Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cached redirects + History traversal reveal cross-origin URLs #29

Closed
igrigorik opened this issue Jul 20, 2015 · 4 comments
Closed

Cached redirects + History traversal reveal cross-origin URLs #29

igrigorik opened this issue Jul 20, 2015 · 4 comments

Comments

@igrigorik
Copy link
Member

History records the redirected-to URL and triggering history.back() on an iframe creates a ResourceTiming object with name attribute set to said URL.

name: This attribute must return the resolved URL of the requested resource. This attribute must not change even if the fetch redirected to a different URL -- current definition.

Similarly, our processing section records the resolved URL of the requested resource. As such, I don't believe this is a RT spec bug, but the fact that all implementations are subject to this does indicate that we may want to add some language to make this explicit.

/cc @annevk @toddreifsteck @plehegar

@dveditz
Copy link
Member

dveditz commented Jul 28, 2015

@cgvwzq
Copy link

cgvwzq commented Aug 18, 2015

@igrigorik
Copy link
Member Author

This has been resolved in Chrome (crbug.com/511616). Not sure about status in other browsers.

@igrigorik
Copy link
Member Author

Resolving this as I don't believe there is anything actionable within the spec itself.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants