Hey everyone, we are in the process of changing the handling of data: URLs to which user agents navigate. Rather than inheriting the origin of the settings object responsible for the navigation, they will be treated as unique, opaque origins. In other words that means that data: URLs loaded inside an iframe are not same-origin with their including context anymore. (Other browsers are already doing that). Overall progress of the project will be tracked here [1].
Important when adding new tests: At the moment we are updating our test suite to align with this new security inheritance model. Please do *not* add new tests that rely on the old security inheritance model. If in doubt, please flip the pref security.data_uri.inherit_security_context [2] to make sure your test succeeds before landing on inbound. Cheers, Christoph [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1324406 <https://bugzilla.mozilla.org/show_bug.cgi?id=1324406> - Treat 'data:' documents as unique, opaque origins [2] https://hg.mozilla.org/mozilla-central/rev/c11fe7c58837#l1.14 <https://hg.mozilla.org/mozilla-central/rev/c11fe7c58837#l1.14> _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
