Affecting Local files are now each given a different origin

Published: | Categories: Privacy & Security


Firefox 68 has tightened the same-origin policy to prevent locally-saved malicious HTML content from accessing other files in the same directory. This could be an issue if you’re testing your site on your own machine directly through the file:// URL, and having a script in a separate file or embedding an <iframe>, for example.

While a simple, self-contained HTML file may still work, it’s highly recommended to set up a local server if you want to test a site with assets. There are easy-to-use tools like MAMP or XAMPP, and macOS also comes with the Apache server.

Update: This change is affecting various other things as well, including web fonts, workers and XSLT. Bug 1566172 has a list of those cases.