Closed
Bug 699857
Opened 13 years ago
Closed 13 years ago
Workers: Allow data urls
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
FIXED
mozilla10
People
(Reporter: bent.mozilla, Assigned: bent.mozilla)
References
(Depends on 1 open bug)
Details
(Keywords: dev-doc-complete)
Attachments
(1 file)
|
4.88 KB,
patch
|
sicking
:
review+
|
Details | Diff | Splinter Review |
We should allow data URLs to make workers. Patch attached.
Attachment #572019 -
Flags: review?(jonas)
Attachment #572019 -
Flags: review?(jonas) → review+
|
Assignee | |
Comment 1•13 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/dc3fa66976e6
Whiteboard: [inbound]
|
||
Comment 2•13 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/dc3fa66976e6
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Whiteboard: [inbound]
Target Milestone: --- → mozilla10
|
||
Updated•13 years ago
|
Keywords: dev-doc-needed
|
||
Comment 5•13 years ago
|
||
Why we are going to allow data URL Workers while the spec explicitly disallows? http://dev.w3.org/html5/workers/#handler-worker-onmessage Is a spec change proposed somewhere? If it is, please let me know the pointer. I don't mind allowing in itself so much because we (and even Chrome) already allow Blob URL Workers.
In Gecko data-urls have always been considered same-origin, so in a way we are actually complying with the spec. The origin of data urls is something that is still being debated in the spec world, so I don't think we should make a departure from our usual behavior here.
|
||
Comment 7•13 years ago
|
||
(In reply to Jonas Sicking (:sicking) from comment #6) > In Gecko data-urls have always been considered same-origin, so in a way we > are actually complying with the spec. "origin" definition of HTML spec is: https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#terminology | The term origin is used per its definition in the Origin specification. And in the Origin specification, data URIs are defined as "globally unique identifiers" and cannot be same-origin with any domains. http://tools.ietf.org/html/draft-abarth-origin-09#section-2.3 | A globally unique identifier is a value which is different from all | other previously existing values. For example, a sufficiently long | random string is likely to be a globally unique identifier. http://tools.ietf.org/html/draft-abarth-origin-09#section-4 | data URIs do not use a server-based naming authority and therefore have | globally unique identifiers as origins. So I think it's better to update the spec.
|
|
||
Comment 8•13 years ago
|
||
The draft has been expired in May 30, 2011.
|
||
Comment 9•13 years ago
|
||
I've updated : https://developer.mozilla.org/En/DOM/Worker https://developer.mozilla.org/En/Using_web_workers and https://developer.mozilla.org/en/Firefox_10_for_developer I did mention the disagreement about whether a data URI is valid under the same-origin policy or not. I didn't made any changes to https://developer.mozilla.org/en/data_URIs as we don't list any usage there. Is there a bug opened at the WhatWG/W3C to fix the documentation to explicitly allow dataURI? It would be helpful for me to follow it to know if/when the specs are changed to update the doc w/ this information.
Keywords: dev-doc-needed → dev-doc-complete
|
||
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•