[Webkit-unassigned] [Bug 67655] AssociatedURLLoader should check HTTP method / headers for untrusted requests.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Sep 9 12:29:00 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=67655
--- Comment #10 from Bill Budge <bbudge at gmail.com> 2011-09-09 12:28:59 PST ---
Once this lands, I can redo PPAPI and WebKit glue code that does all of these checks. As part of that CL I will have to modify URLRequest and URLLoader tests since these errors are reported asynchronously now.
I also have FIXMEs to improve error reporting in the glue code. I will need to define a new error domain in WebKit so AssociatedURLLoader can report syntax vs. security errors in a way that WebKit glue understands. Currently it doesn't know about WebKit error domains, only our net:: one, and reports the former as PP_ERROR. It might make sense to modify this patch to generate ResourceErrors with enough information to make this possible.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list