[Webkit-unassigned] [Bug 258195] Service Worker: Redirect loses hash fragment
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jun 16 03:12:55 PDT 2023
https://bugs.webkit.org/show_bug.cgi?id=258195
--- Comment #1 from Lauritz <webkit at lauritz-holtmann.de> ---
After filing this as non-security issue at first, I think there could be potential security implications I have not thought of at first. For instance, in the context of OAuth/OIDC ("implicit flow"/"response_mode=fragment"), where sensitive information is passed between parties using the url hash fragment. At the very least, this behavior could break an SSO login flow.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230616/03f8969e/attachment.htm>
More information about the webkit-unassigned
mailing list