NEW31425
file:// documents should not be able to open WebSocket connections 
https://bugs.webkit.org/show_bug.cgi?id=31425
Summary file:// documents should not be able to open WebSocket connections
Alexey Proskuryakov
Reported 2009-11-12 11:39:38 PST
XMLHttpRequest is now forbidden from local files, and WebSocket should be, too.
Attachments
Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2009-12-04 11:23:49 PST
<rdar://problem/7444841>
Alexey Proskuryakov
Comment 2 2009-12-08 11:05:40 PST
It's not true that XHR is forbidden - it just becomes cross-origin. So, WebSocket behavior matches current XHR behavior.
Joe Andrieu
Comment 3 2011-03-13 00:39:44 PST
XHR is not necessarily cross-origin from a file. It could be accessing another file URL or localhost or a non-standard scheme like data: or javascript (which may or may not have a parsable origin encoded in the URL).
Adam Barth
Comment 4 2011-03-13 00:52:07 PST
We support a number of different policies for the security origin of file URLs, including treating every file URL as a different origin (which is the most secure option).
Note You need to log in before you can comment on or make changes to this bug.