Firefox 68: local files now treated as cross-origin; is there a way to override?

Firefox 68 fixes a security problem with local files (https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11730), but in so doing breaks testing code locally. Is there a way to override this as can be done with Chrome and Opera (e.g., --allow-file-access-from-files)?

I cannot find anything relevant on the Firefox site, and cannot find a suitable command-line option or anything in about:config.

try {
    main = opener.document;
    }
    catch (e) {
    console.log(e);
    console.log(e.name);
    }
}

I get the following messages in the console:

DOMException: "Permission denied to access property "document" on cross-origin object"
SecurityError

Answers:

Answer

You can leverage this restriction by going to about:config url and then uncheck privacy.file_unique_origin boolean value.

However be aware that this only reverts to < 68 protection mode, which is to only allow digging in, even with this flag down you won't be able to fetch ../some_other_dir/foo.bar.

Tags

Recent Questions

Top Questions

Home Tags Terms of Service Privacy Policy DMCA Contact Us

©2020 All rights reserved.