Comment 3 for bug 1516249

> In any other browser I know, both work. If necessary,
> the browser adds the 2 missing slashes.

If browsing the local filesystem was allowed, this could easily be implemented, of course.

> Huh? Could you explain how this improves security? As far as I can
> see, it encourages users to set up a local web server, potentially
> broadcasting confidential files to the local area, rather than keeping
> them on the phone.

Ubuntu touch’s security model confines applications so that they can’t gain access to other applications’ data and files. The browser is no exception, thus it is not allowed to browse the local filesystem.
See https://wiki.ubuntu.com/SecurityTeam/Specifications/ApplicationConfinement for a detailed specification.

This is meant to protect the average phone user against malicious applications.
If a user knows how to set up a local web server, they supposedly know what they are doing, and it’s their responsibility to ensure that they’re not giving away access to all their files to the outer world.

> Btw, other phone browsers, such as Android, do allow this.

Last time I checked, it didn’t. That was a while ago though, things might have changed. Android has a rather different security model though.

> If this is not a big effort to implement, please do, or at least until
> bug #1516220 is fixed.

As I wrote earlier, this is not a bug, it’s a (security) feature. So the confinement rules won’t be relaxed.
If you have a strong case against this decision, I encourage you to raise the topic on the ubuntu-phone mailing list, where the security team can participate in the discussion.

Please avoid confirming your own bug reports. Thanks for your time and bug reports, keep them coming!