Microsoft shrugs off report that Edge can expose user identities from JS Fetch requests
La la la nothing to patch here la la la
Updated An independent researcher claims to have uncovered a security flaw in Microsoft Edge.
fetch() request in a webpage that will redirect to a URL containing the visitor's username (e.g. requesting https://facebook.com/me will pull in https://facebook.com/username).
Zelivansky alerted Microsoft but the software giant said the issue was not a security problem. El Reg also prodded Redmond only to be told the tech giant had nothing to add beyond its response to Zelivansky.
The researcher went public with his findings and tipped off The Reg earlier this month after Redmond decided the issue didn't merit a security fix. The privacy shortcoming has spawned a discussion thread on Reddit. ®
Updated to add
Despite Microsoft's silence, it turns out the Windows giant has decided to assign an engineer to look into the matter – but it is still not being treated as a security vulnerability.
Sponsored: Becoming a Pragmatic Security Leader