[whatwg] Fetch: cross-origin redirect to a data URL

Anne van Kesteren annevk at annevk.nl
Mon Feb 25 01:49:29 PST 2013

On Mon, Feb 25, 2013 at 4:30 AM, Adam Barth <w3c at adambarth.com> wrote:
> I don't think there is a security problem with that.  It's just a
> question of how much it complicates the model.

Well currently for http://software.hixie.ch/utilities/cgi/data/data
Chrome generates a network error if you hit "Generate" with the reason
"unsafe redirect". And that's a simple http to data URL redirect
without CORS coming into play.


More information about the whatwg mailing list