[webkit-reviews] review granted: [Bug 178565] XMLHttpRequest should not treat file URLs as same origin : [Attachment 324854] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Oct 25 13:16:58 PDT 2017
Ryosuke Niwa <rniwa at webkit.org> has granted Brent Fulgham
<bfulgham at webkit.org>'s request for review:
Bug 178565: XMLHttpRequest should not treat file URLs as same origin
https://bugs.webkit.org/show_bug.cgi?id=178565
Attachment 324854: Patch
https://bugs.webkit.org/attachment.cgi?id=324854&action=review
--- Comment #52 from Ryosuke Niwa <rniwa at webkit.org> ---
Comment on attachment 324854
--> https://bugs.webkit.org/attachment.cgi?id=324854
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=324854&action=review
> Source/WebCore/page/SecurityOrigin.cpp:336
> + if (request.url().protocolIsBlob()) {
> + if (auto blobOrigin = getCachedOrigin(request.url()))
request.url().protocolIsBlob() is already checked in getCachedOrigin.
We can just call getCachedOrigin. It's such a misleading name though...
>
LayoutTests/fast/xmlhttprequest/resources/xmlhttprequest-access-self-as-file-re
al.html:19
> + xhr.open("GET", "", false);
> + xhr.send("");
Please add a test case for blob URL.
More information about the webkit-reviews
mailing list