localStorage in Firefox extension throws “The operation is insecure.” exception

Question

I am developong Firefox Add-on that uses localStorage to store user data in website context. It access localStorage via injected content scripts using standard methods:

localStorage.getItem(key);
localStorage.setItem(key, value);

The code that calls localStorege is injected to website via PageMod:

pageMod.PageMod({
    contentScriptFile: [
        self.data.url("app.js")
    ]})

When methods getItem/setItem are called, security exception is thrown:

[Exception... "The operation is insecure." code: "18" nsresult: "0x80530012 (SecurityError)" location: ""]

So far I did not find out the reason why this is happening. I have an suspicion that it may have something to do with old FireFox bug, but probability is low: http://meyerweb.com/eric/thoughts/2012/04/25/firefox-failing-localstorage/

Maybe anyone could suggest an idea what could cause a problem?

Additional info:

• We are using Addon SDK 1.16
• Problem occurs since FF 29.0 RC1 (everything works with FF 28)

Answer 1

We also have an extension and are getting the same error with local storage. This is a bug with 29, as @basarat notes this error should only be thrown for CORS issues. We've tested with Aurora and Nightly with no issues either. We're filing a bug with Mozilla.

Answer 2

As previously noted, this is a bug in Firefox 29 and should be resolved in version 30: https://bugzilla.mozilla.org/show_bug.cgi?id=980023

For the time being, you can work around this issue by reassigning the localStorage object used in your content script:

var localStorage = unsafeWindow.localStorage;

Answer 3

The operation is insecure. should only be thrown when you load a JavaScript file cross domain. To enable is operation as secure the domain serving the JS file must enable CORS : http://en.wikipedia.org/wiki/Cross-origin_resource_sharing