Open Bug 1177856 Opened 9 years ago Updated 2 years ago

Cache API should implement full secure settings trust checks

Tracking

()

Status:

NEW

People

(Reporter: bkelly, Unassigned)

Details

Ben Kelly [:bkelly, not reviewing]

Reporter

Description

•

9 years ago

In bug 1175138 we implemented a simple scheme check for "trusted" origins. This helps with the goal of deprecating http, but its easily bypassed. We should implement the full secure settings algorithm as defined here: https://w3c.github.io/webappsec/specs/powerfulfeatures/#settings-secure

Nobody; OK to take it and work on it

Assignee

Updated

•

6 years ago

Component: DOM → DOM: Core & HTML

Yaron Tausky [:ytausky]

Updated

•

5 years ago

Component: DOM: Core & HTML → Storage: Cache API

Jens Stutte [:jstutte]

Updated

•

5 years ago

No longer blocks: 1110136

Jens Stutte [:jstutte]

Updated

•

5 years ago

Type: defect → enhancement

BMO Automation

Updated

•

2 years ago

Severity: normal → S3

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Cache API should implement full secure settings trust checks

Categories

(Core :: Storage: Cache API, enhancement)

Tracking

()

People

(Reporter: bkelly, Unassigned)

References

Details

Crash Data

Security

(public)

User Story

Description

Updated

Updated

Updated

Updated

Updated