Case of the NS_ERROR_DOM_SECURITY_ERR

Working on a bookmarklet, I ran across “security errors” in Firefox and Opera (may happen in others, I didn’t check). In Firefox the code threw “Security error (NS_ERROR_DOM_SECURITY_ERR)” and in Opera it was something similarly vague.

The culprit code was trying to access the cssRules property of a style sheet from a different domain (my CSS is on a subdomain). It appears browsers apply the same origin policy to the DOM CSSStyleSheet interface. Effectively, you can access the href property of a different domain styleSheet object, but not its cssRules. In Firebug, the cssRules property will be null, but attempting to even read it in user script causes the exception.

If your script is throwing NS_ERROR_DOM_SECURITY_ERR, check for code trying to access objects on a different domain.

5 thoughts on “Case of the NS_ERROR_DOM_SECURITY_ERR

  1. yuvraj oak says:

    thank you. i was hosting images and css from images.mydomain.com. My site wasn’t working in FF & opera. After reading your post I transfered my css files to mydomain.com instread of images.mydomain.com and problem solved.

  2. says:

    I am using menus and social networking ‘‘ thing that was failing in Firefox. I copied the social network link code to the local web server, modified the code to load its stylesheet locally instead of from the other domain, and it worked in Firefox. Thanks!

  3. OsamaBinLogin says:

    AH! This was the answer. And our shop recently took images and css and put them on a ‘static’ domain. So I’m kindof SOL.

    But now I know WHY at least.

    Thanks!!

  4. says:

    I found out we were writting the stylesheer URL with the port 80 included but the page was coming from the same location without the port 80. Although these are from the same URL it looks like firefox considers these different URL’s!

Leave a Reply