Closed Bug 1627842 Opened 6 years ago Closed 6 years ago

in local site can't communicate between iframe: NS_ERROR_DOM_PROP_ACCESS_DENIED: Access to property denied

Categories

(Core :: DOM: Security, defect)

Product:
Core
Component:
DOM: Security
Version:
74 Branch
Platform:
Desktop
Unspecified
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX
Tracking Flags:
Tracking Status
firefox75 --- wontfix
firefox76 --- wontfix
firefox77 --- wontfix

People

(Reporter: edecorvet, Unassigned)

References

(Regression)

Details

(Keywords: regression)

Attachments

(2 files)

big.htm
356 bytes, text/html
Details
little.htm
143 bytes, text/html
Details

User Agent: Mozilla/5.0 (Windows NT 6.1; rv:74.0) Gecko/20100101 Firefox/74.0

Steps to reproduce:

I developpe a site web and test it on my local computer.
I communicate between frame on a page with orders like this:
window.frames[0].document.getElementById("entete").innerHTML="Hello";
or
parent.frames[0].document.getElementById("entete").innerHTML="Hello";

Actual results:

NS_ERROR_DOM_PROP_ACCESS_DENIED: Access to property denied

Expected results:

No error, because on my serveur this page run good, and run good too in my local site with older version like 60.0.2.
So why i can test my page without problem with older version, and why with new version there are mistakes on my local site and no problems on my serveur.
It's difficult to develop if i need to send to the serveur to test!

Attached file big.htm

A page with a iframe

Attached file little.htm

The page in the iframe

Take this two files on your computer in the same folder, open "big.htm" and click on the button and the error come...
With firefox 60.0.2 there is no error...

Hi,
I was able to reproduce this issue using the attached cases on latest Nightly, Version 77.0a1 Build ID 20200416094846, Beta Version 76.0b5 Build ID 20200415234430 and Release Version 75.0 Build ID 20200403170909 on Windows 10.

I'll set a Product and a Component for this Core - DOM: Security. Please feel free to change it if there is a better-suited component.

Also, I did manage to do mozregression for this issue and here are the results:
INFO Last good revision: 4d37f42cecafac5c14d3dbc20a9204643b5cc3ea
INFO: First bad version: d0dda220d0d270babd2026b7f88ebd368fef4fa1
INFO: Pushlog: https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=4d37f42cecafac5c14d3dbc20a9204643b5cc3ea&tochange=d0dda220d0d270babd2026b7f88ebd368fef4fa1

Status: UNCONFIRMED → NEW
status-firefox75: --- → affected
status-firefox76: --- → affected
status-firefox77: --- → affected
Component: Untriaged → DOM: Security
Ever confirmed: true
Product: Firefox → Core
Hardware: Unspecified → Desktop

This is an intentional change made in Bug 1558299 to treat local files as separate origins, as is done in all other browsers now. For local testing you will have to run a local web server, which is much easier these days than it used to be (simple servers are built into node, python, and other development environments).

If I've misinterpreted comment 3 (where you talk about "files") and this also happens on a web server for you we'll need a better testcase that exhibits the problem on a web server.

Status: NEW → RESOLVED
Closed: 6 years ago
Regressed by: CVE-2019-11730
Resolution: --- → WONTFIX
Has Regression Range: --- → yes
Keywords: regression

Ok thank you for your answer.
Yes it's the same thing on other browsers.
Well if it's intentional that's there are goods raisons, i don't know exactly why, and i haven't access to the bug https://bugzilla.mozilla.org/show_bug.cgi?id=1558299.
I regret this fact beause i can't have on my desk i single local web page for my personnal use without a local web server, so i keep my old 60.0.2 version for a local use!
I don't think you misinterpreted the comment 3 , these two files (these 2 web pages) run good on a Web Server :-)

You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: