Treat all file: URIs as having a unique origin.

modules/libpref/init/all.js

@@ -1335,6 +1335,10 @@ pref("image.animation_mode",                "normal");
 // Same-origin policy for file URIs, "false" is traditional
 pref("security.fileuri.strict_origin_policy", true);
 
+// Treat all file URIs as having a unique origin.
+// Only has an effect if strict origin policy is true.
+pref("security.fileuri.unique_origin", true);
+
 // If this pref is true, prefs in the logging.config branch will be cleared on
 // startup. This is done so that setting a log-file and log-modules at runtime
 // doesn't persist across restarts leading to huge logfile and low disk space.

netwerk/base/nsNetUtil.cpp

@@ -10,6 +10,7 @@
 #include "mozilla/LoadContext.h"
 #include "mozilla/LoadInfo.h"
 #include "mozilla/BasePrincipal.h"
+#include "mozilla/Preferences.h"
 #include "mozilla/Telemetry.h"
 #include "nsNetUtil.h"
 #include "nsNetUtilInlines.h"
@@ -1821,6 +1822,12 @@ NS_RelaxStrictFileOriginPolicy(nsIURI *aTargetURI,
     return false;
   }
 
+  bool uniqueOrigin = true;
+  uniqueOrigin = Preferences::GetBool("security.fileuri.unique_origin");
+  
+  // If treating all files as unique origins, we can skip this because
+  // it should always be refused.
+  if (!uniqueOrigin) {
     //
     // If the file to be loaded is in a subdirectory of the source
     // (or same-dir if source is not a directory) then it will
@@ -1849,6 +1856,7 @@ NS_RelaxStrictFileOriginPolicy(nsIURI *aTargetURI,
     if (NS_SUCCEEDED(rv) && allowed) {
       return true;
     }
+  }
 
   return false;
 }