W3C home > Mailing lists > Public > whatwg@whatwg.org > February 2013

Re: [whatwg] Fetch: cross-origin redirect to a data URL

From: Anne van Kesteren <annevk@annevk.nl>
Date: Mon, 25 Feb 2013 09:49:29 +0000
Message-ID: <CADnb78iXvHc_t=SykfR-rU9cwEsuMq7ZrAFJ77TvUq71yb24ig@mail.gmail.com>
To: Adam Barth <w3c@adambarth.com>
Cc: WHATWG <whatwg@whatwg.org>
On Mon, Feb 25, 2013 at 4:30 AM, Adam Barth <w3c@adambarth.com> wrote:
> I don't think there is a security problem with that.  It's just a
> question of how much it complicates the model.

Well currently for http://software.hixie.ch/utilities/cgi/data/data
Chrome generates a network error if you hit "Generate" with the reason
"unsafe redirect". And that's a simple http to data URL redirect
without CORS coming into play.

Received on Monday, 25 February 2013 09:50:00 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:09:20 UTC