[Webkit-unassigned] [Bug 67655] New: AssociatedURLLoader should check HTTP method / headers for untrusted requests.

Tue Sep 6 10:51:51 PDT 2011

https://bugs.webkit.org/show_bug.cgi?id=67655

           Summary: AssociatedURLLoader should check HTTP method / headers
                    for untrusted requests.
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
        OS/Version: All
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: Platform
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: bbudge at gmail.com
                CC: fishd at chromium.org, levin at chromium.org

Perform HTTP method and header validation in AssociatedURLLoader for requests coming from untrusted code (eg. Native Client in Chrome). Use the same code as XMLHttpRequest to reduce code duplication and have behavior identical to XHR in Javascript. Add an 'untrustedHTTP' option to WebURLLoaderOptions, which AssociatedURLLoader can use to determine if it should check the request method and headers.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.