Closed Bug 1147996 Opened 5 years ago Closed 5 years ago

Enable interception of CSP reports through service workers

Categories

(Core :: DOM: Security, defect)

x86
macOS
defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla39
Tracking Status
firefox39 --- fixed

People

(Reporter: ehsan, Assigned: ehsan)

References

Details

Attachments

(1 file)

This is the exact underlying issue in bug 1147695, and I have a similar patch that fixes it.
Currently when sending a CSP report, HttpBaseChannel::ShouldIntercept tries to
get access to the nsINetworkInterceptController interface through the channel's
notification callbacks, but in this case the notification callback is the
CSPReportRedirectSink object (thanks to nsCORSListenerProxy::Init).

This patch extends CSPReportRedirectSink to make it aware of
nsINetworkInterceptController, and have it route the request for
nsINetworkInterceptController correctly to the docshell without the need to
mess with the notification callbacks.

This will be tested in bug 1147699.
Attachment #8583937 - Flags: review?(nsm.nikhil)
https://hg.mozilla.org/mozilla-central/rev/84792fb8d1bd
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla39
Duplicate of this bug: 1038973
You need to log in before you can comment on or make changes to this bug.