[Webkit-unassigned] [Bug 248470] [GTK] The resource ..... was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it...
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Apr 26 23:14:22 PDT 2023
https://bugs.webkit.org/show_bug.cgi?id=248470
--- Comment #4 from Milan Crha <mcrha at redhat.com> ---
(In reply to Michael Catanzaro from comment #3)
> Perhaps I'm misunderstanding something, but the problem is a web console
> warning caused by the web content in the email that you're displaying, yes?
Yes and no. One problem is that I cannot (and shouldn't, as you said) do anything about the warning. If it's only for the page developer, then show it to the page developer, not to everybody else, whom cannot influence it by any means.
The other problem is that it claims the resource *had been preloaded*. I trusted that message, but trying it here, I do not see any sign of the resource download in the access logs of my server, thus maybe the warning lies and nothing was preload at all. Being there anything preloaded, I'd consider it a security problem, because any attacker/spammer could have such preloads in the document to verify the address is functional and anybody reads the message, despite Evolution controlling the internet traffic by the WebKitGTK API.
Interestingly, referencing an https:// address in the "preload" <link>, which uses an invalid certificate, shows an error message in the console about the invalid certificate, thus maybe it tries to download something with http://, but doesn't finish it? I do not know how these things work under the hood.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230427/644c6f34/attachment.htm>
More information about the webkit-unassigned
mailing list