At Mozilla's bugzilla a discussion woke up ( https://bugzilla.mozilla.org/show_bug.cgi?id=424875 ) to make XMLHttpRequest useable for web-applications on the file-protocol without requiring the server to enable CORS. At the end of the current discussion I got the idea of a system-wide configuration file to solve this issue:
It contains permissions it grants to web-applications (for example specific/all permissions on specific files/directories).
Installer invoked by the user can write the required permissions for their web-application to this file. Also the user can enter manually entries if he wants.
A site launched unintentionally on the file-protocol can't do evil things since it wouldn't be listed in this file.
This would help to make web-applications launched on the file-protocol (for example installed by upstream-installers on desktop-PC's) to be more competitive.
quangmanh123
commented
4 years ago
At Mozilla's bugzilla a discussion woke up ( https://bugzilla.mozilla.org/show_bug.cgi?id=424875 ) to make XMLHttpRequest useable for web-applications on the file-protocol without requiring the server to enable CORS. At the end of the current discussion I got the idea of a system-wide configuration file to solve this issue:
This would help to make web-applications launched on the file-protocol (for example installed by upstream-installers on desktop-PC's) to be more competitive.