diff options
| author | abarth@webkit.org <abarth@webkit.org@bbb929c8-8fbe-4397-9dbb-9b2b20218538> | 2011-11-21 02:26:16 +0000 |
|---|---|---|
| committer | abarth@webkit.org <abarth@webkit.org@bbb929c8-8fbe-4397-9dbb-9b2b20218538> | 2011-11-21 02:26:16 +0000 |
| commit | 15cb09edc55560f056e7a2b99494d9fcfcba866e (patch) | |
| tree | da6154d49917fe655a47ab4ed77ca3b425f48099 /third_party/WebKit/LayoutTests/fast/xmlhttprequest/xmlhttprequest-nonexistent-file-expected.txt | |
| parent | dc8e957e97ab08d30c1ce2f4a304c22b36d6a7c6 (diff) | |
| download | chromium_src-15cb09edc55560f056e7a2b99494d9fcfcba866e.zip chromium_src-15cb09edc55560f056e7a2b99494d9fcfcba866e.tar.gz chromium_src-15cb09edc55560f056e7a2b99494d9fcfcba866e.tar.bz2 | |
REGRESSION(r100691): Safari error pages and Growl notifications fail to load stylesheets
https://bugs.webkit.org/show_bug.cgi?id=72836
Reviewed by Sam Weinig.
Source/WebCore:
This patch removes a (minor) security mitigation. Previously, we tried
sequester "directory listings" into unique origins to make it more
difficult for an attacker to crawl the user's local file system.
Unfortunately, this mitigation doesn't really buy us much security
because if the attacker has access to local files, we've probably lost
anyway.
The larger problem, however, is that this condition is overly
complicated and has broken in sublte ways several times in its
(relatively short) lifetime. In the cases reported in this bug, we see
that this check affects error pages in Safari and Growl notifications,
even those have nothing to do with directory listings.
If we have our heart set on this directory listing mitigation, we'll
need a more robust way of triggering the behavior than examining URLs
and guess whether they contain directory listings. For example, if we
implement Allow-From or Access-Control-Deny-Origin, then the embedder
can supply those policies along with the directory listings. Those
seem like much better solutions than the in-engine hack this patch
removes.
* page/SecurityOrigin.cpp:
(WebCore::shouldTreatAsUniqueOrigin):
LayoutTests:
Update test results to show that XMLHttpRequets for directory listings
aren't blocked.
* fast/xmlhttprequest/resources/xmlhttprequest-nonexistent-file-real.html:
* fast/xmlhttprequest/xmlhttprequest-nonexistent-file-expected.txt:
git-svn-id: svn://svn.chromium.org/blink/trunk@100877 bbb929c8-8fbe-4397-9dbb-9b2b20218538
Diffstat (limited to 'third_party/WebKit/LayoutTests/fast/xmlhttprequest/xmlhttprequest-nonexistent-file-expected.txt')
| -rw-r--r-- | third_party/WebKit/LayoutTests/fast/xmlhttprequest/xmlhttprequest-nonexistent-file-expected.txt | 2 |
1 files changed, 0 insertions, 2 deletions
diff --git a/third_party/WebKit/LayoutTests/fast/xmlhttprequest/xmlhttprequest-nonexistent-file-expected.txt b/third_party/WebKit/LayoutTests/fast/xmlhttprequest/xmlhttprequest-nonexistent-file-expected.txt index 7cdbda5..28c03dc 100644 --- a/third_party/WebKit/LayoutTests/fast/xmlhttprequest/xmlhttprequest-nonexistent-file-expected.txt +++ b/third_party/WebKit/LayoutTests/fast/xmlhttprequest/xmlhttprequest-nonexistent-file-expected.txt @@ -1,4 +1,3 @@ -CONSOLE MESSAGE: line 1: XMLHttpRequest cannot load . Cross origin requests are only supported for HTTP. Bug 22475: REGRESSION: Async XMLHttpRequest never finishes on nonexistent files anymore @@ -12,5 +11,4 @@ Error handler: readyState = 4 Doing an XHR to a directory. ReadyState handler: readyState = 1 ReadyState handler: readyState = 4 -Error handler: readyState = 4 |