Bug Tracker

Opened 12 years ago

Closed 12 years ago

Last modified 10 years ago

#3045 closed bug (fixed)

jsonp cross domain scripting

Reported by: contagion Owned by: flesler
Priority: minor Milestone: 1.3
Component: ajax Version: 1.2.6
Keywords: Cc:
Blocked by: Blocking:

Description

When doing jsonp, jquery will first check if the requesting domain is different from the current one. However, it only check for host but not for protocol. Thus, http://example.com and https://example.com will be consider as a same domain.

Attachments (1)

patch_jquery (812 bytes) - added by contagion 12 years ago.
patch to check for different protocol

Download all attachments as: .zip

Change History (3)

Changed 12 years ago by contagion

Attachment: patch_jquery added

patch to check for different protocol

comment:1 Changed 12 years ago by flesler

need: ReviewCommit
Owner: set to flesler
Status: newassigned

comment:2 Changed 12 years ago by flesler

Priority: majorminor
Resolution: fixed
Status: assignedclosed

Fixed at [5731].

Note: See TracTickets for help on using tickets.