[webkit-help] same-origin policy on local files
Claus Colloseus
ccprog at gmx.de
Thu Aug 12 05:29:20 PDT 2010
Hi,
I am trying to find out if this behavior is a bug or a feature (seen
both on Google Chrome 5/Windows and Epiphany 2.30/Debian):
A local xhtml file loads an SVG file (via <object data="...">) from the
same local folder, and obviously using the file:// protocol. It then
tries to access the SVG DOM with javascript, but gets blocked with the
following message:
# Unsafe JavaScript attempt to access frame with URL
# file:///.../cbBase_obj.svg from frame with URL
# file:///.../cbFENPositioner_obj.xhtml. Domains, protocols
# and ports must match.
I can not see why this should be a breach of same-origin policy, or
where the mismatch is. Is access to local files generally blocked?
Thanks,
Claus
More information about the webkit-help
mailing list