Open
Bug 1231225
Opened 8 years ago
Updated 2 years ago
Suborigins namespace mechanism
Categories
(Core :: DOM: Security, enhancement, P5)
Tracking
()
NEW
People
(Reporter: mmitar, Unassigned)
Details
(Whiteboard: [domsecurity-backlog])
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:42.0) Gecko/20100101 Firefox/42.0 Build ID: 20151029151421 Steps to reproduce: I wanted to use sub-origins (https://metromoxie.github.io/webappsec/specs/suborigins/). Actual results: They did not work. Expected results: They should work. Changes to API needed to make it work: * Suborgin header to specify a page's entry into a suborigin * Access-Control-Allow-Suborigin response header * New event.suborigin field Public standards discussion: https://lists.w3.org/Archives/Public/public-webappsec/2014Nov/0127.html Editor's draft of spec: https://metromoxie.github.io/webappsec/specs/suborigins/ Chromium issue: https://code.google.com/p/chromium/issues/detail?id=555117
Comment 2•8 years ago
|
||
(In reply to Kevin Brosnan [:kbrosnan] from comment #1) > Myk where should this live? core:dom apps? I think this actually belongs in Core::DOM: Security, the Bugzilla home of the Content Security module <https://wiki.mozilla.org/Modules/All#Content_Security>, which is responsible for "Native content-based security features, including: Content Security Policy (CSP), Mixed Content Blocker (MCB), Subresource Integrity (SRI) and CORS."
Component: Untriaged → DOM: Security
Flags: needinfo?(myk)
Product: Firefox → Core
Comment 3•8 years ago
|
||
(In reply to Mitar from comment #0) > I wanted to use sub-origins > (https://metromoxie.github.io/webappsec/specs/suborigins/). > > Actual results: > They did not work. That is not an adopted spec and Mozilla has not decided whether we will implement it or not. Even if we do there are problems in the spec that will have to be addressed (such as the serialization format).
Severity: normal → enhancement
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P5
Whiteboard: [domsecurity-backlog]
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•