Closed Bug 356293 Opened 19 years ago Closed 19 years ago

Configurated policies are ignored

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: niels.froehling, Unassigned)

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; de; rv:1.8.1) Gecko/20061003 Firefox/2.0 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; de; rv:1.8.1) Gecko/20061003 Firefox/2.0 Putting these lines into the BonEcho-config, does _NOT_ enable xSite-XMLHttpRequest anymore: user_pref("capability.policy.default.XMLHttpRequest.channel", "allAccess"); user_pref("capability.policy.default.XMLHttpRequest.open", "allAccess"); user_pref("capability.policy.default.XMLHttpRequest.responseText", "allAccess"); user_pref("capability.policy.default.XMLHttpRequest.responseXML", "allAccess"); user_pref("capability.policy.default.XMLHttpRequest.send", "allAccess"); user_pref("capability.policy.default.checkloaduri.enabled", "allAccess"); user_pref("security.checkloaduri", false); Reproducible: Always Steps to Reproduce: 1. modify the policy to enable xSite XMLHttpRequest 2. do an XMLHttpRequest to another site 3. receive an exception an live (un-)happily Actual Results: Exception: uncaught exception: Sicherheitsfehler: Inhalt auf http://bill/P/P26-Premper/P26-08-Catalogue/P26-08-test/admin/content/index.php?section=nwsL&task=linkE&id=2771 darf keine Daten von http://www.google.com/ laden. This actually is a HEAD-request, not GET and not POST! Expected Results: No exception, working xSite-XMLHttpRequest
You have put those prefs in user.js? BTW: Putting such security prefs in "capability.policy.default" can be somewhat dangerous; I'm not sure here, but normally you should only make such prefs apply to specific sites like described on http://kb.mozillazine.org/Links_to_local_pages_don%27t_work.
Hy; as long as there is no (graphical) policy-manager, I'm not going to manage that by hand. I tried to program a policy-manager extension, but I'm to busy to make it seriously. Also the policy-system seems to be seen with flaw by the firefox developers, they want to create a different sort of trust-system. So as since the birth of the gecko-system this is a mess to maintain. That's why I put it all open, unconditionally.
Fixed in final 2.0 (complain was about 2.0rc2)
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.