Closed Bug 666244 Opened 13 years ago Closed 13 years ago

WebGL cross-site restriction seems incorrectly strict for file:// urls

Categories

(Core :: Graphics: CanvasWebGL, defect)

Product:
Core
Component:
Graphics: CanvasWebGL
Platform:
x86
Windows 7
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 444641

People

(Reporter: joolsa, Unassigned)

Details

User-Agent:       Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0
Build Identifier: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0

For file:// urls by default even textures in the same directory as the loaded html page cannot be loaded by WebGL due to the cross site restictions. This seems incorrectly strict to me, and contradicts the documentation. http://kb.mozillazine.org/Security.fileuri.strict_origin_policy 

(Benoit - thanks for your comment on http://hacks.mozilla.org/2011/06/cross-domain-webgl-textures-disabled-in-firefox-5/. I'm not able to verify if the non-WebGL cross site rules are this strict in Firefox as I'm a 3D, not web developer. This is new to me!)

Reproducible: Always

Steps to Reproduce:
1) Place WebGL page which renders a model with a texture on a local drive. The html, model and texture should all be in the same directory. 
2) Load the page using a file:// link.
3) The page will not render, with an exception being shown in the console
4) Serving the same page over http:// will render correctly

Actual Results:  
Page does not render when accessed via file://

Expected Results:  
Page should render when accessed via file://
I only used nsIPrincipal::subsumes, see the patch here:
https://bug656277.bugzilla.mozilla.org/attachment.cgi?id=534028

I don't really know exactly what the rules are for file:// uris but I thought that my patch would do what's needed.

Boris, can you tell if we have a bug here?
This is basically a duplicate of bug 444641, no?
Could be the same underlying problem, since the test we're doing here is the same that Canvas2D uses in DoDrawImageSecurityCheck. Can you handle this? I.e. dupe/rename/CC bugs as needed.
Sure.
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.