Bug 1201160 Comment 70 Edit History

Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.

Original comment by

Jonas Sicking (:sicking) No longer reading bugmail consistently

on 2020-09-25 22:57:04 PDT

It seems to me that without Chrome and Safari fixing the issue in comment 67 point 1 and 3 does not seem to apply. I.e. authors would still be leaking secrets in those URLs.

Revision 1 by

Jonas Sicking (:sicking) No longer reading bugmail consistently

on 2020-09-25 23:09:38 PDT

It seems to me that without Chrome and Safari fixing the issue in comment 67 point 1 and 3 does not seem to apply. I.e. authors would still be leaking secrets in those URLs.

It seems like currently we're aligned with Chrome, but fixing this issue would align us with Safari. So it doesn't seem like fixing this issue would get us closer to consensus? Or has Google signaled that they are planning on fixing this issue?

As for point 5, has there been concern raised publicly that Mozilla is not taking SOP seriously? If anything, Mozilla has been pushing for CORS when other vendors have not, for example for video, fonts and sendBeacon().

This leaves point 2, which I honestly don't understand so I'll assume it is valid.