Bug #208: It seems that same origin policy is not checked (refer to TR-03112-7 v1.1.2 chapter 3.x) - Open eCard - Open eCard Development Center

Actions

Copy link

Bug #208

closed

It seems that same origin policy is not checked (refer to TR-03112-7 v1.1.2 chapter 3.x)

Added by Patrik Schwieger over 11 years ago. Updated over 11 years ago.

Status:

Rejected

Priority:

Normal

Assignee:

Target version:

Start date:

03/27/2013

Due date:

% Done:

Estimated time:

Reviewer:

Build Version:

Description

In case that the eID-Service is called first time with its IP address in URL, but the eID-Service response is with its hostname, the Open eCard is still starting the eID dialog, while the AusweisApp 1.10 is not starting the eID dialog.

It is within the dialog where the eID-Client is activated by sending a HTTP GET to the URL:
http://127.0.0.1:24727/eID-Client?tcTokenURL=URL

It looks like the same origin policy is not checked, thus the Open eCard still processes the dialog.

Related issues

Actions

Copy link

Updated by Detlef Hühnlein over 11 years ago

See also https://dev.openecard.org/issues/190.

Actions

Copy link

Updated by Tobias Wich over 11 years ago

Status changed from New to Rejected

Duplicate of #190

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Open eCard

Bug #208

It seems that same origin policy is not checked (refer to TR-03112-7 v1.1.2 chapter 3.x)

Updated by Detlef Hühnlein over 11 years ago

Updated by Tobias Wich over 11 years ago