[Webkit-unassigned] [Bug 89185] AssociatedURLLoader should allow trusted clients to read all headers, not just exposed ones

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Jun 15 07:21:25 PDT 2012


--- Comment #5 from Bill Budge <bbudge at gmail.com>  2012-06-15 07:21:24 PST ---
Adam, this new WebURLLoaderOption field completely turns off response header filtering. Therefore this would expose "set-cookie" headers to the client. I'm assuming this is OK since it's trusted.

Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list