|
|
|
|
|
|
by floil
2959 days ago
|
|
|
In chrome, what's blocked is page-initiated top-level navigations to data URLs (because of spoofing concerns). You can load them in iframes, and you can still do a browser-initiated navigation to them (i.e., type them into the omnibox). They can be used freely as subresources. Http Redirection to data: urls has been blocked in chrome for at least half a decade. There's really no reason to allow that, a server can just as easily return the data as the response body. |
|
|