This repository has been archived by the owner on Dec 11, 2019. It is now read-only.
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Limit web_accessible_resources to about:flash and about:blank
Fix #4913 Fix #4885 Auditors: @bbondy Test Plan: 1. go to homestarrunner.com and verify that the flash placeholder appears 2. go to http://web.mit.edu/zyan/Public/xframe.html and verify that the iframe is blank 3. open page devtools, load about:preferences, and verify in the Network tab that the `Access-Control-Allow-Origin` response header is not present on about-preferences.html
- Loading branch information
1 parent
4964f0f
commit 186113e
186113eThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Did you need the other fix un-reverted too?
186113eThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
also would be good to have a test for this to ensure that about:preferences can't be displayed but that about:flash can.
186113eThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@bbondy nope, the other fix is not needed
186113eThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
great