Open
Bug 1132784
Opened 9 years ago
Updated 2 years ago
Pass the right Principal to LoadInfo for downloads
Categories
(Core :: DOM: Security, defect)
Core
DOM: Security
Tracking
()
NEW
People
(Reporter: ckerschb, Unassigned)
References
(Blocks 2 open bugs)
Details
(Whiteboard: [domsecurity-backlog])
Copying over comment from https://bugzilla.mozilla.org/show_bug.cgi?id=1125991#c17 (In reply to Jonas Sicking (:sicking) from comment #17) > (In reply to :Paolo Amadini from Bug 1087744 comment #26) > > Downloads can be initiated in a number of different ways. This includes > > "Save Page", drive-by downloads started by redirects in conjunction with > > "Content-Disposition" headers, and finally downloads initiated by single > > clicks, usually with "Content-Disposition" headers but also, I believe, with > > the "download" attribute on the "a" element. > > Ideally we would grab the principal of the page which contains the download > link and forward that principal to the code which calls newChannel here. > Which means that we need to do that for all the codepaths above. > > Then use that principal as both loadingPrincipal and triggeringPrincipal. > > The result of that would be that we could eventually remove: > > 1. The other security checks that the download code does. > 2. The code that sets the referrer. > 3. The code that tracks and sets the private-browsing flag. > > None of that could be removed quite yet though. But hopefully not too far > into the future.
Reporter | ||
Updated•9 years ago
|
Comment 1•9 years ago
|
||
(In reply to Christoph Kerschbaumer [:ckerschb] from comment #0) > > Ideally we would grab the principal of the page which contains the download > > link and forward that principal to the code which calls newChannel here. I don't think this is quite right, at least that's not the whole story. If security checks fail at this stage and are not done earlier, we would still show a failed download that can be retried. Additionally we don't persist principals across sessions, so the download would succeed if retried from history after a browser restart. > > The result of that would be that we could eventually remove: > > 2. The code that sets the referrer. > > 3. The code that tracks and sets the private-browsing flag. I don't see how we could remove these. We need to know the referrer and the private browsing state for the download management itself, and we persist the referrer to handle restarts.
Reporter | ||
Updated•8 years ago
|
Whiteboard: [domsecurity-backlog]
Reporter | ||
Updated•8 years ago
|
Assignee: ckerschb → nobody
Status: ASSIGNED → NEW
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•