Opening links to local files file://

I’m developing Group Speed Dial using web-extension API and I’m getting feature requests to support file:// protocol.
Some people want to access their locally stored .html pages from speed-dial addon.

However there is some security restriction that prevents opening any link pointing to “file:///”.

Is there a way to get over this restriction? Now or in the future - by requesting maybe a new security API for web-extension? If there is no solution yet, can somebody tell me what would be the best way to request this kind of feature?

In Chrome local files just works.

1 Like

AFAIK in Chrome, the user has to set an extra checkbox in the add-on manager, which will only appear if the extension has set host permissions including <all_urls> or file://

There is a function in the .extension or .runtime namespace that should tell you whether you have file system access or not. If that returns false in Firefox, I guess that is your answer, at least for now.

Sorry I was not aware of that, seems like locally loaded addons (during development) has this checkbox automatically checked.

Juraj Masiar, can you please post a sample of the code that fails for you?

There are no errors, Firefox just won’t react on clicking on elements pointing to local files.
For example:

<a id="dial_13" href="file:///C:/Users/Juraj/Desktop/simple.html">Click me</a>

will not open file “simple.html” from my desktop (if I copy the ‘href’ value into addressbar I can view the html file).
I understand the security issue here but I believe the add-ons deserves this functionality.

There is also some article here about accessing files

Unfortunately, it’s not planned for Firefox 57, but may be available later. Even the article you linked to at mentions at the very bottom “Firefox 57 / Not Planned / Access to file:// URLs or reading files without any explicit user input”

1 Like

Hi there,

it’s unfortunate that this isn’t even possible on explicit user input or by requesting permissions.

I’m the author of the LocalLink addon which adds a context submenu to the page context menu so that users can open file:// links contained in web pages. (Some bad content systems do this so that users rely on it.) Note that this requries explicit interactions, I’m not circumventing same-origin policy for “ordinary link clicks”.

In the XUL version of my addon, I use window.loadURI(uri, null, null), openNewTabWith(uri, null, null, event) and openNewWindowWith(uri, null, null) to open those uris irrespective of checkloaduri.

I ported the context menu and such to webextensions now, but browser.tabs.update() and called from a background script are subject to the same-origin restrictions, no loading of file:// uris

requesting "file://*/" permissions in manifest.json does not help either. MDN docu suggests "content_security_policy": "script-src 'self'; object-src 'self'; navigation-to 'filesystem:'" but my Firefox 56 does not know navigation-to, and I don’t think Firefox 57 does.

Entering file:// uris in the address bar directly works, of course. Is there any way to (request a permission to be able to) to do this from a webextension? I.e., based upon user input, update a tab or create a new one that navigates to a given file:// uri?


Has this been fixed?

Actually there is a workaround I didn’t know about back then that fixes this for a specific addon. See this comment for specific instructions:

I have been trying to load a PDF with the documentation provided , the pdf loads up fine but some of the layers they dont load up properly . I’ve tried templates from a few websites . e.g teardrop flags these are showing errors .

any tips ?