-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi all, I've a question about HTTP redirection behavior. During this period of testing I'm noting that redirection, sometimes useless (i.e. domain.xyz -> www.domain.xyz), is very common. Currently, before redirection, extension treats the request according its settings. However I don't find this behavior correct. If user opens (or whitelists) an URL in the current VM, he/she considers URL's resources as good ones. So if user follows redirection requested by the server, there aren't any other risks. Because the risks actually comes only from the whitelisted resources.
So I think that redirection should be allowable, what do you think about this policy? Best, Raffaele. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJZzS3dAAoJEI08Rvun9XHuvUoP/0zmgrNWHsHc8n7I1JGfDeKP 4sHTuHkArAjPqBMubkNpmFkidDpY53McNFrvBrHWRMCZSvbbP/Ztfoe1eizpnHqw DfBAvu1oEMFYGJrBh1+QM/EXqEBkV32EwphSMdJkIK0oq3BV17BpOYL3TtWGuy1B RVt37rwWs0OE8fvWfCA+2q6RkbeGt4jMnCMxs/PW85XvH8idIyXSqnr4dapoGcMT CyKhYrOfDW1Zg42CilQitD4RCYOOxgDJ3ut+uy434eKYTcfW80YuG842hzzgIOdk 23v+A0c6OjGCbOieAnimMuoTX3k1uHJkf2UOXSEmiRa936VybrXWzT3z2jPJebRJ +4/J2lOn9II6j5nlD/col8Eg4EsSY0Q3GhlRNfB2DDjiZAzQcIxeZ9XfjiLqBuIT M3hKy9JGxzpPvW2d7duPmezYQBkwRtJOBwKDY/2Q5Otn+qdulPuIB1ygrZVOTnkA C/eDaItDkB5pm0q9NREEFPvHCVn3o48qAImSDwod7D9BsOwMwIvz0FE3/icAhs3a ePs1+RF3PVimrKmLMGK5eED9A6GAzWCWwqthy0boRiZEJpurI+8wDmZO4NuQUhJi +kgQZbwUvTg52GJPrg54ufEDAHRXue1UmUGCU6QznvSU0icEtXZXkm2wZEkdxRAv ddK3UCHqnAWNjaZSfKoH =yjcf -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/oZNdd-QGo8luo6lV0p6zlAalFBjrkaLQ5OlvU4tzgWEic-aVkhpwYtZKiAs6nEC2ETXjxNQDtnchnMEwdSe-2Zz1OM-QcFlqh4RWvJO7irA%3D%40protonmail.com. For more options, visit https://groups.google.com/d/optout.
