In the specification, we previously reused the same algorithm to check whether shared storage is allowed by context both in the case of access via script and access via HTTP response headers. This algorithm does two opaqueness checks, one for the environment's origin, and the other for the separate origin input parameter.
In the case of shared storage access via HTTP response headers, however, we shouldn't be checking the environment's origin. We need only check the request origin. So in this pull request we add a modified version of the algorithm for checking if shared storage is allowed by context to be used for the HTTP response header scenario.
…header
In the specification, we previously reused the same algorithm to check whether shared storage is allowed by context both in the case of access via script and access via HTTP response headers. This algorithm does two opaqueness checks, one for the environment's origin, and the other for the separate origin input parameter.
In the case of shared storage access via HTTP response headers, however, we shouldn't be checking the environment's origin. We need only check the request origin. So in this pull request we add a modified version of the algorithm for checking if shared storage is allowed by context to be used for the HTTP response header scenario.
Preview | Diff