This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 25091 - [imports]: Want to be used with data: URL scheme
Summary: [imports]: Want to be used with data: URL scheme
Status: RESOLVED INVALID
Alias: None
Product: WebAppsWG
Classification: Unclassified
Component: HISTORICAL - Component Model (show other bugs)
Version: unspecified
Hardware: PC Linux
: P2 normal
Target Milestone: ---
Assignee: Dimitri Glazkov
QA Contact: public-webapps-bugzilla
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: 20683
  Show dependency treegraph
 
Reported: 2014-03-18 15:47 UTC by Morrita Hajime
Modified: 2015-04-17 16:35 UTC (History)
5 users (show)

See Also:


Attachments

Description Morrita Hajime 2014-03-18 15:47:47 UTC
Currently we cannot use (or aren't clear if we can use) data: URL.
This is because the origin of data: URL isn't clearly defined.
In Blink/WebKit, I believe it has its own origin. 

And AFAIK there is no way to do CORS request against data: URL.
Comment 1 Anne 2014-03-18 15:55:36 UTC
Yes there is. Per http://fetch.spec.whatwg.org/ a data URL will return a response that isn't tainted.

It might take some time for everyone to get on board with this architecture but given service workers I think this is the way to go.
Comment 2 Morrita Hajime 2014-03-18 17:07:31 UTC
(In reply to Anne from comment #1)
> Yes there is. Per http://fetch.spec.whatwg.org/ a data URL will return a
> response that isn't tainted.
> 
> It might take some time for everyone to get on board with this architecture
> but given service workers I think this is the way to go.

Thanks for the feedback Anne!

So based on the spec, it seems data:// URL should return the response.
because it doesn't set response tainting mode and the basic fetch algorithm
doesn't see CORS related flags for data: url.

That means the imports spec doesn't have to take care of it.
Comment 3 Dimitri Glazkov 2015-04-17 14:43:09 UTC
Philip mentioned something on https://code.google.com/p/chromium/issues/detail?id=350741 about re-opening this bug.
Comment 4 Philip Jägenstedt 2015-04-17 16:35:14 UTC
Oh, that was poorly phrased, my guess was that the Chromium bug ought to be re-opened. In any event, the spec and Blink now seem to disagree, so I think one of the bugs ought to be re-opened.