Really glad to hear that this is getting close - thanks for working on this stuff!
On Wed, Apr 5, 2017 at 1:59 AM, Christoph Kerschbaumer < christ...@christophkerschbaumer.com> wrote: > Hey everyone, > > we are in the process of changing the handling of data: URLs to which user > agents navigate. Rather than inheriting the origin of the settings object > responsible for the navigation, they will be treated as unique, opaque > origins. In other words that means that data: URLs loaded inside an iframe > are not same-origin with their including context anymore. (Other browsers > are already doing that). Overall progress of the project will be tracked > here [1]. > > Important when adding new tests: > At the moment we are updating our test suite to align with this new > security inheritance model. Please do *not* add new tests that rely on the > old security inheritance model. If in doubt, please flip the pref > security.data_uri.inherit_security_context [2] to make sure your test > succeeds before landing on inbound. > > Cheers, > Christoph > > [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1324406 < > https://bugzilla.mozilla.org/show_bug.cgi?id=1324406> - Treat 'data:' > documents as unique, opaque origins > [2] https://hg.mozilla.org/mozilla-central/rev/c11fe7c58837#l1.14 < > https://hg.mozilla.org/mozilla-central/rev/c11fe7c58837#l1.14> > > _______________________________________________ > dev-platform mailing list > dev-platform@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-platform > _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
