[Webkit-unassigned] [Bug 165726] On HTTPS pages, .ts files loaded from insecure origins via XHR are allowed
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Dec 10 09:04:05 PST 2016
https://bugs.webkit.org/show_bug.cgi?id=165726
--- Comment #1 from Paul Schreiber <paulschreiber at gmail.com> ---
Note:
https://www.ssllabs.com/ssltest/viewMyClient.html
The XHR test passes in Safari, but Safari doesn't actually block the request: it fails due to bad/missing CORS headers: ("XMLHttpRequest cannot load http://plaintext.ssllabs.com/plaintext/xhr.txt?t=1481389281271 due to access control checks.")
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20161210/ea990d6f/attachment.html>
More information about the webkit-unassigned
mailing list