Closed Bug 466292 Opened 16 years ago Closed 14 years ago

Cross subdomain ajax scripting allowed in windows & linux

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INCOMPLETE

People

(Reporter: ruchir.brahmbhatt, Unassigned)

Details

User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.3) Gecko/2008091700 SUSE/3.0.3-1.1 Firefox/3.0.3 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.3) Gecko/2008091700 SUSE/3.0.3-1.1 Firefox/3.0.3 I came across a problem when one ajax page worked fine in all browsers(ff, ie & safari) on windows but not on safari on mac. After checking in detail I found that the page had cross subdomain scripting. For example if page was on domain1.site.com, it was using url domain.site.com from ajax code. I'm not sure if it should be called security issue. As one way it is but other way it isn't as main domain is same. So I thought of reporting it to get opinion as well. Reproducible: Always Steps to Reproduce: 1.Create ajax page, calling url on different subdomain(but same domain) 2.Open it in firefox 3.ajax will work
Resolving unconfirmed bugs older than a year with no activity as INCOMPLETE. Please reopen or file a new bug if you can still reproduce the bug.
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.