[Webkit-unassigned] [Bug 234543] Archived subresource loads fail if m_allowedNetworkHosts doesn't include the remote URL
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Dec 21 15:50:18 PST 2021
https://bugs.webkit.org/show_bug.cgi?id=234543
Alexey Proskuryakov <ap at webkit.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |achristensen at apple.com
See Also| |https://bugs.webkit.org/sho
| |w_bug.cgi?id=225426
--- Comment #3 from Alexey Proskuryakov <ap at webkit.org> ---
Not sure if the proposed change is OK given the initial intent of this SPI (disallow any 3rd party content). It's still 3rd party content even when it's loaded via an archive, and having it can still have security implications!
CC Alex to help untangle this.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20211221/8786e767/attachment.htm>
More information about the webkit-unassigned
mailing list