On Sep 30, 12:44 pm, Denis Vilyuzhanin <[email protected]> wrote: > Thanks, it was surprise for me, that chrome has such policy about > local files.
Scenario: 1. make a request to file:///etc/passwd to grab its content (GET with XMLHttpRequest, or loading it in an iframe) 2. make a cross-site request (XMLHttpRequest with CORS, or simply a <form>, or even a <script>, <img> or <iframe> with the payload given in the query-string) to another server with the content retrieved in step #1 Chrome makes step #1 fail in all cases, contrary to other browsers. -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
