[Webkit-unassigned] [Bug 258443] New: Blob can't be read from opaque origined Workers
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jun 23 00:43:18 PDT 2023
https://bugs.webkit.org/show_bug.cgi?id=258443
Bug ID: 258443
Summary: Blob can't be read from opaque origined Workers
Product: WebKit
Version: Safari Technology Preview
Hardware: Mac (Apple Silicon)
OS: macOS 13
Status: NEW
Severity: Normal
Priority: P2
Component: WebCore Misc.
Assignee: webkit-unassigned at lists.webkit.org
Reporter: tristan.fraipont at gmail.com
Test-case: https://codepen.io/_-0-_/pen/qBQqbLy
Trying to read a Blob object with whatever method (`.arrayBuffer()` et al., `FileReader`, `new Response(blob).arrayBuffer()` etc.) from an opaque origin Web Worker throws an error:
> [Error] Not allowed to load local resource: blob:null/70ccdfb9-8d83-4234-aec5-c45cb251b792
> [Error] Cannot load blob:null/70ccdfb9-8d83-4234-aec5-c45cb251b792 due to access control checks.
> [Error] Failed to load resource: Not allowed to request resource (70ccdfb9-8d83-4234-aec5-c45cb251b792, line 0)
> [Error] Unhandled Promise Rejection: NotReadableError: The I/O read operation failed. (anonymous function) (data:text/javascript,%0A…%0A:3)
The issue seems to be that the fetch request made to access the blob's data goes through cross-origin checks, however the Blob should be by essence same origin, since it's supposed to be "in memory".
This happens for Workers created from a data: URL, as well as for the ones created from a blob: URL in a file:// document.
The weird thing is that it seems to work fine for opaque origin iframes (sandboxed or data: URL).
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230623/244054eb/attachment-0001.htm>
More information about the webkit-unassigned
mailing list