Chrome should allow redirects to data: URLs |
||||||
Issue description
Chrome Version : 65.0.3325.162
URLs (if applicable) :
Other browsers tested:
Add OK or FAIL, along with the version, after other browsers where you
have tested this issue:
Safari: OK
Firefox: OK
Edge: ?
What steps will reproduce the problem?
(1) Navigate to https://hail-industry.glitch.me/
What is the expected result?
You should be redirected to the WHATWG SVG displayed (from a data URL)
What happens instead?
Chrome blocks the redirect saying it is an unsafe redirect, and does not follow-through with the redirect.
Currently, Safari and Firefox allow redirecting to data: URLs, and so do the HTML/Fetch specifications. If Chrome has decided to disallow this for security reasons, perhaps we should open up an issue on the HTML spec re-evaluating the process-a-navigate-fetch [1]
[1]: https://html.spec.whatwg.org/multipage/browsing-the-web.html#process-a-navigate-fetch
,
Mar 28 2018
,
Mar 28 2018
Able to reproduce the issue on Windows 10, Debian Rodete and Mac 10.13.3 with chrome stable #65.0.3325.181, Beta #66.0.3359.45, Dev #67.0.3381.1, Canary # 67.0.3381.1 and also in earlier version M60-#60.0.3072.0 This is a non-regression issue, hence marking it as untriaged
,
Mar 29 2018
,
Mar 29 2018
I think blocking redirects to data URLs was intentional. nick@ or tsepez@, can you confirm?
,
Mar 29 2018
I think there's some more context in issue 272072 , but yes, AFAIK redirects to data URLs are blocked intentionally (see DataProtocolHandler::IsSafeRedirectTarget), and the only case I know of where it's allowed is with extensions via webRequest API.
,
Mar 30 2018
Marking this as a duplicate of Issue 527326. If we want, we can continue discussion there, I did not see this open issue. alexmos@ thanks for the other link too :) |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by domfarolino@gmail.com
, Mar 27 2018