為了改善您的使用體驗,本網站正在進行維護,部分功能暫時無法使用。若本站的文件無法解決您的問題,想要向社群發問的話,請到 Twitter 上的 @FirefoxSupport 或 Reddit 上的 /r/firefox 發問,我們的社群成員將很快會回覆您的疑問。

搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多

Why does user_pref("capability.policy.default.Location.href", "allAccess"); no longer work in FireFox 4? How can I re-enable this feature?

  • 4 回覆
  • 15 有這個問題
  • 1 次檢視
  • 最近回覆由 Natorator

more options

On upgrading to FireFox 4 from 3.6.15, I noticed that my capability.policy.default items in the prefs.js file were no longer working (the custom site that I run locally needs access to this attribute, amongst others) - how can I go about returning this feature back on?

Example CAPS entry: user_pref("capability.policy.default.Location.href", "allAccess");

I've had to downgrade again to 3.6.15 until I can get this to work.

Tested on Windows XP (SP3), and using existing/new profiles in FF 4.0 and using prefs.js and user.js - nothing can get the Javascript code to read the location.href and getting an error generated in the error console. Also tested on Mac OS X 10.6.7 with FF 4.0 - still no luck getting capability.policies to work.

Please help...

On upgrading to FireFox 4 from 3.6.15, I noticed that my capability.policy.default items in the prefs.js file were no longer working (the custom site that I run locally needs access to this attribute, amongst others) - how can I go about returning this feature back on? Example CAPS entry: user_pref("capability.policy.default.Location.href", "allAccess"); I've had to downgrade again to 3.6.15 until I can get this to work. Tested on Windows XP (SP3), and using existing/new profiles in FF 4.0 and using prefs.js and user.js - nothing can get the Javascript code to read the location.href and getting an error generated in the error console. Also tested on Mac OS X 10.6.7 with FF 4.0 - still no luck getting capability.policies to work. Please help...

由 damager 於 修改

所有回覆 (4)

more options

Anyone, really? This would be a bug if you ask me and it doesn't work on two different operating systems. Does anyone have a way of disabling the Same Origin Policy, temporarily, for FF4 whilst this gets looked at/fixed?

On Google Chrome, --disable-web-security would be the equivalent.

more options

New information: On FireFox 3.6 if I remove the following line from prefs.js: user_pref("capability.policy.default.Location.href", "allAccess");

I get the following error:

Error: Permission denied for <http://<Redacted>> to get property Location.href Source File: http://<Redacted>/ Line: 1769 </p>

I get a slightly different error under FF4.0 - is there a different syntax now, as it is no longer showing "Location.href", but just "href" (and yes, I've tried removing Location. from the user_pref)...

Error: Permission denied to access property 'href' Source File: http://<Redacted</ Line: 1769 </p>

由 damager 於 修改

more options

New information:

Also happens on Windows Vista (upgrading from FF 3.5 directly to 4.0) and Windows 7 (from FF 3.6 to 4.0).

more options

I've been beating my head against this problem for a few hours, and I finally solved it. I'd been trying to set a capability policy using the "magic" default policy, and nothing would work - I could disable properties and functions of the Window object, but not the Location object.

It turns out that if I set a custom policy name, and named the specific sites I wanted the policy to apply to, it works! The only hitch is that you'll have to build a whitelist of sites that are allowed to have this kind of access, instead of allowing any site to access it by default. I think this is prudent security policy, in order to prevent XSS attacks.

So, for your case, instead of this: user_pref("capability.policy.default.Location.href", "allAccess");

use this instead: user_pref("capability.policy.policynames", "hrefaccess"); user_pref("capability.policy.hrefaccess.sites", "http://example.com http://www.example.com"); user_pref("capability.policy.hrefaccess.Location.href", "allAccess");

I haven't tested this code, but a similar implementation for my problem did the trick. I hope this helps!