fix: allow accessing file:// when web security is disabled#28489
fix: allow accessing file:// when web security is disabled#28489
Conversation
|
|
||
| describe('disablewebsecurity attribute', () => { | ||
| it('does not disable web security when not set', async () => { | ||
| const jqueryPath = path.join(__dirname, '/static/jquery-2.0.3.min.js'); |
There was a problem hiding this comment.
Can we delete jquery-2.0.3.min.js from our tests now?
There was a problem hiding this comment.
There are still a few places using it, but I think we should be able to rework those places to remove this file.
zcbenz
force-pushed
the
fix-request-file-protocol
branch
from
39c4c2b to
247c4c8
Compare
|
Release Notes Persisted
|
|
I was unable to backport this PR to "12-x-y" cleanly; |
|
I was unable to backport this PR to "11-x-y" cleanly; |
|
I have automatically backported this PR to "13-x-y", please check out #28557 |
|
It looks like this PR also fixed #28572! 🙌 Was that an intentional side-effect of this change? Would it make sense to add more tests to ensure the SharedWorker behavior specifically does not regress? |
| // Workers are not allowed to request file:// URLs, there is no particular | ||
| // reason for it, and we could consider supporting it in future. |
There was a problem hiding this comment.
This comment makes me wonder if the fix for SharedWorkers was unintentional 😛
4 participants
Description of Change
Subresource
file://requests should be explicitly allowed when web security is disabled, closes #23757.This PR also rewrites webview web security tests, since they were passing even though
file://requests were actually failing.Checklist
npm testpassesRelease Notes
Notes: Fix failing to request file:// resources when web security is disabled.