Project

General

Profile

Actions

Bug #208

closed

It seems that same origin policy is not checked (refer to TR-03112-7 v1.1.2 chapter 3.x)

Added by Patrik Schwieger about 11 years ago. Updated about 11 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Target version:
-
Start date:
03/27/2013
Due date:
% Done:

0%

Estimated time:
Reviewer:
Build Version:

Description

In case that the eID-Service is called first time with its IP address in URL, but the eID-Service response is with its hostname, the Open eCard is still starting the eID dialog, while the AusweisApp 1.10 is not starting the eID dialog.

It is within the dialog where the eID-Client is activated by sending a HTTP GET to the URL:
http://127.0.0.1:24727/eID-Client?tcTokenURL=URL

It looks like the same origin policy is not checked, thus the Open eCard still processes the dialog.


Related issues

Is duplicate of Bug #190: RefreshAddress not checked for same originClosed03/21/2013

Actions
Actions

Also available in: Atom PDF