Actions
Bug #208
closedIt seems that same origin policy is not checked (refer to TR-03112-7 v1.1.2 chapter 3.x)
Status:
Rejected
Priority:
Normal
Assignee:
-
Target version:
-
Start date:
03/27/2013
Due date:
% Done:
0%
Estimated time:
Reviewer:
Build Version:
Description
In case that the eID-Service is called first time with its IP address in URL, but the eID-Service response is with its hostname, the Open eCard is still starting the eID dialog, while the AusweisApp 1.10 is not starting the eID dialog.
It is within the dialog where the eID-Client is activated by sending a HTTP GET to the URL:
http://127.0.0.1:24727/eID-Client?tcTokenURL=URL
It looks like the same origin policy is not checked, thus the Open eCard still processes the dialog.
Related issues
Actions