[Webkit-unassigned] [Bug 182330] WebDriver: test imported/w3c/webdriver/tests/cookies/get_named_cookie.py::test_duplicated_cookie fails
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Apr 5 10:47:23 PDT 2018
https://bugs.webkit.org/show_bug.cgi?id=182330
--- Comment #1 from Brian Burg <bburg at apple.com> ---
Hi Carlos, I'm seeing an XSSAuditor console message that this inline script evaluation was blocked.
[Error] The XSS Auditor refused to execute a script in 'http://localhost:8802/webdriver/tests/support/inline.py?doc=%3Cscript%3Edocument.cookie+%3D+%27hello%3Dnewworld%3B+domain%3Dlocalhost%3B+path%3D%2F%27%3B%3C%2Fscript%3E&content-type=text%2Fhtml%3Bcharset%3Dutf-8' because its source code was found within the request. The auditor was enabled because the server did not send an 'X-XSS-Protection' header. (inline.py, line 1)
Thus the cookie is not set via document.cookie.
I believe this could be fixed by sending the X-XSS-Protection header with the main resource.
Have you encountered this as well, or is it purely a problem is Soup backend?
I'm pretty sure the problem of missing a leading period was already fixed and you added a test for it.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180405/d83e4f45/attachment-0002.html>
More information about the webkit-unassigned
mailing list