[webkit-help] same-origin policy on local files

Claus Colloseus ccprog at gmx.de
Thu Aug 12 05:29:20 PDT 2010


I am trying to find out if this behavior is a bug or a feature (seen 
both on Google Chrome 5/Windows and Epiphany 2.30/Debian):

A local xhtml file loads an SVG file (via <object data="...">) from the 
same local folder, and obviously using the file:// protocol. It then 
tries to access the SVG DOM with javascript, but gets blocked with the 
following message:

# Unsafe JavaScript attempt to access frame with URL
# file:///.../cbBase_obj.svg from frame with URL
# file:///.../cbFENPositioner_obj.xhtml. Domains, protocols
# and ports must match.

I can not see why this should be a breach of same-origin policy, or 
where the mismatch is. Is access to local files generally blocked?


More information about the webkit-help mailing list