- From: Alex Russell <notifications@github.com>
- Date: Mon, 13 Jul 2015 03:51:46 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
Received on Monday, 13 July 2015 10:52:13 UTC
(apologies if this is a dupe) @sirdarckcat has brought up an issue (documented here: http://sirdarckcat.blogspot.de/2015/05/service-workers-secure-open-redirect.html ) that seems like it'd be mostly solved through the addition of a single bit to Response objects which notes if the content is the result of a redirect. At the webappsec f2f today in Berlin, the group there seems to agree that exposing this bit on Responses doesn't leak any new information; it's observable via CSP + iframes already. /cc @jakearchibald @jungkees @annevk @metromoxie @hillbrad --- Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/79
Received on Monday, 13 July 2015 10:52:13 UTC