- From: Adam Barth <whatwg@adambarth.com>
- Date: Thu, 28 May 2009 12:37:40 -0700
On Thu, May 28, 2009 at 12:05 PM, Dmitry Titov <dimich at chromium.org> wrote: > Returning to the the narrower original question, what?should?we do with > redirects during worker loads? > - should we abort load if any URL in the redirect chain is from different > origin? Yes. > - should we only abort load if the final URL is from different origin? No. This is dangerous. > - if the same site redirects between schemas (http->https, http->data etc) > does this abort loading too? Yes. These are different origins. > - which URL is used to compute the script's origin and/or base URL in case > of redirects? The final URL, just like for HTML documents. > The simplest solution is to just abort loading if origin deviates in any > part from parent context's, and use the final URL to compute origin (should > be the same) and base URLs. I agree. Adam
Received on Thursday, 28 May 2009 12:37:40 UTC