问题描述

Firefox 68修复了本地文件的安全性问题( https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11730 )，但这样做会中断本地测试代码.有没有办法像Chrome和Opera那样(例如--allow-file-access-from-files)来覆盖它?

Firefox 68 fixes a security problem with local files (https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11730), but in so doing breaks testing code locally. Is there a way to override this as can be done with Chrome and Opera (e.g., --allow-file-access-from-files)?

我在Firefox站点上找不到任何相关内容，也找不到合适的命令行选项或about:config中的任何内容.

I cannot find anything relevant on the Firefox site, and cannot find a suitable command-line option or anything in about:config.

try {
    main = opener.document;
    }
    catch (e) {
    console.log(e);
    console.log(e.name);
    }
}

我在控制台中收到以下消息:

I get the following messages in the console:

DOMException: "Permission denied to access property "document" on cross-origin object"
SecurityError

推荐答案

您可以通过转到about:config网址，然后取消选中privacy.file_unique_origin布尔值来利用此限制.

You can leverage this restriction by going to about:config url and then uncheck privacy.file_unique_origin boolean value.

但是请注意，这仅恢复为< 68 保护模式，该模式只允许进行挖掘，即使此标志向下，您也将无法获取../some_other_dir/foo.bar.

However be aware that this only reverts to < 68 protection mode, which is to only allow digging in, even with this flag down you won't be able to fetch ../some_other_dir/foo.bar.

这篇关于Firefox 68:本地文件现已视为跨域；有没有一种方法可以覆盖?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！