Closed
Bug 1029262
Opened 10 years ago
Closed 8 years ago
(shumway) Reject disallowed MIME types for policy files
Categories
(Firefox Graveyard :: Shumway, defect)
Tracking
(Not tracked)
RESOLVED
INCOMPLETE
People
(Reporter: mwobensmith, Unassigned)
References
Details
(Whiteboard: [shumway])
This pertains to content that loads data via flash.net.URLLoader, but likely affects all Flash data-loading APIs. Policy files are currently accepted in arbitrary MIME types ("foo/bar") but may only be deployed with the following: text/x-cross-domain-policy text/* application/xml application/xhtml+xml Policy file spec: http://www.adobe.com/devnet-docs/acrobatetk/tools/AppSec/CrossDomain_PolicyFile_Specification.pdf
Updated•10 years ago
|
Blocks: shumway-m4
Assignee | ||
Updated•8 years ago
|
Product: Firefox → Firefox Graveyard
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → INCOMPLETE
You need to log in
before you can comment on or make changes to this bug.
Description
•