Restrict usage of synchronous XMLHttpRequest by feature policy

Issue #16194090 • Assigned to Travis L.

Details

Author
undefined u.
Created
Mar 2, 2018
Privacy
This issue is public.
Reports
Reported by 1 person

Sign in to watch or report this issue.

Steps to reproduce

XMLHttpRequest objects can have their behavior controlled by feature policy
(https://github.com/whatwg/xhr/pull/177, not merged yet)

If the policy in the active document disallows the ‘sync-xhr’ feature, then calling .send() on the XMLHttpRequest object should throw a NetworkError (and ideally log a message to the developer console)

Demo: https://xhr.featurepolicy.rocks/
GitHub issue: https://github.com/whatwg/xhr/issues/178
Web Platform Tests: https://wpt.fyi/xhr/xmlhttprequest-sync-default-feature-policy.sub.html

(I didn’t see feature policy itself on the features roadmap, so I posted https://wpdev.uservoice.com/forums/257854-microsoft-edge-developer/suggestions/33507907-support-feature-policy)

Attachments

0 attachments

    Comments and activity

    • Microsoft Edge Team

      Changed Assigned To to “Steven K.”

      Changed Assigned To to “Travis L.”

    You need to sign in to your Microsoft account to add a comment.

    Sign in