2010/04/15
Labels: firefox, builder, strict, origin, policy, security, prompt
Why do I keep getting prompt for "Script from file:// is requesting enhanced abilities that are UNSAFE and could be used to compromise your machine or data."?
GI Builder requires access to the file system, enhanced abilities, to save the files created in a project.
The reason you are repeatly asked even thought you selected the "Remember this decision" checkbox is because there are multiple javascript file that requires enhanced abilities. In Firefox 3, files residing in different folders are consider to be of different origin by the strict origin policy. However the security prompt applies to the entire "file://" URL, which is not accurate. So you get prompted every time you start builder.
Solution
 | For the security minded, you should create a new developer-only Firefox profile and make the following configurations in this new profile. Security minded users should not use your default profile for this. |
First you must have the security.fileuri.strict_origin_policy property disabled by setting it to false. You can do this by going to about:config and add/edit this property.
Next, by selecting "Allow" in the security prompt you create the following settings in the pref.js file
Alternate method
You can also edit Pref.js (or create a User.js, which is the Mozilla recommended way) found under "<user_home>/Application Data/Mozilla/Firefox/Profiles" as shown below.
Add these settings if they do not exist; if these settings exist, edit them as follows:
user_pref("security.fileuri.strict_origin_policy", false); user_pref("capability.principal.codebase.p0.granted", "UniversalXPConnect UniversalBrowserRead"); user_pref("capability.principal.codebase.p0.id", "file://"); user_pref("capability.principal.codebase.p0.subjectName","");
