Open
Bug 1212979
Opened 9 years ago
Updated 2 years ago
Deal with opaque responses in SRI
Categories
(Core :: DOM: Security, defect, P3)
Core
DOM: Security
Tracking
()
NEW
People
(Reporter: francois, Unassigned)
References
(Blocks 1 open bug)
Details
(Whiteboard: [domsecurity-backlog3])
Bug 1208629 added a few data: URI tests that don't currently pass. They include a "crossorigin" attribute.
We need to check whether or not responses are opaque and make these requests ineligible for integrity checks.
Updated•9 years ago
|
Whiteboard: [domsecurity-backlog]
Updated•8 years ago
|
Priority: -- → P3
Updated•8 years ago
|
Whiteboard: [domsecurity-backlog] → [domsecurity-backlog3]
Reporter | ||
Comment 1•8 years ago
|
||
I believe this will be fixed once bug 1187335 lands.
Comment 2•8 years ago
|
||
Hi Tom,
Do you think this issue can be closed per 1187335 is landed?
Flags: needinfo?(ttung)
Comment 3•8 years ago
|
||
Unfortunately, we still have some issues so we cannot pass all the testcase. I've marked them as todo [1]. Also, I cannot pass the manual testcase in bug 1208629 [2].
There are some discussion in [3] and we should follow the result there.
[1] http://searchfox.org/mozilla-central/source/dom/security/test/sri/iframe_script_crossdomain.html#65
[2] https://bug1208629.bmoattachments.org/attachment.cgi?id=8667059
[3] https://github.com/whatwg/html/issues/1243
Flags: needinfo?(ttung)
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•