This repository has been archived by the owner on Apr 6, 2021. It is now read-only.
Populating Caches #10
Assignees
Labels
Comments
|
Possible relationship to same-origin document (if it eventuates) |
|
Discussed at TAG F2F in NY on 7th Jan 2015 - should add note in document about actual security issues, relationship to same origin policy and HTTP caching. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
The "populating caches" use case is deeply flawed. Having one resource populate a different URI's cache entry is a huge security hole; http://host.com/~evil can insert things into cache for http://host.com/~alice.
If the host opts into this sort of cross-population (e.g., by putting something indicating that at a well-known URI), it's a different story, but the default has to be safe.
(yes, ServiceWorker has a similar problem; working with Alex on that one).
There's a higher-level issue here about granularity of authority on the Web. Right now we have some / many security mechanisms that operate on the granularity of an origin, but that doesn't mean that new mechanisms (like this) can be introduced with origin scoping safely. It'd be good to have a general discussion about this, because e.g., CORS took great pains to allow finer-grained granularity of authority even though arguably it wasn't necessary in that case.
The text was updated successfully, but these errors were encountered: