Closed Bug 756587 Opened 13 years ago Closed 13 years ago

ensure manifest urls belong to same origin

Categories

(Firefox Graveyard :: SocialAPI, defect)

x86
macOS
defect
Not set
critical

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: mixedpuppy, Assigned: mixedpuppy)

References

Details

(Whiteboard: [needs-test])

If we load a manifest that is not a resource uri, ensure that the urls are same-origin.
Would another option be that we don't support absolute URLs in the manifest, apart from, say, URLPrefix?
For the manifest urls, we are absolutely talking same-origin, protocol+host+port. URLPrefix should only be used in the case we are loading from a resource URI, otherwise it should be ignored.
Assignee: nobody → mixedpuppy
Whiteboard: [needs-test]
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Product: Firefox → Firefox Graveyard
You need to log in before you can comment on or make changes to this bug.