Status: Untriaged Owner: ---- CC: [email protected], [email protected] Labels: Type-Bug Pri-2 OS-All Area-Extensions Mstone-4
New issue 24492 by [email protected]: XHR does not go through safe browsing http://code.google.com/p/chromium/issues/detail?id=24492 I tested cross-domain XHR to ianfette.org, and it looks like XHR doesn't go through safebrowsing. Attached is a test case. Unzip the directory, go to chrome://extensions, click load unpacked extension, select the directory. A new tab should open that reads "This is a test site" (which is the contents of ianfette.org fetched over XHR). For comparison, navigate to ianfette.org - you should see a warning dialog. According to Ian: "All requests should go through SB, especially since requests can be cross-domain with the Access Control spec (Access-Control-Allow-Origin, http://www.w3.org/TR/access-control/)" According to Paul: "All requests that go through the ResourceDispatcherHost are subject to checking by SafeBrowsing." Not sure what the correct behavior should be here - maybe throw a javascript error? Attachments: XHRSafebrowse.zip 1.9 KB -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~---------~--~----~------------~-------~--~----~ Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs -~----------~----~----~----~------~----~------~--~---
