Workaround for href="file://///..." in Firefox

On an intranet site, let's say I want to link to a file on a share using UNC, at:

\\servername\foldername\filename.rtf

It seems the correct way to do this is with markup like this:

<a href="file://///servername/foldername/filename.rtf">filename.rtf</a>

That's five slashes - two for the protocol, one to indicate the root of the file system, then two more to indicate the start of the server name.

This works fine in IE7, but in Firefox 3.6 it will only work if the html is from a local file. I can't get it to work when the file comes from a web server. The link is "dead" - clicking on it does nothing.

Is there a workaround for this in Firefox? Those two browsers should be all I need to worry about for now.

Since this is obviously a feature of Firefox, not a bug, can someone explain what the benefit is to preventing this type of link?


Solution 1:

This question has been asked at least twice before, but I was unable to find those posts before posting my own (sorry):

Open a direct file on the hard drive from firefox (file:///)

Firefox Links to local or network pages do not work

Here is a summary of answers from all three posts:

  • Use WebDAV — this is the best solution for me, although much more involved than I had anticipated.
  • Use http:// instead of file:///// — this will serve up a copy of the document that the user cannot edit and save.
  • Edit user.js on the client as described here — this worked for me in Firefox 3.6.15, but without access to client machines, it's not a solution.
  • In Firefox, use about:config, change the Security.fileuri.strict_origin_policy setting to false — this doesn't work for me in 3.6.15. Other users on [SO] have also reported that it doesn't work.
  • Use the locallinks Firefox extension — this sets the Security.fileuri.strict_origin_policy to true for you, and appears to have no other effect.
  • Read the file server-side and send it as the response — this presents the same problem as simply configuring your web server to use http://.

Solution 2:

Browsers like Firefox refuse to open the file:// link when the parent HTML page itself is served using a different protocol like http://.

Your best bet is to configure your webserver to provide the network mapped file as a web resource so that it can be accessed by http:// from the same server instead of by file://.

Since it's unclear which webserver you're using, I can't go in detail as to how to achieve this.

Solution 3:

In Firefox to Open File:\\\\\yourFileServer\docs\doc.txt for example you need to turn on some options in Firefox configuration:

user_pref("capability.policy.policynames", "localfilelinks");
user_pref("capability.policy.localfilelinks.sites", "http://yourServer1.companyname.com http://yourServer2.companyname.com");
user_pref("capability.policy.localfilelinks.checkloaduri.enabled", "allAccess");

Solution 4:

As it turns out, I was unaware that Firefox had this limitation/feature. I can sympathize with the feature, as it prevents a user from unwittingly accessing the local file system. Fortunately, there are useful alternatives that can provide a similar user experience while sticking to the HTTP protocol.

One alternative to accessing content via UNC paths is to publish your content using the WebDAV protocol. Some content managements systems, such as MS SharePoint, use WebDAV to provide access to documents and pages. As far as the end-user experience is concerned, it looks and feels just like accessing network files with a UNC path; however, all file interactions are performed over HTTP.

It might require a modest change in your file access philosophy, so I suggest you read about the WebDAV protocol, configuration, and permission management as it relates to your specific server technology.

Here are a few links that may be helpful if you are interested in learning more about configuring and using WebDAV on a few leading HTTP servers:

  • Apache Module mod_dav
  • IIS 7.0 WebDAV Extension
  • Configuring WebDAV Server in IIS 7, 6, 5