Closed
Bug 1087737
Opened 11 years ago
Closed 10 years ago
Make JS callers of ios.newChannel call ios.newChannel2 in mobile/
Categories
(Core :: DOM: Security, defect)
Core
DOM: Security
Tracking
()
RESOLVED
FIXED
mozilla37
People
(Reporter: ckerschb, Assigned: ckerschb)
References
Details
Attachments
(1 file, 2 obsolete files)
|
6.85 KB,
patch
|
ckerschb
:
review+
|
Details | Diff | Splinter Review |
No description provided.
|
Assignee | |
Comment 1•10 years ago
|
||
And there are more to come where we have to make sure we pass the right arguments
Attachment #8538864 -
Flags: feedback?(tanvi)
|
|
Assignee | |
Updated•10 years ago
|
Assignee: nobody → mozilla
Status: NEW → ASSIGNED
|
|
Assignee | |
Comment 2•10 years ago
|
||
Wesley, in Bug 1038756 we started attaching a loadInfo to every channel whenever the channel gets created through NS_NewChannel in nsNetUtil.h. Now we are expanding the loadInfo attachment to also include channels that get created within JS to ultimately end up having a loadInfo on every channel. Please find a description of all the required arguments to create a channel here [1] or alternatively here [2].
In the attached patch we tried to pass the right arguments to newChannel() to the best of our knowledge. It's quite complicated to provide the most accurate arguments (node, principal, contentType, etc.) because we are not experts within mobile/ code. Probably we have to change some more function signatures to pass the correct principal/node around so we finally end up having the right arguments in the function that finally creates the channel.
Please take a look at the patch. Since this is security critical code please look closely and let us know if we need additional reviewers/help for certain sub components/files.
[1] http://mxr.mozilla.org/mozilla-central/source/netwerk/base/public/nsNetUtil.h#209
[2] http://mxr.mozilla.org/mozilla-central/source/netwerk/base/public/nsIIOService.idl#73
Attachment #8538864 -
Attachment is obsolete: true
Attachment #8538864 -
Flags: feedback?(tanvi)
Attachment #8540867 -
Flags: review?(wjohnston)
|
||
Comment 3•10 years ago
|
||
Comment on attachment 8540867 [details] [diff] [review]
js_10_mobile.patch
Review of attachment 8540867 [details] [diff] [review]:
-----------------------------------------------------------------
::: mobile/android/chrome/content/CastingApps.js
@@ +301,5 @@
>
> + _getContentTypeForURI: function(aURI, aElement, aCallback) {
> + let channel = Services.io.newChannelFromURI2(aURI,
> + aElement,
> + null, // aLoadingPrincipal
I assume this is guessed from the element? The docs don't make that clear to me (same for triggering principal, although triggering principal notes that it could be left out).
@@ +315,5 @@
> case 303:
> request.cancel(0);
> let location = channel.getResponseHeader("Location");
> + CastingApps._getContentTypeForURI(
> + CastingApps.makeURI(location), aElement, aCallback);
Don't wrap this. We don't use 80 line in mobile/ directories.
Attachment #8540867 -
Flags: review?(wjohnston) → review+
|
|
Assignee | |
Comment 4•10 years ago
|
||
(In reply to Wesley Johnston (:wesj) from comment #3)
> > + let channel = Services.io.newChannelFromURI2(aURI,
> > + aElement,
> > + null, // aLoadingPrincipal
>
> I assume this is guessed from the element? The docs don't make that clear to
> me (same for triggering principal, although triggering principal notes that
> it could be left out).
Yes, that is correct, you you pass an element/node - then we query the principal from that element/node.
Carrying over r+ from wesj.
Attachment #8540867 -
Attachment is obsolete: true
Attachment #8544809 -
Flags: review+
|
|
Assignee | |
Comment 5•10 years ago
|
||
Target Milestone: --- → mozilla37
|
||
Comment 6•10 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•