Re: [whatwg] Fetch: cross-origin redirect to a data URL

I don't think there is a security problem with that.  It's just a
question of how much it complicates the model.

Adam


On Sun, Feb 24, 2013 at 10:32 AM, Anne van Kesteren <annevk@annevk.nl> wrote:
> Say <img> does a cross-origin request. The response to that request is
> a redirect with the appropriate CORS headers set. The new location is
> a data URL. Should that URL be tainted or not? I tend to think we
> should make that work.
>
> (By the way, if you're interested. I'm working on a new specification
> that merges HTML fetch and CORS, named Fetch.
> http://wiki.whatwg.org/wiki/Fetch has the rough outline so far,
> including an algorithm at the bottom. The idea is that everything in
> the platform that does network requests ties into that (in particular
> the fetch function which dispatches as appropriate).)
>
>
> --
> http://annevankesteren.nl/

Received on Monday, 25 February 2013 04:31:30 UTC