Bug 16048 - Not allowed to load local resource
Summary: Not allowed to load local resource
Status: RESOLVED WONTFIX
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit Misc. (show other bugs)
Version: 528+ (Nightly build)
Hardware: Mac OS X 10.4
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-11-19 07:12 PST by Ralf Zeigermann
Modified: 2009-01-04 19:51 PST (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Ralf Zeigermann 2007-11-19 07:12:51 PST
WebKit r27895
Safari 3.0.4
Mac OS X 10.4.11

I am using Radio UserLand for maintaining my weblog. Radio is a desktop-based application that stores all files locally and streams them to the server after an entry has been published. When I start Radio, it open up the interface, my "desktop homepage" in a dedicated browser, im my case Safari. This interface relies on certain gif files and spacers etc., which are all stored on my hard drive in the Radio UserLand applications folder.

Since updating to 10.4.11 and Safari 3.0.4 Radio won't load these files anymore. The same thing happens with the latest Firefox update, also with an old Opera version, but funnily enough Mozilla still shows the page correct. Also, when using Safari 2.0.4 everything is fine again. Looking through the logs, I can see the following error message: "Not allowed to load local resource". Firefox comes up with the following: "Security Error: Content at http://127.0.0.1:5335/ may not load or link to file:///Applications/Radio%20UserLand/www/system/images/weblogDefault/header3.gif."

Because a picture says more than a thousand words, I've uploaded a comparative screenshot (Safari 204 vs. 304) here:

http://www.ralfz.dsl.pipex.com/safari204.jpg

I know there's a security issue with downloading local files from/via websites, but in this case all files reside on my hard drive. Is there a way around it or a fix in sight?

Also, apologies - I am not a programmer, only a user and tried my best through Google and the MacFixit website finding a solution towards this problem, unfortunately to no avail. A search on bugzilla didn't show up anything either, perhaps only #10777 sounds similar (?).
Comment 1 Mark Rowe (bdash) 2007-11-19 07:26:34 PST
The issue here is that a HTTP site (http://127.0.0.1:5335/ in this case) is attempting to access resources that exist on the file-system (beneath file:///Applications/).  This is a potential security issue so such cross-protocol access is denied.  As you mention, recent versions of other major browsers have similar restrictions in place for the same reason.

The solution here is for Radio UserLand to serve up the files it wishes to access from somewhere below http://127.0.0.1:5335/.    I suspect based on the URL structure it may already do so at http://127.0.0.1:5335/system/images/weblogDefault/header3.gif.  I would recommend that you file a bug report with the developers of that application and ask them to make such a change.  Feel free to have them contact me if they need any further information.
Comment 2 Ralf Zeigermann 2007-11-19 08:32:37 PST
Thank you for the quick reply. I'll contact UserLand immediately.

Many thanks,
Ralf
Comment 3 Bernhard Rosenkraenzer 2008-10-09 01:56:35 PDT
There is a problem with the "Not allowed to load local resource" thing though: It also shows up when using _only_ local files.

Short QtWebKit code that demonstrates the problem:

QWebView w;
w.setHtml("<html><head><title>test</title></head><body><img src=\"file:/usr/share/icons/webkit.png\" /></body></html>");
w.show();

refuses to show webkit.png even though only local stuff was involved.
Comment 4 Lars Strojny 2009-01-04 19:50:51 PST
(In reply to comment #3)
> There is a problem with the "Not allowed to load local resource" thing though:
> It also shows up when using _only_ local files.

I can confirm this. Should we open a new bug for it or do we reopen this one?