Closed
Bug 1087739
Opened 10 years ago
Closed 9 years ago
Make JS callers of ios.newChannel call ios.newChannel2 in netwerk/
Categories
(Core :: DOM: Security, defect)
Core
DOM: Security
Tracking
()
RESOLVED
FIXED
mozilla37
People
(Reporter: ckerschb, Assigned: ckerschb)
References
Details
Attachments
(1 file)
|
199.07 KB,
patch
|
sworkman
:
review+
tanvi
:
review+
|
Details | Diff | Splinter Review |
No description provided.
|
Assignee | |
Comment 1•10 years ago
|
||
Even though there are some dependencies that haven't cleared yet, we should start getting reviews. Especially for this patch, sine netwerk/ contains the most callsites of ioservice.newChannel which need to be updated. Can you please make sure that we pass the right principal, node, triggeringPrincipal?
Attachment #8525688 -
Flags: review?(tanvi)
Attachment #8525688 -
Flags: review?(jduell.mcbugs)
|
|
Assignee | |
Updated•10 years ago
|
Assignee: nobody → mozilla
Status: NEW → ASSIGNED
|
|
Assignee | |
Comment 2•10 years ago
|
||
Comment on attachment 8525688 [details] [diff] [review] js_12_netwerk.patch Steve volunteered to take a first peek at that monster-patch as well. Probably in the end we still want jduell to look over it since that is all security critical code.
Attachment #8525688 -
Flags: review?(jduell.mcbugs) → review?(sworkman)
|
||
Comment 3•10 years ago
|
||
Comment on attachment 8525688 [details] [diff] [review] js_12_netwerk.patch Review of attachment 8525688 [details] [diff] [review]: ----------------------------------------------------------------- Looks fine to me. r=me. ::: netwerk/test/unit/test_NetUtil.js @@ +12,5 @@ > > Cu.import("resource://gre/modules/NetUtil.jsm"); > Cu.import("resource://gre/modules/Task.jsm"); > Cu.import("resource://gre/modules/Promise.jsm"); > +Cu.import("resource://gre/modules/Services.jsm"); Quick suggestion: add the following to shorten the arg lists: var getSystemPrincipal = Services.scriptSecurityManager.getSystemPrincipal; You should be able to call getSystemPrincipal() directly in the rest of the script now. Not a requirement; use it now or remember it for the future. ::: netwerk/test/unit/test_file_protocol.js @@ +37,5 @@ > function new_file_channel(file) { > var ios = > Cc["@mozilla.org/network/io-service;1"]. > getService(Ci.nsIIOService); > + return ios.newChannelFromURI2(ios.newFileURI(file0, s/file0/file/
Attachment #8525688 -
Flags: review?(sworkman) → review+
|
||
Comment 4•10 years ago
|
||
Comment on attachment 8525688 [details] [diff] [review] js_12_netwerk.patch Looks like these are all tests and they all use: null for aLoadingNode system for aLoadingPrincipal null for aTriggeringPrincipal SEC_NORMAL for the security flags. TYPE_OTHER for content policy type Couple indentation issues here: https://bugzilla.mozilla.org/attachment.cgi?id=8525688&action=diff#a/netwerk/test/unit/test_http2.js_sec3 https://bugzilla.mozilla.org/attachment.cgi?id=8525688&action=diff#a/netwerk/test/unit/test_mismatch_last-modified.js_sec3 For the following data: uris, is SEC_NORMAL the right security flag to use? data: inherits principal (http://mxr.mozilla.org/mozilla-central/source/netwerk/protocol/data/nsDataHandler.cpp#53) so perhaps we should use SEC_FORCE_INHERIT_PRINCIPAL. https://bugzilla.mozilla.org/attachment.cgi?id=8525688&action=diff#a/netwerk/test/unit/test_NetUtil.js_sec6 (in test_asyncFetch_does_not_block()) https://bugzilla.mozilla.org/attachment.cgi?id=8525688&action=diff#a/netwerk/test/unit/test_bug376660.js_sec3
Attachment #8525688 -
Flags: review?(tanvi) → review+
|
|
Assignee | |
Comment 5•9 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/b60d7b975e9d
Target Milestone: --- → mozilla37
https://hg.mozilla.org/mozilla-central/rev/b60d7b975e9d
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•