1370788 - Move XFO out of nsDSURIContentListener.cpp into dom/security

Status: RESOLVED FIXED

(Core :: DOM: Security, enhancement, P2)

Comment 1

[:Atoll]

Context for those following along at home:

(In reply to Christoph Kerschbaumer [:ckerschb] from bug 1024557 comment #22)
> Created attachment 8875196 [details] [diff] [review]
> bug_1024557_ignore_x-frame-options.patch

> b) I filed Bug 1370788 to move XFO out of nsDSURIContentListener.cpp and
> into dom/security. That's where XFO belongs in my opinion. Further we should
> use the same implementation for XFO and frame-ancestors in the end, but
> that's yet a different bug.

Comment 2

[Christoph Kerschbaumer [:ckerschb]]

Attachment: bug_1370788_move_xfo_into_dom_security.patch

Hey Smaug, as discussed on IRC, I think XFO belongs into dom/security. Within this patch I am not changing any behavior, just removing the XFO code from nsDSURIContentListener.cpp and put it into FramingChecker.

Notes:
* Need to make FramingChecker a friend of nsDocShell because of GetHttpChannel().
* https://treeherder.mozilla.org/#/jobs?repo=try&revision=799747324c498e17e2f52667af875eb225494df2

Comment 3

[Christoph Kerschbaumer [:ckerschb]]

Additional note: mostly I moving the code over to dom/security because ultimately XFO and our implementation for frame-ancestors should use the same implementation. No need for having two implementations doing the same thing.

Comment 4

[Pulsebot]

Pushed by mozilla@christophkerschbaumer.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/f55086b153eb
Move XFO out of nsDSURIContentListener.cpp into dom/security. r=smaug

Comment 5

[Carsten Book [:Tomcat]]

https://hg.mozilla.org/mozilla-central/rev/f55086b153eb