W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2014

CSP, Blob Workers, and Firefox

From: Paul Frazee <pfrazee@gmail.com>
Date: Sat, 19 Apr 2014 08:58:06 -0500
Message-ID: <CAD4FMeg8vn1=ynRXSvFk4kor3THn2SaMfqqX0xCddaK6sWtnaw@mail.gmail.com>
To: WebAppSec WG <public-webappsec@w3.org>
I've got an edge case that the Firefox guys see as undefined in the CSP
spec.

Bug report here: https://bugzilla.mozilla.org/show_bug.cgi?id=964276

Shouldn't blob URIs take the origin that they've been created within? If
so, script-src 'self' ought to allow the Worker to load.

Paul F
Received on Saturday, 19 April 2014 13:59:14 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:05 UTC