Security Error when dragging a moz-page-thumb

MartijnJ · September 17, 2015, 3:27pm

I just noticed that when I drag an img element that has a moz-page-thumb URI assigned to its src attribute, I get a Security Error:

Security Error: Content at moz-nullprincipal:{1839c3fb-d543-4b94-81f0-5f986b34148b} may not load or link to moz-page-thumb://thumbnail?url=https%3A%2F%2Fdeveloper.mozilla.org%2Fen-US%2FAdd-ons%2FSDK.

I don’t really know what to think of this or what it means, but I take it that I should avoid this.
Does anybody know more about this, and what exactly I’m doing wrong?

The img element is on a chrome page btw.

noitidart · September 18, 2015, 5:38pm

Interesting man. Is the page your addons page? Where are you trying to drop it? I think the drop operation should have a content-type set to allow dropping on your typical targets, in websites etc. If it doesnt, then its probably a bug.

Like this example is awesome: http://html5demos.com/drag-anything

You can see all the content-types on drop attached to it. Basically you just iterate on drop through this:

 getData(e.dataTransfer.types[i])

So with that example you can selet the second radio button to see all the types on there.

MartijnJ · September 18, 2015, 7:08pm

Yeah, it is a page from my add-on.
The error doesn’t have anything particular to do with my add-on though.
It’s simply the default drag behavior of img elements that generates this error, not my code.

And nothing is malfunctioning or anything.
It’s just that “Security Error” sounds kind of serious.

noitidart · September 18, 2015, 9:33pm

Ooo i see ok let me think we’ll figure this out

MartijnJ · September 18, 2015, 10:07pm

Thanks man, but don’t sweat it if you don’t know.
I think I can prevent the error by setting a custom drag image on the event.dataTransfer or none at all and bind an html element to mouse instead.
I think that is how the NewTab and Panorama pages do it, without generating an error.

So it’s not blocking me from progressing or anything.
Would be sweet to know what the error actually means though.

noitidart · September 19, 2015, 1:58am

I think man what you have to do is:

document.body.addEventListener(‘dragstart’, function() {
// if moz-thumb then add in content-type
}, false);

That should fix it no?

MartijnJ · September 19, 2015, 12:43pm

Nope, thanks though.
I even tried halting the entire dragstart event, and still get the error.

But I took a good look at the NewTab and Panorama pages.
And it turns out that the NewTab page uses the moz-page-thumb URI as a background image on the style attribute, instead of applying it to the src attribute of an img element.
And the Panorama page overlays the img elements with another element that has its opacity set to 0.

So those are two techniques that can be used to work around the error.

noitidart · September 19, 2015, 2:14pm

That’s some awesome learning thanks for sharing!!