-
Notifications
You must be signed in to change notification settings - Fork 337
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
By-and-large browsers treat data URLs as same-origin, though there are some inconsistencies. This change will treat all data URLs, regardless of origin, as same-origin from the perspective of Fetch. HTML already assigns a unique opague origin to documents created from a data URL and the plan of record is to do so for dedicated workers too. HTML will likely also forbid shared workers to be created from data URLs. See whatwg/html#1782 for the proposed changes to HTML. (This has not landed yet, if that PR is tweaked further the note added here might need some tweaks.) Service workers already prevent anything but HTTP(S) URLs from creating them. Fixes #381.
- Loading branch information
Showing
2 changed files
with
23 additions
and
21 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters