The Same-origin policy for file: URIs artilce at https://developer.mozilla.org/en-US/docs/Archive/Misc_top_level/Same-origin_policy_for_file:_URIs is marked as obsolete.
I have an application that used an iframe within a local HTML page, that loaded another local HTML page, and the two could reference one another’s window; because the iframe file was in a subdirectory of the directory containing the parent document.
That no longer works unless security.fileuri.strict_origin_policy
is set to false.
I can still load other local resources directly into a local HTML page via a relative path. A script in a local HTML file loaded in an iframe will still execute if it is same origin but the same HTML file is treated as of a different origin when attempt to communicate with the parent.
Could you please point to information that explains this further?
Thanks to @jscher2000, this link explains the change relative to what it used to be in the old article. https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11730
Thank you.