X
Nhấn vào đây để đến phiên bản di động của trang web.

Diễn đàn trợ giúp

Firefox local development "CORS request not http"

Được đăng

As of update to v68 I get errors like these: Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at file:///D:/website/fonts/fontawesome-webfont.woff?v=4.2.0. (Reason: CORS request not http).

What the heck is this? Why did silly mozila messed up the development of local files? How can I bypass that WITHOUT ALTERING my code? It broke fontawesome functionality! Very stupid!

As of update to v68 I get errors like these: Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at file:///D:/website/fonts/fontawesome-webfont.woff?v=4.2.0. (Reason: CORS request not http). What the heck is this? Why did silly mozila messed up the development of local files? How can I bypass that WITHOUT ALTERING my code? It broke fontawesome functionality! Very stupid!

Giải pháp được chọn

hi, perhaps due to this security fix: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11730

try to change privacy_file_unique_origin to false in about:config, restart firefox and see if this can make a difference (please note that this makes you vulnerable to the described security problem though).

Đọc câu trả lời này trong ngữ cảnh 1
Trích dẫn

Chi tiết hệ thống bổ sung

Phần bổ trợ đã cài đặt

  • Shockwave Flash 28.0 r0

Ứng dụng

  • Chuỗi đại diện người dùng: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0

Thông tin chi tiết

philipp
  • Top 25 Contributor
  • Moderator
5282 giải pháp 23337 câu trả lời
Được đăng

Giải pháp được chọn

hi, perhaps due to this security fix: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11730

try to change privacy_file_unique_origin to false in about:config, restart firefox and see if this can make a difference (please note that this makes you vulnerable to the described security problem though).

hi, perhaps due to this security fix: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11730 try to change ''privacy_file_unique_origin'' to false in about:config, restart firefox and see if this can make a difference (please note that this makes you vulnerable to the described security problem though).
Bài viết này có hữu ích với bạn không? 1
Trích dẫn

Người tạo câu hỏi

philipp said

hi, perhaps due to this security fix: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11730 try to change privacy_file_unique_origin to false in about:config, restart firefox and see if this can make a difference (please note that this makes you vulnerable to the described security problem though).

You are a star! Everything now is back to normal. This is pretty stupid on mozilla's part!

''philipp [[#answer-1236131|said]]'' <blockquote> hi, perhaps due to this security fix: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11730 try to change ''privacy_file_unique_origin'' to false in about:config, restart firefox and see if this can make a difference (please note that this makes you vulnerable to the described security problem though). </blockquote> You are a star! Everything now is back to normal. This is pretty stupid on mozilla's part!
Bài viết này có hữu ích với bạn không? 0
Trích dẫn
mcdow 0 giải pháp 4 câu trả lời
Được đăng

The proposed solution is not ideal in that it requires local HTML files that use local fonts to change their default about:config settings. It would be better if FireFox allowed fonts such as: font-awesome to load without going through CORS. Here is the warning: The Same Origin Policy disallows reading the remote resource at file:///.../font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0. (Reason: CORS request not http).

The proposed solution is not ideal in that it requires local HTML files that use local fonts to change their default about:config settings. It would be better if FireFox allowed fonts such as: font-awesome to load without going through CORS. Here is the warning: The Same Origin Policy disallows reading the remote resource at file:///.../font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0. (Reason: CORS request not http).
Bài viết này có hữu ích với bạn không?
Trích dẫn
jscher2000
  • Top 10 Contributor
8587 giải pháp 70244 câu trả lời
Được đăng

Hi mcdow, the security patch redefined the "origin" of a document with a file:// URL, which is why the console now reports cross-origin blocks on some retrievals. If you decide to reverse that, please make sure to open untrusted pages from their own folders (for example, create Download\untrusted) to limit access to potentially valuable files.

Hi mcdow, the security patch redefined the "origin" of a document with a file:// URL, which is why the console now reports cross-origin blocks on some retrievals. If you decide to reverse that, please make sure to open untrusted pages from their own folders (for example, create Download\untrusted) to limit access to potentially valuable files.
Bài viết này có hữu ích với bạn không?
Trích dẫn
mcdow 0 giải pháp 4 câu trả lời
Được đăng

Hi jscher,

Understood, but redefining all local file resources to have a unique origin breaks Mozilla's previous standard:

https://developer.mozilla.org/en-US/docs/Archive/Misc_top_level/Same-origin_policy_for_file:_URIs

This seems severe as the other browser vendors are NOT doing that with their origin definitions. This also makes using browsers for local help very limited. I hope Mozilla will reconsider.

Hi jscher, Understood, but redefining all local file resources to have a unique origin breaks Mozilla's previous standard: https://developer.mozilla.org/en-US/docs/Archive/Misc_top_level/Same-origin_policy_for_file:_URIs This seems severe as the other browser vendors are NOT doing that with their origin definitions. This also makes using browsers for local help very limited. I hope Mozilla will reconsider.
Bài viết này có hữu ích với bạn không?
Trích dẫn
jscher2000
  • Top 10 Contributor
8587 giải pháp 70244 câu trả lời
Được đăng

Hi mcdow, is there a page documenting how it works in other browsers?

