Closed Bug 1514707 Opened 7 years ago Closed 6 years ago

Privileged API access from Scratchpad

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Version:
66 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INCOMPLETE
Tracking Flags:
Tracking Status
firefox66 --- affected

People

(Reporter: anton.kochkov, Unassigned, NeedInfo)

Details

User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 Steps to reproduce: Sending cross-site request from javascript running from Scratchpad Actual results: It blocks the request because of the CORS preflight Expected results: JavaScript running from Scratchpad should allow privileged API, like systemXHR to bypass CORS settings, also to allow read and write to a local files.
I've tried to test this report on Windows 10 using the latest Nightly build. However, I`m unable to do so. Could you provide explicit steps or minimized test case? Thanks. Assigning to Core:DOM. Please change if this is not the right component.
Flags: needinfo?(anton.kochkov)
status-firefox66: --- → affected
Component: Untriaged → DOM
Product: Firefox → Core
Component: DOM → DOM: Core & HTML
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.