Closed Bug 1082924 Opened 10 years ago Closed 10 years ago

Add nsIContentPolicy::TYPE_FETCH

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla36

People

(Reporter: nsm, Assigned: nsm)

References

Details

(Keywords: dev-doc-complete)

Attachments

(1 file, 1 obsolete file)

Add CSP type for fetch API
6.15 KB, patch
tanvi
: review+
baku
: review+
Details | Diff | Splinter Review
The fetch specification[1] uses it for fetching Requests created by content code. Behaviour is similar to XHR in being restricted by CSP directive connect-src. [1]: https://fetch.spec.whatwg.org
Assignee: nobody → nsm.nikhil
Status: NEW → ASSIGNED
Comment on attachment 8505111 [details] [diff] [review] Add CSP type for fetch API Tanvi for content/ Andrea for dom/fetch oneliner.
Attachment #8505111 - Flags: review?(tanvi)
Attachment #8505111 - Flags: review?(amarchesini)
Comment on attachment 8505111 [details] [diff] [review] Add CSP type for fetch API Review of attachment 8505111 [details] [diff] [review]: ----------------------------------------------------------------- I'm not familiar with nsIContentPolicy.
Attachment #8505111 - Flags: review?(amarchesini)
Tanvi, so I can only really test the TYPE_FETCH in the fetch specification tests (Bug dom-fetch-api) since fetch() is the only user of the type. I will add tests there in the patches that add CSP support (not up yet) and mark you for review there. Does that sound good?
https://mxr.mozilla.org/mozilla-central/source/content/base/src/nsDataDocumentContentPolicy.cpp#118 should probably use a whitelist instead of a blacklist. I'll file a bug for that. For now, please add TYPE_FETCH to the blacklist.
(In reply to Nikhil Marathe [:nsm] (needinfo? please) from comment #5) > Tanvi, so I can only really test the TYPE_FETCH in the fetch specification > tests (Bug dom-fetch-api) since fetch() is the only user of the type. I will > add tests there in the patches that add CSP support (not up yet) and mark > you for review there. Does that sound good? That sounds good.
With check added to nsData...
Attachment #8506617 - Flags: review?(tanvi)
Comment on attachment 8506617 [details] [diff] [review] Add CSP type for fetch API Andrea, the review isn't for the CSP, but for setting Request::mContext in GetRequestConstructorCopy as defined by the fetch spec in Request constructor step 3.
Attachment #8506617 - Flags: review?(amarchesini)
Attachment #8506617 - Flags: review?(amarchesini) → review+
Comment on attachment 8506617 [details] [diff] [review] Add CSP type for fetch API Please be sure to add a csp test for TYPE_FETCH in bug dom-fetch-api. Thanks!
Attachment #8506617 - Flags: review?(tanvi) → review+
https://hg.mozilla.org/mozilla-central/rev/ac4bf4d89545
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla36
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: