I have created a browser extension that allows to navigate through local images using arrow keys. To do that, it fetches the directory index and adds images, which are next to the currently opened one, to the DOM. E.g. when you open file:///path/to/image.png
in Firefox, the content script of the addon fetches file:///path/to
and parses the filenames from the returned directory index.
Unfortunately, this only works when security.fileuri.strict_origin_policy
is set to false in about:config. In the default config, fetching local directory index does not work because it’s considered a Cross-Origin Request and throws a NetworkError. Obviously, I am looking for an alternative here that allows me to add other images from the same directory into the DOM but does not rely on disabling a security measure. The option of running a local server that would return the directory index is known to me but I am looking for a solution that requries less setup effort and only runs in the browser.
You can find the extension here: https://github.com/nikolockenvitz/local-image-viewer. I already tried doing the request from a background script. This does not work even when adjusting settings in about:config. Instead, it shows Security Error: Content at moz-extension://... may not load data from file:///
. The same request (fetch("file:///", { mode: "same-origin"}).then(response => response.text()).then(console.log);
) works when doing it from a content script and setting said config to false. I also tried adding "file:///*"
to permissions in manifest - also didn’t work.
Does someone know a workaround? I did not found any except the local server. Also, this discussion suggests there is none.
Shouldn’t it be possible to give extensions the permission to access local files without disabling the aforementioned security measure? I would not mind having to enable file access for an extension in an about page or some group policy. E.g. for links to local files, it seems to be possible to allow it using group policies.
Is this the right place to ask for such a feature or where would be the right place to reach out?