Closed Bug 839867 Opened 7 years ago Closed 7 years ago
Align Gecko and the spec on cross-origin access to location
Jesper, this is incredible work. Thanks. The data indicates that Gecko is the only UA that allows cross-origin sets of Location.hash. I know people used to use this as a hacky cross-domain messaging system before window.postMessage, and would have thought that there would still be legacy use cases out there. But given that the rest of the web seems to have turned this off, I think we should too, unless there's more background here I'm not aware of. I'll attach a patch and push it to try.
Assignee: nobody → bobbyholley+bmo
Green except for one test that was relying on cross-origin Location.hash to do something along the lines of what was described in comment 2. I fixed that test, and pushed for another mochitest-1 run to make sure there were no other failures.
We update the tests to cover this case. There was also a bug in the tests where we were accidentally testing non-writable Location properties against window rather than window.location. :-(
Attachment #712275 - Flags: review?(bzbarsky)
Comment on attachment 712275 [details] [diff] [review] Align gecko with the spec on cross-origin access to Location.hash. v1 r=me
Attachment #712275 - Flags: review?(bzbarsky) → review+
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla21
You need to log in before you can comment on or make changes to this bug.