This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
Back to bug 16248
Who | When | What | Removed | Added |
---|---|---|---|---|
ian | 2012-07-18 18:39:37 UTC | Component | other Hixie drafts (editor: Ian Hickson) | HTML |
Product | HTML WG | WHATWG | ||
QA Contact | public-html-bugzilla | contributor | ||
ian | 2012-07-26 23:35:36 UTC | Status | NEW | ASSIGNED |
CC | ian | |||
Summary | "all content using the http+aes scheme on the same host (and same port) shares the same origin and can therefore leak the keys" - unless there's a use case for supporting this, it seems more robust to make http(s)+aes never be same-origin | Make http+aes: content forced unique-origin | ||
ian | 2012-10-05 22:41:44 UTC | Status | ASSIGNED | RESOLVED |
Resolution | --- | WONTFIX |
Back to bug 16248