[Bug 25915] Cross-origin requests from bugzilla@jessica.w3.org on 2014-06-05 (public-webapps-bugzilla@w3.org from June 2014)

From: <bugzilla@jessica.w3.org>
Date: Thu, 05 Jun 2014 14:57:58 +0000
To: public-webapps-bugzilla@w3.org
Message-ID: <bug-25915-2532-cKJgYUozEJ@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=25915

--- Comment #5 from Arun <arun@mozilla.com> ---
(In reply to Anne from comment #4)
> This still seems wrong. :-(
> 
> I think basically you do not want to say anything about cross-origin URLs
> and let that part of the security model be handled by Fetch.


But File API defines the origin and origin policy of Blob URLs, and what
requests are legal. It would be weird to be silent on the matter of
cross-origin requests. I suppose I could just invoke the Fetch specification.

Also, what "seems wrong?" We already defer to Fetch and URL for most of the
dereferencing. This just says that cross-origin requests return with a network
error.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Thursday, 5 June 2014 14:57:59 UTC