[Webkit-unassigned] [Bug 190133] New: [WPE][GTK] Document that webkit_uri_response_get_http_headers() may no longer return all HTTP headers

Mon Oct 1 06:18:00 PDT 2018

https://bugs.webkit.org/show_bug.cgi?id=190133

            Bug ID: 190133
           Summary: [WPE][GTK] Document that
                    webkit_uri_response_get_http_headers() may no longer
                    return all HTTP headers
           Product: WebKit
           Version: Other
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit Gtk
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mcatanzaro at igalia.com
                CC: bugs-noreply at webkitgtk.org, youennf at gmail.com

As a Spectre mitigation, webkit_uri_response_get_http_headers() no longer returns all HTTP headers. E.g. cookie headers are pruned to prevent a website from abusing Spectre to read cookies associated with an iframe from memory.

This is an API break, but it's probably unavoidable. We should document it, though. Problem is it's really hard to use this API if the set of headers that get pruned changes incompatibly in the future versions of WebKit. :/

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20181001/c9bc269b/attachment.html>