[Webkit-unassigned] [Bug 182330] WebDriver: test imported/w3c/webdriver/tests/cookies/get_named_cookie.py::test_duplicated_cookie fails

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Apr 5 10:47:23 PDT 2018


--- Comment #1 from Brian Burg <bburg at apple.com> ---
Hi Carlos, I'm seeing an XSSAuditor console message that this inline script evaluation was blocked. 

[Error] The XSS Auditor refused to execute a script in 'http://localhost:8802/webdriver/tests/support/inline.py?doc=%3Cscript%3Edocument.cookie+%3D+%27hello%3Dnewworld%3B+domain%3Dlocalhost%3B+path%3D%2F%27%3B%3C%2Fscript%3E&content-type=text%2Fhtml%3Bcharset%3Dutf-8' because its source code was found within the request. The auditor was enabled because the server did not send an 'X-XSS-Protection' header. (inline.py, line 1)

Thus the cookie is not set via document.cookie.

I believe this could be fixed by sending the X-XSS-Protection header with the main resource.

Have you encountered this as well, or is it purely a problem is Soup backend?

I'm pretty sure the problem of missing a leading period was already fixed and you added a test for it.

You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180405/d83e4f45/attachment-0002.html>

More information about the webkit-unassigned mailing list