[Webkit-unassigned] [Bug 24549] New: Impose a limit on Access-Control-Max-Age value
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Mar 12 09:59:57 PDT 2009
https://bugs.webkit.org/show_bug.cgi?id=24549
Summary: Impose a limit on Access-Control-Max-Age value
Product: WebKit
Version: 528+ (Nightly build)
Platform: All
OS/Version: All
Status: NEW
Severity: Normal
Priority: P2
Component: Page Loading
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: ap at webkit.org
The spec says, "User agents are encouraged to impose a limit on max-age so
items cannot stay in the preflight result cache for unreasonable amounts of
time."
Firefox reportedly sets it to 24h, but I think that a much lower value would be
appropriate. One of the use cases cited on public-webapps: a notebook is used
in an internet cafe, where its preflight cache is poisoned with arbitrary
results. Later, the same notebook is used on a corporate network, and becomes a
proxy into it. Of course, the same evil site needs to be accessed from both
locations.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list