This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 13229 - The following text from the "Security considerations" part of "11 IANA considerations" is wrong: "An event stream from an origin distinct from the origin of the content consuming the event stream can result in information leakage. To avoid this, user agen
Summary: The following text from the "Security considerations" part of "11 IANA consid...
Status: RESOLVED WORKSFORME
Alias: None
Product: WebAppsWG
Classification: Unclassified
Component: HISTORICAL - Server-Sent Events (editor: Ian Hickson) (show other bugs)
Version: unspecified
Hardware: Other other
: P3 normal
Target Milestone: ---
Assignee: Ian 'Hixie' Hickson
QA Contact: public-webapps-bugzilla
URL: http://www.whatwg.org/specs/web-apps/...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-07-13 00:09 UTC by contributor
Modified: 2011-08-04 22:02 UTC (History)
3 users (show)

See Also:


Attachments

Description contributor 2011-07-13 00:09:44 UTC
Specification: http://dev.w3.org/html5/eventsource/
Multipage: http://www.whatwg.org/C#top
Complete: http://www.whatwg.org/c#top

Comment:
The following text from the "Security considerations" part of "11 IANA
considerations" is wrong:

"An event stream from an origin distinct from the origin of the content
consuming the event stream can result in information leakage. To avoid this,
user agents are required to block all cross-origin loads."

Posted from: 2620:101:8003:200:226:bbff:fe05:3fe1
User agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:8.0a1) Gecko/20110707 Firefox/8.0a1 Firefox/8.0a1
Comment 1 Ian 'Hixie' Hickson 2011-08-04 22:02:58 UTC
already fixed