Use channel->ascynOpen2 in dom/media/MediaResource.cpp

RESOLVED FIXED in Firefox 43

Status

()

Core
DOM: Security
RESOLVED FIXED
2 years ago
2 years ago

People

(Reporter: ckerschb, Assigned: ckerschb)

Tracking

unspecified
mozilla43
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox43 fixed)

Details

Attachments

(1 attachment)

Comment hidden (empty)
(Assignee)

Updated

2 years ago
Assignee: nobody → mozilla
Blocks: 1182535
(Assignee)

Comment 1

2 years ago
Created attachment 8660246 [details] [diff] [review]
bug_1194524_asyncopen2_mediaresource.patch

Jonas, I suppose we potentially need to set 'SEC_REQUIRE_CORS_DATA_INHERITS' in both cases, not just in one, right? And the other question I have, aren't we missing a contentPolicy check somewhere?
Attachment #8660246 - Flags: review?(jonas)
Comment on attachment 8660246 [details] [diff] [review]
bug_1194524_asyncopen2_mediaresource.patch

Review of attachment 8660246 [details] [diff] [review]:
-----------------------------------------------------------------

Yes, setting it in both places looks correct.

::: dom/media/MediaResource.cpp
@@ +861,1 @@
>    }

You don't need the ChannelShouldInheritPrincipal call or the FORCE_INHERIT. The *_DATA_INHERITS modes take care of that.

@@ +1437,5 @@
>                                                      mURI,
>                                                      false, // aInheritForAboutBlank
>                                                      false // aForceInherit
>                                                      )) {
> +    securityFlags |= nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL;

Same here.
Attachment #8660246 - Flags: review?(jonas) → review+

Comment 3

2 years ago
https://hg.mozilla.org/integration/mozilla-inbound/rev/f737c4a01752
https://hg.mozilla.org/mozilla-central/rev/f737c4a01752
Status: NEW → RESOLVED
Last Resolved: 2 years ago
status-firefox43: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla43

Updated

2 years ago
Depends on: 1228677
You need to log in before you can comment on or make changes to this bug.