var req = new XMLHttpRequest()
req.open("GET","http://host:port/";)
but of course I get Permission denied to call method XMLHttpRequest.open
I have added the following to user.js and see them being merged with prefs.js etc.
user_pref("capability.policy.mycomputer.sites", "file:");user_pref("capability.policy.mycomputer.XMLHttpRequest.responseXML", "allAccess");
user_pref("capability.policy.mycomputer.XMLHttpRequest.responseText", "allAccess");
user_pref("capability.policy.mycomputer.XMLHttpRequest.status", "allAccess");
user_pref("capability.policy.mycomputer.XMLHttpRequest.statusText", "allAccess");
user_pref("capability.policy.mycomputer.XMLHttpRequest.abort", "allAccess");
user_pref("capability.policy.mycomputer.XMLHttpRequest.getAllResponseHeaders", "allAccess");
user_pref("capability.policy.mycomputer.XMLHttpRequest.getResponseHeader", "allAccess");
user_pref("capability.policy.mycomputer.XMLHttpRequest.open", "allAccess");
user_pref("capability.policy.mycomputer.XMLHttpRequest.send", "allAccess");
user_pref("capability.policy.mycomputer.XMLHttpRequest.setRequestHeader", "allAccess");
user_pref("capability.policy.mycomputer.XMLHttpRequest.readyState", "allAccess");
user_pref("capability.policy.mycomputer.XMLHttpRequest.overrideMimeType", "allAccess");
user_pref("capability.policy.mycomputer.XMLHttpRequest.onload", "allAccess");
user_pref("capability.policy.mycomputer.XMLHttpRequest.onerror", "allAccess");
user_pref("capability.policy.mycomputer.XMLHttpRequest.onreadystatechange", "allAccess");
user_pref("capability.policy.mycomputer.XMLSerializer.serializeToString", "allAccess");
user_pref("capability.policy.mycomputer.XMLSerializer.serializeToStream", "allAccess");
user_pref("capability.policy.mycomputer.DOMParser,parseFromString", "allAccess");
user_pref("capability.policy.mycomputer.DOMParser,parseFromStream", "allAccess");
user_pref("capability.policy.mycomputer.SOAPCall.transportURI", "allAccess");
user_pref("capability.policy.mycomputer.SOAPCall.verifySourceHeader", "allAccess");
user_pref("capability.policy.mycomputer.SOAPCall.invoke", "allAccess");
user_pref("capability.policy.mycomputer.SOAPCall.asyncInvoke", "allAccess");
user_pref("capability.policy.mycomputer.SOAPResponse.fault", "allAccess");
user_pref("capability.policy.mycomputer.SOAPEncoding.styleURI", "allAccess");
user_pref("capability.policy.mycomputer.SOAPEncoding.getAssociatedEncoding", "allAccess");
user_pref("capability.policy.mycomputer.SOAPEncoding.setEncoder", "allAccess");
user_pref("capability.policy.mycomputer.SOAPEncoding.getEncoder", "allAccess");
user_pref("capability.policy.mycomputer.SOAPEncoding.setDecoder", "allAccess");
user_pref("capability.policy.mycomputer.SOAPEncoding.setDecoder", "allAccess");
user_pref("capability.policy.mycomputer.SOAPEncoding.getDecoder", "allAccess");
user_pref("capability.policy.mycomputer.SOAPEncoding.defaultEncoder", "allAccess");
user_pref("capability.policy.mycomputer.SOAPEncoding.defaultDecoder", "allAccess");
user_pref("capability.policy.mycomputer.SOAPEncoding.schemaCollection", "allAccess");
user_pref("capability.policy.mycomputer.SOAPEncoding.encode", "allAccess");
user_pref("capability.policy.mycomputer.SOAPEncoding.decode", "allAccess");
user_pref("capability.policy.mycomputer.SOAPEncoding.mapSchemaURI", "allAccess");
user_pref("capability.policy.mycomputer.SOAPEncoding.unmapSchemaURI", "allAccess");
user_pref("capability.policy.mycomputer.SOAPEncoding.getInternalSchemaURI", "allAccess");
user_pref("capability.policy.mycomputer.SOAPEncoding.getExternalSchemaURI", "allAccess");
user_pref("capability.policy.mycomputer.SOAPFault.element", "allAccess");
user_pref("capability.policy.mycomputer.SOAPFault.faultNamespaceURI", "allAccess");
user_pref("capability.policy.mycomputer.SOAPFault.faultCode", "allAccess");
user_pref("capability.policy.mycomputer.SOAPFault.faultString", "allAccess");
user_pref("capability.policy.mycomputer.SOAPFault.faultActor", "allAccess");
user_pref("capability.policy.mycomputer.SOAPFault.detail", "allAccess");
user_pref("capability.policy.mycomputer.SOAPHeaderBlock.actorURI", "allAccess");
user_pref("capability.policy.mycomputer.SOAPHeaderBlock.mustUnderstand", "allAccess");
user_pref("capability.policy.mycomputer.SOAPParameter", "allAccess");
user_pref("capability.policy.mycomputer.SOAPPropertyBagMutator.propertyBag", "allAccess");
user_pref("capability.policy.mycomputer.SOAPPropertyBagMutator.addProperty", "allAccess");
user_pref("capability.policy.mycomputer.SchemaLoader.load", "allAccess");
user_pref("capability.policy.mycomputer.SchemaLoader.loadAsync", "allAccess");
user_pref("capability.policy.mycomputer.SchemaLoader.processSchemaElement", "allAccess");
user_pref("capability.policy.mycomputer.SchemaLoader.onLoad", "allAccess");
user_pref("capability.policy.mycomputer.SchemaLoader.onError", "allAccess");
user_pref("capability.policy.mycomputer.WSDLLoader.load", "allAccess");
user_pref("capability.policy.mycomputer.WSDLLoader.loadAsync", "allAccess");
user_pref("capability.policy.mycomputer.WSDLLoader.onLoad", "allAccess");
user_pref("capability.policy.mycomputer.WSDLLoader.onError", "allAccess");
user_pref("capability.policy.mycomputer.WebServiceProxyFactory.createProxy", "allAccess");
user_pref("capability.policy.mycomputer.WebServiceProxyFactory.createProxyAsync", "allAccess");
user_pref("capability.policy.mycomputer.WebServiceProxyFactory.onLoad", "allAccess");
user_pref("capability.policy.mycomputer.WebServiceProxyFactory.onError", "allAccess");
The code works if I request "UniversalBrowserRead", however, it only works on the current stack frame and any calls made from there and has to be re-requested every time. The resulting XMLDocument loaded from the http:// url is also non-accessible unless "UnversalBrowserRead" is requested and granted before access.
I thought the capability policy would solve that. What am I missing here ? Also, is there any way to find out which capability.policy name is currently in effect based on the loaded document.location.href ?
-michal _______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
