[Webkit-unassigned] [Bug 67655] New: AssociatedURLLoader should check HTTP method / headers for untrusted requests.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Sep 6 10:51:51 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=67655
Summary: AssociatedURLLoader should check HTTP method / headers
for untrusted requests.
Product: WebKit
Version: 528+ (Nightly build)
Platform: All
OS/Version: All
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: Platform
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: bbudge at gmail.com
CC: fishd at chromium.org, levin at chromium.org
Perform HTTP method and header validation in AssociatedURLLoader for requests coming from untrusted code (eg. Native Client in Chrome). Use the same code as XMLHttpRequest to reduce code duplication and have behavior identical to XHR in Javascript. Add an 'untrustedHTTP' option to WebURLLoaderOptions, which AssociatedURLLoader can use to determine if it should check the request method and headers.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list