[Webkit-unassigned] [Bug 16357] XMLHttpRequest.setRequestHeader("Cookie", "") does not work correctly
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Dec 8 23:42:26 PST 2007
http://bugs.webkit.org/show_bug.cgi?id=16357
------- Comment #7 from aamann at mac.com 2007-12-08 23:42 PDT -------
(In reply to comment #6)
> So, does Firefox disallow setting the Cookie header for security reasons? We
> may want to block that more thoroughly than via a CFNetwork quirk then!
No, Firefox disallows sending a non-local XMLHttpRequest from an HTML file
loaded via the file:// protocol. This can be overwritten using
netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
though (without any notification to the user):
http://www.mozilla.org/projects/security/components/signed-scripts.html
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list