Fix policy container construction for blobs #6895
Conversation
|
I noticed we also have
which is also wrong as the policy should come from the blob URL entry directly (otherwise it could have been modified). And I think another reason it's wrong is that the blob URL entry might have been revoked at that point in time, so we need to have it stored on response somehow, probably as part of https://fetch.spec.whatwg.org/#scheme-fetch. Either through serializing the policies as headers (but I suspect that won't work for all policies) or just having a field there specifically for blob responses. Thoughts? |
IIUC you are saying that a script might first create a blob URL entry and then change referrer policy of the page. For consistency, the blob URL should be loaded with the snapshot of the policy container prior to the referrer policy change. I agree. But that requires a change to the File API spec in order to store the policy container somewhere.
I hadn't realized that. Is there an asynchronous step going on there somewhere? Otherwise there shouldn't be a problem, right? If so, another way of fixing this could be to load the policy container from the blob URL entry in html before performing the fetch. It's not optimal either, but it avoids having to store the policy container somewhere on the response and the integration with fetch. |
|
Here's a summary of the theoretical model:
(And starting at 3/4 someone could revoke the blob URL; this wouldn't delete the blob URL entry, but would make lookup through the blob URL store impossible.) I think you are correct that navigate could hold onto it as well. Neither is particularly attractive, but that's |
This fixes the construction of policy container for responses coming from blob URLs. Because of a wrong ordering, the policy container retrieved from the blob URL store was being replaced by the initiator policy container. This is not the behaviour we wanted to have though.
/origin.html ( diff )