Closed Bug 1175480 Opened 5 years ago Closed 5 years ago

Expose the external content policy type from the load info objects

Categories

(Core :: DOM: Core & HTML, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
mozilla41
Tracking Status
firefox41 --- fixed

People

(Reporter: ehsan, Assigned: ehsan)

References

Details

Attachments

(1 file, 1 obsolete file)

Consumers of this type need to deal with the external content policy
types.  One example is HttpObserverManager.runChannelListener in
WebRequest.jsm.
Assignee: nobody → ehsan
Blocks: 1174307, 1148935
Consumers of this type need to deal with the external content policy
types.  One example is HttpObserverManager.runChannelListener in
WebRequest.jsm.
Attachment #8623610 - Attachment is obsolete: true
Attachment #8623610 - Flags: review?(bugs)
Attachment #8623611 - Flags: review?(bugs)
Comment on attachment 8623611 [details] [diff] [review]
Expose the external content policy type from the load info objects

We really should have some other type for _INTERNAL_ to make it clear when one
deals with internal and when external contentpolicytypes.
But that is not about this bug.

>   /**
>-   * The contentPolicyType of the channel, used for security checks
>+   * The external contentPolicyType of the channel, used for security checks
>    * like Mixed Content Blocking and Content Security Policy.
>    */
Could you still emphasize that _INTERNAL_ values aren't ever returned.



>   /**
>+   * The internal contentPolicyType of the channel, used for constructing
>+   * RequestContext values when creating a fetch event for an intercepted
>+   * channel.
>+   *
>+   * This should not be used for the purposes of security checks.  Please
>+   * use the contentPolicyType attribute above for that purpose.
Why this shouldn't be used for security checks?
I would just drop the latter paragraph (or explain why this shouldn't be used for security checks).
Attachment #8623611 - Flags: review?(bugs) → review+
(In reply to Olli Pettay [:smaug] from comment #3)
> >   /**
> >+   * The internal contentPolicyType of the channel, used for constructing
> >+   * RequestContext values when creating a fetch event for an intercepted
> >+   * channel.
> >+   *
> >+   * This should not be used for the purposes of security checks.  Please
> >+   * use the contentPolicyType attribute above for that purpose.
> Why this shouldn't be used for security checks?

Because the content policy implementations are only expected to be able to deal with external types.

> I would just drop the latter paragraph (or explain why this shouldn't be
> used for security checks).

I'll explain more in the comment.
sorry had to back this out again, seems this and the other landing caused test failures like https://treeherder.mozilla.org/logviewer.html#?job_id=10918636&repo=mozilla-inbound
Flags: needinfo?(ehsan)
This should be innocent.  Relanded: https://hg.mozilla.org/integration/mozilla-inbound/rev/2d456668f53c
Flags: needinfo?(ehsan)
https://hg.mozilla.org/mozilla-central/rev/2d456668f53c
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla41
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.