New issue
Advanced search Search tips
Starred by 6 users

Issue metadata

Status: Started
Owner:
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 1
Type: Task
Launch-M-Approved: 60-Stable
Launch-M-Target: 59-Beta , 59-Stable , 60-Dev , 60-Beta , 60-Stable

Blocking:
issue 876670
issue 490015



Sign in to add a comment

Temporarily Remove: Navigator.sendBeacon() with a Blob whose type is not a CORS-safelisted value for the data argument

Project Member Reported by tyoshino@chromium.org, May 10 2017

Issue description

Change description:
The security issue described in  bug 490015  must be fixed, but we don't have any reasonable immediate fix for it. So, temporarily disable the feature by prioritizing fixing the security issue.

Changes to API surface:
Make Navigator.sendBeacon() throw when called with a Blob whose type is not a CORS-safelisted value for the data argument.

Links:
The original entry about the security issue:  bug 490015 

Support in other browsers:
Internet Explorer: ?
Firefox: Supported
Safari: ?

 
See bug 724929 for tracking the progress for reviving the feature.
Components: Blink>Network
Labels: Launch-M-Approved-60-Stable Launch-M-Target-59-Beta Launch-M-Target-59-Stable Launch-M-Target-60-Dev Launch-M-Target-60-Beta Launch-M-Target-60-Stable
Status: Started (was: Assigned)
In M60 and merged to M59.

Comment 4 by owe...@chromium.org, Sep 12 2017

Labels: migrated-launch-owp Type-Task
This issue has been automatically relabelled type=task because type=launch-owp issues are now officially deprecated. The deprecation is because they were creating confusion about how to get launch approvals, which should be instead done via type=launch issues.

We recommend this issue be used for implementation tracking (for public visibility), but if you already have an issue for that, you may mark this as duplicate.

For more details see here: https://docs.google.com/document/d/1JA6RohjtZQc26bTrGoIE_bSXGXUDQz8vc6G0n_sZJ2o/edit

For any questions, please contact owencm, sshruthi, larforge
Owner: yhirano@chromium.org
Reassigning to yhirano@.
Labels: Hotlist-Interop
Blocking: 876670

Sign in to add a comment