Re: File API: why is there same-origin restriction on blob URLs?

On Sat, Mar 30, 2013 at 1:42 AM, Jonas Sicking <> wrote:
> The reason that data: is relevant there is that blob: is proposed to behave
> the same as data:.

So the way a CORS fetch works in HTML is that it special cases data
URLs and about:blank to be in the same category as same-origin URLs.
XMLHttpRequest does the same for data URLs, and workers does something
similar too. will unify this. If we add
blob URLs to that list they would be considered CORS same-origin. We
still need to add something though that ensures that data URLs and
blob URLs are not considered same-origin after a redirect.


Received on Saturday, 30 March 2013 09:23:55 UTC