On Nov 20, 4:39 pm, Boris Zbarsky <[EMAIL PROTECTED]> wrote: > [EMAIL PROTECTED] wrote: > > On Nov 19, 2:35 pm, Boris Zbarsky <[EMAIL PROTECTED]> wrote: > >> [EMAIL PROTECTED] wrote: > >>> I have been using user_prefs to disable the same origin sandbox during > >>> development. FF V2.0.0.18 and 3.0.4 have broken those settings > >> Which exact aspect of same-origin were you trying to disable? > > >>> Does anyone know if there are additional settings that are now > >>> required > >> Required to do what, exactly? > > >> -Boris > > > I attached the lines in my user.js file to show I was setting > > UniversalBrowserRead and UniversalBrowserWrite. > > Yes. That doesn't answer my question. You want the expanded privileges > because you're trying to do something that's normally prohibited. What > is this something? > > > (P.S. You previously indicated the user_prefs looked OK - at least for > > previous versions.) > > It's OK in general. That code hasn't changed. What might have changed > is whether UniversalBrowserRead and UniversalBrowserWrite are sufficient > for what you want to do. > > -Boris
These have been sufficient in the past to allow cross-domain reads during development prior to plugin development. UniversalBrowserWrite was actually only a convenience for processing some style information and is actually not critical. _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
