Page 1 of 1
[RESOLVED] "Skipping cross-site checks for OCSP request"?
Posted: Thu Jul 23, 2009 3:45 am
by kukla
I'm wondering why I've just started seeing these entries, which I've never seen before in Console (Mac).
Just updated to 1.9.6.9. Is that related? Is this "expected behavior?"
Re: "Skipping cross-site checks for OCSP request"?
Posted: Thu Jul 23, 2009 7:03 am
by GµårÐïåñ
I believe this is a performance optimization since its a legitimate built-in function of Fx, generating errors on it would be redundant and unnecessary. But maybe Giorgio can explain it better.
Re: "Skipping cross-site checks for OCSP request"?
Posted: Thu Jul 23, 2009 11:22 am
by Giorgio Maone
GµårÐïåñ is correct.
Log spam removed in
latest development builds when not in console-verbose mode.
Re: "Skipping cross-site checks for OCSP request"?
Posted: Thu Jul 23, 2009 11:27 am
by kukla
Thanks Giorgio. Basically, you are saying that Fx (3.5.1) is checking for cross site forgeries on its own, so NS is skipping this because it's already being done now?
Re: "Skipping cross-site checks for OCSP request"?
Posted: Thu Jul 23, 2009 11:45 am
by Giorgio Maone
kukla wrote:Basically, you are saying that Fx (3.5.1) is checking for cross site forgeries on its own, so NS is skipping this because it's already being done now?
Not at all, Fx 3.5.1 doesn't check any CSRF, otherwise why would I have lost my sleep on
ABE?
What's happening here is that some browser-internal requests do not need to be checked, e.g. those sent in background to validate SSL certificates (
OCSP).
Re: "Skipping cross-site checks for OCSP request"?
Posted: Thu Jul 23, 2009 11:59 am
by kukla
Thanks. Just shows how little I know about this stuff. Basically glad to know NS is doing its job
