[Webkit-unassigned] [Bug 113407] New: Log a console warning for invalid 'access-control-allow-origin' headers.

Wed Mar 27 07:13:46 PDT 2013

https://bugs.webkit.org/show_bug.cgi?id=113407

           Summary: Log a console warning for invalid
                    'access-control-allow-origin' headers.
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: mkwst at chromium.org

http://www.veracode.com/blog/2013/03/security-headers-on-the-top-1000000-websites-march-2013-report/ suggests that about 1% of sites that use the 'access-control-allow-origin' header get it wrong.  It doesn't look like we're currently logging a warning when we see a header we can't do anything with ('access-control-allow-origin: http://*.example.com/', for instance). I think we should consider changing that.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.