Skip to content
This repository has been archived by the owner on Dec 11, 2019. It is now read-only.

use main frame url for webrequest first party url #4145

Merged
merged 1 commit into from
Sep 27, 2016
Merged

Conversation

diracdeltas
Copy link
Member

@diracdeltas diracdeltas commented Sep 21, 2016

  • Submitted a ticket for my issue if one did not already exist.
  • Used Github auto-closing keywords in the commit message.
  • Added/updated tests for this change (for new code or code which already has tests).
  • Ran git rebase -i to squash commits (if needed).

Test Plan: covered by automated test
fix #4137
fix #4300

auditors: @bridiver

@bbondy bbondy added this to the 0.12.3dev milestone Sep 24, 2016
@bridiver
Copy link
Collaborator

this looks good, but can we add some tests for it? The changes look right, but it's hard to know for sure without either automated or manual testing

adds a test which fails on master (shows 0 blocked elements instead of 23)

fix #4137

auditors: @bridiver
@diracdeltas
Copy link
Member Author

@bridiver thanks, i have rebased and added a test which fails on master but works with this PR. the problem appears to be that firstPartyUrl in an cross-origin iframe is data: instead of the main frame URL, which is consistent with https://tools.ietf.org/html/draft-west-first-party-cookies-07#section-2.1.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

HTTPS count shown even when its disabled unsafe use of firstPartyUrl
6 participants