Skip to content
Permalink
Browse files

[giow] (2) Plug a security hole with appcache: don't allow hostile ht…

…tps: servers to cache no-store files on other https: servers. Also, mention that https: apps can be made to work offline.

Fixing http://www.w3.org/Bugs/Public/show_bug.cgi?id=8515

git-svn-id: http://svn.whatwg.org/webapps@4557 340c8d12-0b0e-0410-8428-c7bf67bfef74
  • Loading branch information...
Hixie committed Jan 10, 2010
1 parent 7469ac1 commit a92f3f2f1b067ae7302b3ec153cdb60655d9f7df
Showing with 45 additions and 3 deletions.
  1. +14 −1 complete.html
  2. +14 −1 index
  3. +17 −1 source
manifest is automatically cached even if it isn't explicitly
mentioned.</p>

<p class=note>HTTP cache headers and restrictions on caching pages
served over TLS (encrypted, using <code title="">https:</code>) are
overridden by manifests. Thus, pages will not expire from an
application cache before the user agent has updated it, and even
applications served over TLS can be made to work offline.</p>


<h5 id=appcacheevents><span class=secno>6.9.1.1 </span>Event summary</h5>
</dl><p>Manifests may contain sections more than once. Sections may be
empty.</p>

<p>If the manifest's <a href=#url-scheme title=url-scheme>&lt;scheme&gt;</a>
is <code title="">https:</code> or another scheme intended for
encrypted data transfer, then all URLs in <a href=#concept-appcache-manifest-explicit title=concept-appcache-manifest-explicit>explicit sections</a>
must have the <a href=#same-origin>same origin</a> as the manifest itself.</p>

<p>URLs that are to be fallback pages associated with <a href=#concept-appcache-fallback-ns title=concept-appcache-fallback-ns>fallback namespaces</a>, and
those namespaces themselves, must be given in <a href=#concept-appcache-manifest-fallback title=concept-appcache-manifest-fallback>fallback sections</a>,
with the namespace being the first URL of the data line, and the
<a href=#url-scheme title=url-scheme>&lt;scheme&gt;</a> component than
the manifest's URL (compared in an <a href=#ascii-case-insensitive>ASCII
case-insensitive</a> manner), then jump back to the step
labeled "start of line".</p>
labeled "start of line". If the manifest's <a href=#url-scheme title=url-scheme>&lt;scheme&gt;</a> is <code title="">https:</code> or another scheme intended for encrypted
data transfer, and the resulting <a href=#absolute-url>absolute URL</a> does
not have the <a href=#same-origin>same origin</a> as the manifest's URL,
then jump back to the step labeled "start of line".</p>

<p>Drop the <a href=#url-fragment title=url-fragment>&lt;fragment&gt;</a>
component of the resulting <a href=#absolute-url>absolute URL</a>, if it has
15 index
manifest is automatically cached even if it isn't explicitly
mentioned.</p>

<p class=note>HTTP cache headers and restrictions on caching pages
served over TLS (encrypted, using <code title="">https:</code>) are
overridden by manifests. Thus, pages will not expire from an
application cache before the user agent has updated it, and even
applications served over TLS can be made to work offline.</p>


<h5 id=appcacheevents><span class=secno>6.9.1.1 </span>Event summary</h5>
</dl><p>Manifests may contain sections more than once. Sections may be
empty.</p>

<p>If the manifest's <a href=#url-scheme title=url-scheme>&lt;scheme&gt;</a>
is <code title="">https:</code> or another scheme intended for
encrypted data transfer, then all URLs in <a href=#concept-appcache-manifest-explicit title=concept-appcache-manifest-explicit>explicit sections</a>
must have the <a href=#same-origin>same origin</a> as the manifest itself.</p>

<p>URLs that are to be fallback pages associated with <a href=#concept-appcache-fallback-ns title=concept-appcache-fallback-ns>fallback namespaces</a>, and
those namespaces themselves, must be given in <a href=#concept-appcache-manifest-fallback title=concept-appcache-manifest-fallback>fallback sections</a>,
with the namespace being the first URL of the data line, and the
<a href=#url-scheme title=url-scheme>&lt;scheme&gt;</a> component than
the manifest's URL (compared in an <a href=#ascii-case-insensitive>ASCII
case-insensitive</a> manner), then jump back to the step
labeled "start of line".</p>
labeled "start of line". If the manifest's <a href=#url-scheme title=url-scheme>&lt;scheme&gt;</a> is <code title="">https:</code> or another scheme intended for encrypted
data transfer, and the resulting <a href=#absolute-url>absolute URL</a> does
not have the <a href=#same-origin>same origin</a> as the manifest's URL,
then jump back to the step labeled "start of line".</p>

<p>Drop the <a href=#url-fragment title=url-fragment>&lt;fragment&gt;</a>
component of the resulting <a href=#absolute-url>absolute URL</a>, if it has
18 source
manifest is automatically cached even if it isn't explicitly
mentioned.</p>

<p class="note">HTTP cache headers and restrictions on caching pages
served over TLS (encrypted, using <code title="">https:</code>) are
overridden by manifests. Thus, pages will not expire from an
application cache before the user agent has updated it, and even
applications served over TLS can be made to work offline.</p>


<h5 id="appcacheevents">Event summary</h5>
<p>Manifests may contain sections more than once. Sections may be
empty.</p>

<p>If the manifest's <span title="url-scheme">&lt;scheme&gt;</span>
is <code title="">https:</code> or another scheme intended for
encrypted data transfer, then all URLs in <span
title="concept-appcache-manifest-explicit">explicit sections</span>
must have the <span>same origin</span> as the manifest itself.</p>

<p>URLs that are to be fallback pages associated with <span
title="concept-appcache-fallback-ns">fallback namespaces</span>, and
those namespaces themselves, must be given in <span
<span title="url-scheme">&lt;scheme&gt;</span> component than
the manifest's URL (compared in an <span>ASCII
case-insensitive</span> manner), then jump back to the step
labeled "start of line".</p>
labeled "start of line". If the manifest's <span
title="url-scheme">&lt;scheme&gt;</span> is <code
title="">https:</code> or another scheme intended for encrypted
data transfer, and the resulting <span>absolute URL</span> does
not have the <span>same origin</span> as the manifest's URL,
then jump back to the step labeled "start of line".</p>

<p>Drop the <span title="url-fragment">&lt;fragment&gt;</span>
component of the resulting <span>absolute URL</span>, if it has

0 comments on commit a92f3f2

Please sign in to comment.
You can’t perform that action at this time.