This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 24375 - Explain why redirects are atomic
Summary: Explain why redirects are atomic
Status: RESOLVED FIXED
Alias: None
Product: WHATWG
Classification: Unclassified
Component: Fetch (show other bugs)
Version: unspecified
Hardware: PC All
: P2 normal
Target Milestone: Unsorted
Assignee: Anne
QA Contact: sideshowbarker+fetchspec
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-01-23 19:25 UTC by Anne
Modified: 2014-05-19 12:39 UTC (History)
1 user (show)

See Also:


Attachments

Description Anne 2014-01-23 19:25:33 UTC
If we expose redirects a same-origin request with a httponly cookie that redirects with some credentials to a cross-origin URL could be exposed and would make existing services less secure.

Jonas Sicking brought this up 23 Jan 2014. Apparently this was a problem when Gecko did not return a network error from XMLHttpRequest for that scenario but instead returned the redirect response.