[webkit-reviews] review requested: [Bug 57600] cross-origin XMLHttpRequest doesn't work with redirect : [Attachment 133508] Proposed Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Mar 23 10:30:53 PDT 2012
Bill Budge <bbudge at gmail.com> has asked for review:
Bug 57600: cross-origin XMLHttpRequest doesn't work with redirect
https://bugs.webkit.org/show_bug.cgi?id=57600
Attachment 133508: Proposed Patch
https://bugs.webkit.org/attachment.cgi?id=133508&action=review
------- Additional Comments from Bill Budge <bbudge at gmail.com>
Addressed Adam's comments and redid the ChangeLogs.
One interesting result of this patch is that same origin XHRs which receive
cross origin redirects still fail. This is because XHRs have 'withCredentials'
set to 'true' when they begin to load a same origin request. Once they receive
a redirect to a cross origin URL, they always fail, since the security origin
gets set to a globally unique id and that plus 'allowCredentials' causes the
access control check to fail.
We could fix this by clearing this flag (on the loader) but that might be
confusing. A surprising (to me) result of this work is that of the 9 test
cases, only 1 succeeds.
More information about the webkit-reviews
mailing list