[Webkit-unassigned] [Bug 26146] New: Change to use ThreadableLoader to load the worker script in order to check URL origin for redirection.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Jun 2 12:01:52 PDT 2009
https://bugs.webkit.org/show_bug.cgi?id=26146
Summary: Change to use ThreadableLoader to load the worker script
in order to check URL origin for redirection.
Product: WebKit
Version: 528+ (Nightly build)
Platform: All
OS/Version: All
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: WebCore Misc.
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: jianli at chromium.org
CC: ap at webkit.org, dimich at chromium.org, levin at chromium.org
Per the discussion on Worker URL origin check for redirection scenario
(http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2009-May/019965.html), we
feel that it is a good practice to check every URL on the redirect chain in
order to make sure it is coming from the same origin as the original document.
Currently the URL origin is only checked before we use DocLoader to load the
script. To support the redirection URL origin check, we need to switch to using
ThreadableLoader, i.e. SubresourceLoader, to load the script since it enforces
such check for every redirection URL.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list