W3C home > Mailing lists > Public > public-webappsec@w3.org > July 2015

Re: CfC: Republish MIX as CR; deadline July 29th.

From: Mike West <mkwst@google.com>
Date: Thu, 30 Jul 2015 10:12:11 +0200
Message-ID: <CAKXHy=fwJNj0ciRFY+gu2tObYAR8vxeoykCBP12azEWQ7MJuXA@mail.gmail.com>
To: Brian Smith <brian@briansmith.org>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>, Wendy Seltzer <wseltzer@w3.org>, Dan Veditz <dveditz@mozilla.com>, Brad Hill <hillbrad@gmail.com>
On Tue, Jul 28, 2015 at 7:05 PM, Brian Smith <brian@briansmith.org> wrote:

> 3. Add a read-only |originalContext| property to requests that is "fetch"
> for any synthesized request and the value of |context| for any internal
> request, and then test |originalContext| instead of |context|.
>
> I personally think that #3 is best because I think it will also be useful
> for specifying similar passthrough for referrer control (with a different
> set of relevant contexts).
>

I'd be fine with #3. I agree that looking at `window` is perhaps an
indirection too far, and that it's not clear just from reading this spec
(and the relevant bits of fetch) that it's an invariant that will be true
forever and ever.

Anne, how do you feel about adding such a property that gets set on copy?

-mike

--
Mike West <mkwst@google.com>, @mikewest

Google Germany GmbH, Dienerstrasse 12, 80331 München,
Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der
Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth
Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Thursday, 30 July 2015 08:13:00 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:13 UTC