[Webkit-unassigned] [Bug 67655] AssociatedURLLoader should check HTTP method / headers for untrusted requests.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Sep 9 12:29:00 PDT 2011


--- Comment #10 from Bill Budge <bbudge at gmail.com>  2011-09-09 12:28:59 PST ---
Once this lands, I can redo PPAPI and WebKit glue code that does all of these checks. As part of that CL I will have to modify URLRequest and URLLoader tests since these errors are reported asynchronously now.

I also have FIXMEs to improve error reporting in the glue code. I will need to define a new error domain in WebKit so AssociatedURLLoader can report syntax vs. security errors in a way that WebKit glue understands. Currently it doesn't know about WebKit error domains, only our net:: one, and reports the former as PP_ERROR. It might make sense to modify this patch to generate ResourceErrors with enough information to make this possible.

Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list