[whatwg] Workers and URL origin check

Adam Barth whatwg at adambarth.com
Thu May 28 12:37:40 PDT 2009


On Thu, May 28, 2009 at 12:05 PM, Dmitry Titov <dimich at chromium.org> wrote:
> Returning to the the narrower original question, what should we do with
> redirects during worker loads?
> - should we abort load if any URL in the redirect chain is from different
> origin?

Yes.

> - should we only abort load if the final URL is from different origin?

No.  This is dangerous.

> - if the same site redirects between schemas (http->https, http->data etc)
> does this abort loading too?

Yes.  These are different origins.

> - which URL is used to compute the script's origin and/or base URL in case
> of redirects?

The final URL, just like for HTML documents.

> The simplest solution is to just abort loading if origin deviates in any
> part from parent context's, and use the final URL to compute origin (should
> be the same) and base URLs.

I agree.

Adam



More information about the whatwg mailing list