80337e39b2e66fcd281c4a6802cc8f /modules | |
parent | aae0bfd5b8e4ac85d97cdce4a0fcd405f3160cd7 (diff) | |
download | uxp-33b6f178d16f94df7de98d1316f563f14a2bedd5.tar.gz |
Treat all file: URIs as having a unique origin.
This prevents cross-file access from files loaded into the browser from
the local file system, further restricting the origin policy of file:
URIs.
Added a pref to control this behavior for local file access if required
for certain applications, since this change might break using the
browser to run applications on the local file system that require
access to local files.
Diffstat (limited to 'modules')
-rw-r--r-- | modules/libpref/init/all.js | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/modules/libpref/init/all.js b/modules/libpref/init/all.js index 38c3ced917..b31ae8e331 100644 --- a/modules/libpref/init/all.js +++ b/modules/libpref/init/all.js @@ -1331,6 +1331,9 @@ pref("image.animation_mode", "normal"); // Same-origin policy for file URIs, "false" is traditional pref("security.fileuri.strict_origin_policy", true); +// Treat all file URIs as having a unique origin. +pref("security.fileuri.unique_origin", true); + // If this pref is true, prefs in the logging.config branch will be cleared on // startup. This is done so that setting a log-file and log-modules at runtime // doesn't persist across restarts leading to huge logfile and low disk space. |