[Webkit-unassigned] [Bug 246606] [GTK][WPE] Add provision to enable / disable websecurity
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Oct 17 05:36:05 PDT 2022
https://bugs.webkit.org/show_bug.cgi?id=246606
Michael Catanzaro <mcatanzaro at gnome.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |mcatanzaro at gnome.org
See Also| |https://bugs.webkit.org/sho
| |w_bug.cgi?id=219396
--- Comment #1 from Michael Catanzaro <mcatanzaro at gnome.org> ---
The mixed content settings are obsolete nowadays. See also: bug #219396. API to expose the internal settings would be at risk, because the internal settings are no longer needed: mixed content was a problem of the 2010s, but we're in the 2020s now and https://w3c.github.io/webappsec-mixed-content/ describes how mixed content should be handled.
Then the WebSecurity setting appears to turn off the same origin policy... is this needed for a test harness or something? Surely you don't need this for normal web content? Can you explain your use case?
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20221017/fdff9a82/attachment.htm>
More information about the webkit-unassigned
mailing list