On Thu, May 28, 2009 at 12:05 PM, Dmitry Titov <dim...@chromium.org> wrote: > Returning to the the narrower original question, what should we do with > redirects during worker loads? > - should we abort load if any URL in the redirect chain is from different > origin?
Yes. > - should we only abort load if the final URL is from different origin? No. This is dangerous. > - if the same site redirects between schemas (http->https, http->data etc) > does this abort loading too? Yes. These are different origins. > - which URL is used to compute the script's origin and/or base URL in case > of redirects? The final URL, just like for HTML documents. > The simplest solution is to just abort loading if origin deviates in any > part from parent context's, and use the final URL to compute origin (should > be the same) and base URLs. I agree. Adam