[Webkit-unassigned] [Bug 89185] AssociatedURLLoader should allow trusted clients to read all headers, not just exposed ones

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Jun 15 10:52:29 PDT 2012


Adam Barth <abarth at webkit.org> changed:

           What    |Removed                     |Added
 Attachment #147806|review?                     |review+
               Flag|                            |

--- Comment #6 from Adam Barth <abarth at webkit.org>  2012-06-15 10:52:27 PST ---
(From update of attachment 147806)
View in context: https://bugs.webkit.org/attachment.cgi?id=147806&action=review

Interesting approach.  I was expecting you to add another function for grabbing the headers, but I see why you've taken this approach.

> Source/WebKit/chromium/public/WebURLLoaderOptions.h:57
> +    bool allowResponseHeaders; // If policy is to use access control, whether to allow non-simple response headers.

I wonder if we should name this something like exposeAllResponseHeaders to mimic the name of Access-Control-Expose-Headers ?

Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list