Help systems that were taking advantage of the broader functionality in Firefox will need to change. For example, treating Firefox as having the more limited capabilities that have been available in Chrome: https://discourse.mozilla.org/t/firefox-68-local-files-now-treated-as-cross-origin-1558299/42493

Hi mcdow, is there a page documenting how it works in other browsers? Help systems that were taking advantage of the broader functionality in Firefox will need to change. For example, treating Firefox as having the more limited capabilities that have been available in Chrome: https://discourse.mozilla.org/t/firefox-68-local-files-now-treated-as-cross-origin-1558299/42493
Bài viết này có hữu ích với bạn không?
Trích dẫn
mcdow 0 giải pháp 4 câu trả lời
Được đăng

Hi jscher2000,

The link I posted describes how it works on other browsers. For 'file:' resources, origin should be the same for files in the same or child directories as defined in the statement here.

https://developer.mozilla.org/en-US/docs/Archive/Misc_top_level/Same-origin_policy_for_file:_URIs

Currently, in v68 this breaks many (1000s if not more) users accessing local help content using FireFox. User's can switch to another browser and the local resources will work. Is there a place where I can upload an example? Thank you.

Hi jscher2000, The link I posted describes how it works on other browsers. For 'file:' resources, origin should be the same for files in the same or child directories as defined in the statement here. https://developer.mozilla.org/en-US/docs/Archive/Misc_top_level/Same-origin_policy_for_file:_URIs Currently, in v68 this breaks many (1000s if not more) users accessing local help content using FireFox. User's can switch to another browser and the local resources will work. Is there a place where I can upload an example? Thank you.
Bài viết này có hữu ích với bạn không?
Trích dẫn
jscher2000
  • Top 10 Contributor
8587 giải pháp 70244 câu trả lời
Được đăng

mcdow said

Currently, in v68 this breaks many (1000s if not more) users accessing local help content using FireFox. User's can switch to another browser and the local resources will work. Is there a place where I can upload an example?

If copyright permits, sure, or perhaps there is a sample online that could be downloaded for testing.

By the way, I did file a bug yesterday proposing an exception for .woff and .woff2 font files. Waiting to see whether that is considered feasible.

''mcdow [[#answer-1237587|said]]'' <blockquote>Currently, in v68 this breaks many (1000s if not more) users accessing local help content using FireFox. User's can switch to another browser and the local resources will work. Is there a place where I can upload an example?</blockquote> If copyright permits, sure, or perhaps there is a sample online that could be downloaded for testing. By the way, I did file a bug yesterday proposing an exception for .woff and .woff2 font files. Waiting to see whether that is considered feasible.
Bài viết này có hữu ích với bạn không?
Trích dẫn
mcdow 0 giải pháp 4 câu trả lời
Được đăng

Hi jscher2000,

>By the way, I did file a bug yesterday proposing an exception for .woff and .woff2 font files.

Thank you, this would help. I would add .ttf font files as well.

Hi jscher2000, >By the way, I did file a bug yesterday proposing an exception for .woff and .woff2 font files. Thank you, this would help. I would add .ttf font files as well.
Bài viết này có hữu ích với bạn không?
Trích dẫn
Arne 0 giải pháp 1 câu trả lời
Được đăng

I have this problem too. It wouldn't be so bad if FF would let me keep using v. 67.x until the problem was fixed, but the new (broken) version 68.0 is automatically installed, even though my settings says to ask me for confirmation first :(

I have this problem too. It wouldn't be so bad if FF would let me keep using v. 67.x until the problem was fixed, but the new (broken) version 68.0 is automatically installed, even though my settings says to ask me for confirmation first :(
Bài viết này có hữu ích với bạn không?
Trích dẫn
jscher2000
  • Top 10 Contributor
8587 giải pháp 70244 câu trả lời
Được đăng

Câu trả lời hữu ích

Hi Arne, Firefox 68 contains a security patch which restricts the kinds of files that pages can load (and methods of loading) when you open them from a file:// URL. This change was made to prevent exfiltration of valuable data within reach of a local page, as demonstrated in an available exploit. More info:

There is a bug on file proposing that fonts be an exception, but it will take time to implement. For now, you can roll back the patch as follows:

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful or accepting the risk.

(2) In the search box above the list, type or paste uniq and pause while the list is filtered

(3) Double-click the privacy.file_unique_origin preference to switch the value from true to false

To mitigate the vulnerability: If you save pages from untrusted sites in a separate folder, e.g., Downloads\Untrusted, then it would be difficult for an attacker to find any valuable content using local file links.

Hi Arne, Firefox 68 contains a security patch which restricts the kinds of files that pages can load (and methods of loading) when you open them '''from a file:// URL'''. This change was made to prevent exfiltration of valuable data within reach of a local page, as demonstrated in an available exploit. More info: * https://developer.mozilla.org/docs/Web/HTTP/CORS/Errors/CORSRequestNotHttp * https://www.mozilla.org/security/advisories/mfsa2019-21/#CVE-2019-11730 There is a bug on file proposing that fonts be an exception, but it will take time to implement. For now, you can roll back the patch as follows: (1) In a new tab, type or paste '''about:config''' in the address bar and press Enter/Return. Click the button promising to be careful or accepting the risk. (2) In the search box above the list, type or paste '''uniq''' and pause while the list is filtered (3) Double-click the '''privacy.file_unique_origin''' preference to switch the value from true to false To mitigate the vulnerability: If you save pages from untrusted sites in a separate folder, e.g., Downloads\Untrusted, then it would be difficult for an attacker to find any valuable content using local file links.
Bài viết này có hữu ích với bạn không? 1
Trích dẫn
Đặt một câu hỏi

Bạn phải đăng nhập vào tài khoản của bạn để trả lời bài viết. Vui lòng bắt đầu một câu hỏi mới, nếu bạn chưa có tài khoản.