- From: Matt Menke <notifications@github.com>
- Date: Wed, 11 Apr 2018 06:19:56 -0700
- To: whatwg/xhr <xhr@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 11 April 2018 13:20:21 UTC
I'm a bit late to respond, but I agree with this decision - rejecting headers with nulls seems the safest option here. We should also add code to Chrome's code, either in net/ or in services/network, to reject requests with nulls in headers, to prevent compromised renderers sending headers with nulls in them. On Wed, Apr 11, 2018 at 9:15 AM, Anne van Kesteren <notifications@github.com > wrote: > Updated tests: w3c/web-platform-tests#10424 > <https://github.com/w3c/web-platform-tests/pull/10424>. > > Bugs: > > - https://bugzilla.mozilla.org/show_bug.cgi?id=1453318 > - https://bugs.webkit.org/show_bug.cgi?id=184493 > - https://developer.microsoft.com/en-us/microsoft-edge/ > platform/issues/16880179/ > > — > You are receiving this because you were mentioned. > Reply to this email directly, view it on GitHub > <https://github.com/whatwg/xhr/issues/165#issuecomment-380447687>, or mute > the thread > <https://github.com/notifications/unsubscribe-auth/AUBj8bnPQFa35UNA6-7gxQyljLlnfiMQks5tngIOgaJpZM4P6CbD> > . > -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/xhr/issues/165#issuecomment-380448848
Received on Wednesday, 11 April 2018 13:20:21 UTC