[Webkit-unassigned] [Bug 190133] New: [WPE][GTK] Document that webkit_uri_response_get_http_headers() may no longer return all HTTP headers
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Oct 1 06:18:00 PDT 2018
https://bugs.webkit.org/show_bug.cgi?id=190133
Bug ID: 190133
Summary: [WPE][GTK] Document that
webkit_uri_response_get_http_headers() may no longer
return all HTTP headers
Product: WebKit
Version: Other
Hardware: PC
OS: Linux
Status: NEW
Severity: Normal
Priority: P2
Component: WebKit Gtk
Assignee: webkit-unassigned at lists.webkit.org
Reporter: mcatanzaro at igalia.com
CC: bugs-noreply at webkitgtk.org, youennf at gmail.com
As a Spectre mitigation, webkit_uri_response_get_http_headers() no longer returns all HTTP headers. E.g. cookie headers are pruned to prevent a website from abusing Spectre to read cookies associated with an iframe from memory.
This is an API break, but it's probably unavoidable. We should document it, though. Problem is it's really hard to use this API if the set of headers that get pruned changes incompatibly in the future versions of WebKit. :/
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20181001/c9bc269b/attachment.html>
More information about the webkit-unassigned
mailing list