Last Comment Bug 699857 - Workers: Allow data urls
: Workers: Allow data urls
Status: RESOLVED FIXED
: dev-doc-complete
Product: Core
Classification: Components
Component: DOM (show other bugs)
: Trunk
: x86_64 Windows 7
: -- normal (vote)
: mozilla10
Assigned To: Ben Turner (not reading bugmail, use the needinfo flag!)
:
Mentors:
: 700626 (view as bug list)
Depends on: 716820
Blocks:
  Show dependency treegraph
 
Reported: 2011-11-04 10:48 PDT by Ben Turner (not reading bugmail, use the needinfo flag!)
Modified: 2012-01-10 00:22 PST (History)
8 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
Patch, v1 (4.88 KB, patch)
2011-11-04 10:48 PDT, Ben Turner (not reading bugmail, use the needinfo flag!)
jonas: review+
Details | Diff | Splinter Review

Description Ben Turner (not reading bugmail, use the needinfo flag!) 2011-11-04 10:48:50 PDT
Created attachment 572019 [details] [diff] [review]
Patch, v1

We should allow data URLs to make workers. Patch attached.
Comment 1 Ben Turner (not reading bugmail, use the needinfo flag!) 2011-11-04 11:01:07 PDT
https://hg.mozilla.org/integration/mozilla-inbound/rev/dc3fa66976e6
Comment 2 Marco Bonardo [::mak] (Away 6-20 Aug) 2011-11-05 02:55:00 PDT
https://hg.mozilla.org/mozilla-central/rev/dc3fa66976e6
Comment 3 Kyle Huey [:khuey] (khuey@mozilla.com) 2011-11-08 05:23:41 PST
*** Bug 700626 has been marked as a duplicate of this bug. ***
Comment 4 bugzilla33 2011-11-08 05:25:54 PST
*** Bug 700626 has been marked as a duplicate of this bug. ***
Comment 5 Masatoshi Kimura [:emk] 2011-11-15 02:41:22 PST
Why we are going to allow data URL Workers while the spec explicitly disallows?
http://dev.w3.org/html5/workers/#handler-worker-onmessage
Is a spec change proposed somewhere? If it is, please let me know the pointer.
I don't mind allowing in itself so much because we (and even Chrome) already allow Blob URL Workers.
Comment 6 Jonas Sicking (:sicking) PTO Until July 5th 2011-11-15 09:41:53 PST
In Gecko data-urls have always been considered same-origin, so in a way we are actually complying with the spec.

The origin of data urls is something that is still being debated in the spec world, so I don't think we should make a departure from our usual behavior here.
Comment 7 dynamis (Tomoya ASAI) 2011-11-17 04:50:47 PST
(In reply to Jonas Sicking (:sicking) from comment #6)
> In Gecko data-urls have always been considered same-origin, so in a way we
> are actually complying with the spec.

"origin" definition of HTML spec is:
https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#terminology
| The term origin is used per its definition in the Origin specification.

And in the Origin specification, data URIs are defined as "globally unique identifiers" and cannot be same-origin with any domains.
http://tools.ietf.org/html/draft-abarth-origin-09#section-2.3
| A globally unique identifier is a value which is different from all
| other previously existing values.  For example, a sufficiently long
| random string is likely to be a globally unique identifier.
http://tools.ietf.org/html/draft-abarth-origin-09#section-4
| data URIs do not use a server-based naming authority and therefore have
| globally unique identifiers as origins.

So I think it's better to update the spec.
Comment 8 Masatoshi Kimura [:emk] 2011-11-17 20:05:56 PST
The draft has been expired in May 30, 2011.
Comment 9 Jean-Yves Perrier [:teoli] 2011-11-20 00:35:54 PST
I've updated :
https://developer.mozilla.org/En/DOM/Worker
https://developer.mozilla.org/En/Using_web_workers and
https://developer.mozilla.org/en/Firefox_10_for_developer

I did mention the disagreement about whether a data URI is valid under the same-origin policy or not.

I didn't made any changes to https://developer.mozilla.org/en/data_URIs as we don't list any usage there.

Is there a bug opened at the WhatWG/W3C to fix the documentation to explicitly allow dataURI? It would be helpful for me to follow it to know if/when the specs are changed to update the doc w/ this information.

Note You need to log in before you can comment on or make changes to this bug.