[whatwg] Fetch: cross-origin redirect to a data URL
Anne van Kesteren
annevk at annevk.nl
Mon Feb 25 01:49:29 PST 2013
On Mon, Feb 25, 2013 at 4:30 AM, Adam Barth <w3c at adambarth.com> wrote:
> I don't think there is a security problem with that. It's just a
> question of how much it complicates the model.
Well currently for http://software.hixie.ch/utilities/cgi/data/data
Chrome generates a network error if you hit "Generate" with the reason
"unsafe redirect". And that's a simple http to data URL redirect
without CORS coming into play.
More information about the whatwg