Bug Tracker

#3045 closed bug (fixed)

Opened June 16, 2008 07:26AM UTC

Closed June 17, 2008 08:32PM UTC

Last modified January 05, 2010 10:56AM UTC

jsonp cross domain scripting

Reported by: contagion Owned by: flesler
Priority: minor Milestone: 1.3
Component: ajax Version: 1.2.6
Keywords: Cc:
Blocked by: Blocking:
Description

When doing jsonp, jquery will first check if the requesting domain is different from the current one. However, it only check for host but not for protocol. Thus, http://example.com and https://example.com will be consider as a same domain.

Attachments (1)
  • patch_jquery (0.8 KB) - added by contagion June 16, 2008 07:27AM UTC.

    patch to check for different protocol

Change History (2)

Changed June 17, 2008 08:32PM UTC by flesler comment:1

need: ReviewCommit
owner: → flesler
status: newassigned

Changed June 17, 2008 08:32PM UTC by flesler comment:2

priority: majorminor
resolution: → fixed
status: assignedclosed

Fixed at [5731].