RESOLVED FIXED 16176
Incorrect cross-domain errors when document.domain properly set 
https://bugs.webkit.org/show_bug.cgi?id=16176
Summary Incorrect cross-domain errors when document.domain properly set
Andy Maag
Reported 2007-11-28 12:57:09 PST
Safari 3.0.4 seems to have introduced behavior that causes cross-domain error checking to be overly strict and not obey the same origin rule as other browsers do. We have boiled this test case down to a simple example that works on other browsers, worked in Safari 3.0.3, but fails on 3.0.4 (Windows and Mac). I will try attaching the test case to this ticket. The workaround posed in the testcase does not seem to work in all cases for us, so this is a critical issue, especially because it occurs on the Mac where Safari 3.0.4 is not in Beta.
Attachments
Test case for reproducing error (1.65 KB, application/zip)
2007-11-28 12:58 PST, Andy Maag 		no flags
Details
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Andy Maag
Comment 1 2007-11-28 12:58:36 PST
Created attachment 17578 [details] Test case for reproducing error
Mark Rowe (bdash)
Comment 2 2007-11-28 21:19:20 PST
<rdar://problem/5619274>
Brian Nahas
Comment 3 2007-11-29 08:24:50 PST
We tried out the nightly build from 11/28/07 (Webkit-r28063) on Windows XP and OS X 10.4.11 and most of the issues related to this problem appear to have already been resolved. The test case attached to this ticket no longer causes any problems in Webkit-r28063. However, this issue still exists in some cases. I don't have a standalone test case at this time, however you can reproduce the issue by attempting to submit a review on a product at burpee.com. In Webkit-r28063, you'll see that uploading photos with your review at burpee.com does not work and the JavaScript console will have the usual error about cross-frame scripting from different sources.
Brian Nahas
Comment 4 2007-11-29 13:17:58 PST
We think we narrowed down which build fixed some of the issues. Webkit nightly build 26801 seems to be the first nightly build since Safari 3.0.4 where some of the issues are resolved. [26780] seemed to be the relevant changeset. As I mentioned earlier, these changes didn't resolve all of the issues.
Sam Weinig
Comment 5 2007-11-29 13:53:23 PST
Comment on attachment 17578 [details] Test case for reproducing error Obsoleting the attachment as it no longer shows the issue.
Andy Maag
Comment 6 2007-12-04 13:10:32 PST
The latest nightly build as of 11/4/2007 appears to fix the issues we were having with cross-domain errors. When will it be possible to have this fix released to production?
Mark Rowe (bdash)
Comment 7 2007-12-04 13:13:00 PST
Releases are based on Apple's schedule, and we don't comment about the schedule for future releases. Since you mention that this issue is fixed in the latest nightly builds, can we go ahead and mark this bug as fixed?
Andy Maag
Comment 8 2007-12-04 13:29:07 PST
(In reply to comment #7) > ...Since you mention that this issue is fixed in the latest > nightly builds, can we go ahead and mark this bug as fixed? > I'm assuming nightly builds run with the same permission checking as official builds? If so, then yes, this can be marked as fixed and we can open new issues if we discover anything else.
Mark Rowe (bdash)
Comment 9 2007-12-04 13:30:38 PST
Yes, that is the case. Thanks for the bug report!
Note You need to log in before you can comment on or make changes to this bug.