Open
Bug 1560079
Opened 5 years ago
Updated 2 years ago
fetch from about:blank would have to show Origin header
Categories
(Core :: DOM: Security, enhancement, P3)
Core
DOM: Security
Tracking
()
NEW
People
(Reporter: CuveeHsu, Unassigned)
References
Details
(Whiteboard: [domsecurity-backlog1])
about:blank does have an origin, thus coming an Origin header.
IMO It's pretty minor since we don't usually fetch
from about:blank.
Reporter | ||
Comment 1•5 years ago
|
||
Also, we need to think about document.open
Updated•5 years ago
|
Reporter | ||
Comment 2•5 years ago
|
||
Not sure if we already address this. I see we have origin from about:blank.
IMO to meet the semantic for spec, we might use the origin in client info.
https://searchfox.org/mozilla-central/rev/1dfd70469212ef2785d41827c5532c571c784227/dom/clients/manager/ClientInfo.h#63-67
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•