Closed
Bug 1436128
Opened 6 years ago
Closed 5 years ago
security.fileuri.strict_origin_policy seems to break quotamanager
Categories
(Core :: Storage: Quota Manager, defect, P2)
Core
Storage: Quota Manager
Tracking
()
RESOLVED
FIXED
People
(Reporter: overholt, Unassigned)
References
(Blocks 1 open bug)
Details
Jeff (CCd) had security.fileuri.strict_origin_policy set to false (it seems there is some internet advice around this) and at startup got errors related to quotamanager not liking file+++UNIVERSAL_FILE_URI_ORIGIN. Is this a quotamanager issue or a CAPS issue?
Reporter | ||
Comment 1•6 years ago
|
||
baku, seems you may have had something to do with this in bug 1347817.
Flags: needinfo?(amarchesini)
Comment 2•6 years ago
|
||
I think QM probably needs to handle this.
Reporter | ||
Updated•6 years ago
|
Component: Security: CAPS → DOM: Quota Manager
Updated•6 years ago
|
Priority: -- → P2
Comment 4•6 years ago
|
||
I have a patch for this: https://bugzilla.mozilla.org/attachment.cgi?id=8946613&action=edit
Comment 5•6 years ago
|
||
security.fileuri.strict_origin_policy set to false means your entire disk is the same origin, as it was originally. This was an escape valve added when we tightened the policy to "same and sub directories" in case we broke some people's workflows, but it's not a safe setting. If you open a local file with malicious scripts it can now read any sensitive data on your drive. [In comparison Chrome and Safari one-upped us and make every file: uri a unique origin, which solves some additional security risks our version still has.]
Comment 7•5 years ago
|
||
Fixed by bug 1286798.
Updated•5 years ago
|
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•