Closed Bug 1147996 Opened 10 years ago Closed 10 years ago

Enable interception of CSP reports through service workers

Categories

(Core :: DOM: Security, defect)

Product:
Core
Component:
DOM: Security
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla39
Tracking Flags:
Tracking Status
firefox39 --- fixed

People

(Reporter: ehsan.akhgari, Assigned: ehsan.akhgari)

References

Details

Attachments

(1 file)

Enable interception of CSP reports through service workers
5.38 KB, patch
nsm
: review+
Details | Diff | Splinter Review
This is the exact underlying issue in bug 1147695, and I have a similar patch that fixes it.
Currently when sending a CSP report, HttpBaseChannel::ShouldIntercept tries to get access to the nsINetworkInterceptController interface through the channel's notification callbacks, but in this case the notification callback is the CSPReportRedirectSink object (thanks to nsCORSListenerProxy::Init). This patch extends CSPReportRedirectSink to make it aware of nsINetworkInterceptController, and have it route the request for nsINetworkInterceptController correctly to the docshell without the need to mess with the notification callbacks. This will be tested in bug 1147699.
Attachment #8583937 - Flags: review?(nsm.nikhil)
https://hg.mozilla.org/mozilla-central/rev/84792fb8d1bd
Status: NEW → RESOLVED
Closed: 10 years ago
status-firefox39: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla39
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: