Open Bug 1560079 Opened 5 years ago Updated 2 years ago

fetch from about:blank would have to show Origin header

Categories

(Core :: DOM: Security, enhancement, P3)

Product:
Core
Component:
DOM: Security
Type:
enhancement

Tracking

()

People

(Reporter: CuveeHsu, Unassigned)

References

Details

(Whiteboard: [domsecurity-backlog1])

about:blank does have an origin, thus coming an Origin header.
IMO It's pretty minor since we don't usually fetch from about:blank.

Here's a test
https://github.com/web-platform-tests/wpt/commit/c69a80bbc3301c7d8436f22533b610396b2b2806#diff-4ac023be6fea526c56e3c384fe32fa98R74

Also, we need to think about document.open

Blocks: 1424076
Priority: -- → P3
Whiteboard: [domsecurity-backlog1]

Not sure if we already address this. I see we have origin from about:blank.
IMO to meet the semantic for spec, we might use the origin in client info.
https://searchfox.org/mozilla-central/rev/1dfd70469212ef2785d41827c5532c571c784227/dom/clients/manager/ClientInfo.h#63-67

Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.