3.5 Set File URI Origin Policy

Information

This setting determines the restrictions placed on the scripts and links loaded into the browser from local HTML files.

Rationale:

Applying the same origin policy to local files will help mitigate the risk of unauthorized access to sensitive information.

Impact:

None - This is the default behavior.

Solution

To establish the recommended configuration, set security.fileuri.strict_origin_policy to true:

Type about:config in the address bar

Type security.fileuri.strict_origin_policy in the filter

Configure the setting as prescribed.

OR

Open the mozilla.cfg file in the installation directory with a text editor

Add the following lines to mozilla.cfg:

lockPref('security.fileuri.strict_origin_policy', true);

Default Value:

True

See Also

https://workbench.cisecurity.org/files/4299

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b.

Plugin: Unix

Control ID: 2926527346f19fbc7d6ac5828ea259746a53cb34377c6ae7e66842c48148464c