Firefox 68: local files now treated as cross-origin; is there a way to override?

Question

Firefox 68 fixes a security problem with local files (https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11730), but in so doing breaks testing code locally. Is there a way to override this as can be done with Chrome and Opera (e.g., --allow-file-access-from-files)?

I cannot find anything relevant on the Firefox site, and cannot find a suitable command-line option or anything in about:config.

try {
    main = opener.document;
    }
    catch (e) {
    console.log(e);
    console.log(e.name);
    }
}

I get the following messages in the console:

DOMException: "Permission denied to access property "document" on cross-origin object"
SecurityError

score 23 · Accepted Answer · answered Jul 12 '19 at 02:43

23

You can leverage this restriction by going to about:config url and then uncheck privacy.file_unique_origin boolean value.

However be aware that this only reverts to < 68 protection mode, which is to only allow digging in, even with this flag down you won't be able to fetch ../some_other_dir/foo.bar.

answered Jul 12 '19 at 02:43

Kaiido

103,356
8
183
231

1

Just tried your solution. It works. And it *does* fetch from ../some_other_dir/foo.bar – plugincontainer Jul 12 '19 at 18:02

score 2 · Answer 2 · answered Mar 30 '22 at 11:34

2

In my case: Firefox ver. 98.0.2 (64-bit) going to about:config and changing the flag helped: security.fileuri.strict_origin_policy = false

answered Mar 30 '22 at 11:34

user3611642

181
1
4

Firefox 68: local files now treated as cross-origin; is there a way to override?

2 Answers2

Linked