[Webkit-unassigned] [Bug 113407] New: Log a console warning for invalid 'access-control-allow-origin' headers.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Mar 27 07:13:46 PDT 2013
https://bugs.webkit.org/show_bug.cgi?id=113407
Summary: Log a console warning for invalid
'access-control-allow-origin' headers.
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: WebCore Misc.
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: mkwst at chromium.org
http://www.veracode.com/blog/2013/03/security-headers-on-the-top-1000000-websites-march-2013-report/ suggests that about 1% of sites that use the 'access-control-allow-origin' header get it wrong. It doesn't look like we're currently logging a warning when we see a header we can't do anything with ('access-control-allow-origin: http://*.example.com/', for instance). I think we should consider changing that.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list