[whatwg] Workers and URL origin check
Adam Barth
whatwg at adambarth.com
Thu May 28 12:37:40 PDT 2009
On Thu, May 28, 2009 at 12:05 PM, Dmitry Titov <dimich at chromium.org> wrote:
> Returning to the the narrower original question, what should we do with
> redirects during worker loads?
> - should we abort load if any URL in the redirect chain is from different
> origin?
Yes.
> - should we only abort load if the final URL is from different origin?
No. This is dangerous.
> - if the same site redirects between schemas (http->https, http->data etc)
> does this abort loading too?
Yes. These are different origins.
> - which URL is used to compute the script's origin and/or base URL in case
> of redirects?
The final URL, just like for HTML documents.
> The simplest solution is to just abort loading if origin deviates in any
> part from parent context's, and use the final URL to compute origin (should
> be the same) and base URLs.
I agree.
Adam
More information about the whatwg
mailing list