What is the "resource://" URL scheme?

Question

I recently encountered a web page containing the following line of markup:

<script src="resource://ember-inspector-at-emberjs-dot-com/ember-inspector/data/in-page-script.js"></script>

Note that the scheme in the URL is 'resource' and that the URL is not for something that can be reached over the Internet.

This is not a URL scheme that I have previously encountered. Despite some searching on the matter, I can't find any information regarding the use of this scheme.

What is the purpose of the 'resource' scheme? If I were a browser, what would I do with this?

Answer 1

The resource: URI scheme is exclusive to Firefox and was registered with Firefox v3.

It's used internally, related to chrome.manifest.

In Firefox enter this in the address bar and navigate to it..

resource:///

You should find a directory structure of your local Firefox user profile.

Background

Mozilla has multiple URI-schemes registered. Of these include resource: and chrome: (the latter, being more commonly familiar)

A Chrome directory is an important part of any Firefox installation. Inside the Chrome directory there are data files, documents, scripts, images, etc.. all of these files comprise the user interface elements and local user data.

But a chrome:// URI is actually just a special case of the lesser known resource:// URI which points to the top of the platform installation area. All paths in the chrome directory must begin with resource: or jar:

Info found in Rapid Application Development with Mozilla written by Nigel McFarlane

Specific use-case.. Emberjs

For the specific case you referred to, you can find more details here: https://github.com/emberjs/ember-inspector/issues/82

---

Issues

We allowed accessibility for resource:/// which pointed at the installed on-disk resources that came with Firefox. I don't know if we supported alternate resource aliases at the time, but I'm sure add-ons weren't using them and that we didn't support resource aliasing in chrome.manifest (which didn't exist).

When we introduced resource into chrome.manifest we should have added the option contentaccessible=yes mechanism at the same time: let add-ons opt-in to fingerprintability just as we do with chrome content. Unfortunately anything we do may have compatibility problems: searching addon source I find 810 chrome.manifest files that define custom resource:// locations. One reason for so many is because it's used by JetPack addons so I'm somewhat hopeful that most of those don't need to reference these from content. Quoted from Reference 2 below.

---

The only reason extensions would need to use resource: is to make things available to web content. Quoted from Reference 2 below.

Directly from Mozilla

I had a really hard time finding any mention of resource:// in any documentation by Mozilla, IANA, or W3C. This is the one and ONLY direct mention of the definition of resource: that I could find published directly from Mozilla. It was so obscure I took a screenshot :)

Further Reading:

1. Bugzilla report on resource:// security vulnerability
2. Another Bugzilla report (source of quote above)
3. IANA resource:// Resource Identifier provision
4. IANA Complete List of URI-Scheme Assignments