- From: sirdarckcat <notifications@github.com>
- Date: Tue, 28 Jul 2015 05:16:28 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
Received on Tuesday, 28 July 2015 12:17:04 UTC
The PoC in http://sirdarckcat.blogspot.de/2015/05/service-workers-secure-open-redirect.html should work (it's non-HTTPS but the iframe is SSL). I can imagine a couple other possible attacks, but they depend on how the Cache.match algorithm behaves, which IMHO is where we should fix this. --- Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/79#issuecomment-125580485
Received on Tuesday, 28 July 2015 12:17:04 UTC