Issue 2797: SecurityOrigin::canRequest grants local URLs universal access
http://code.google.com/p/chromium/issues/detail?id=2797
New issue report by [EMAIL PROTECTED]:
In the merge, we picked up SecurityOrigin::canRequest, which lets local
files (those from file:// URLs) request any URL (e.g., via XMLHttpRequest).
Our policy is not to grant file:// URLs this universal access.
To fix this issue, just remove the lines:
if (isLocal())
return true;
from the function.
I'm working with upstream to have this controlled by a pref so we can
unfork this file.
Issue attributes:
Status: Untriaged
Owner: [EMAIL PROTECTED]
CC: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
Labels: Type-Bug Pri-2 OS-All Area-Unknown WebKitMerge
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Chromium-bugs" group.
To post to this group, send email to chromium-bugs@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/chromium-bugs?hl=en
-~----------~----~----~----~------~----~------~--~---
