[Webkit-unassigned] [Bug 66909] XMLHttpRequest method/header validation is not available for other untrusted HTTP requests.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Aug 25 00:44:38 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=66909
Adam Barth <abarth at webkit.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |abarth at webkit.org
--- Comment #6 from Adam Barth <abarth at webkit.org> 2011-08-25 00:44:38 PST ---
> OK, thanks! I'm a little surprised that this level of functionality is going to be in WebCore, not in plug-ins. Isn't it plug-ins responsibility to provide network loading mechanisms with custom amount of trust?
PPAPI supports both trusted and untrusted plugins. For untrusted plugs, we need to provide the security. We could duplicate this logic outside of WebCore, but that seems inferior to using the same code for XMLHttpRequest and URL requests from untrusted plugins.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list