Closed Bug 1194524 Opened 4 years ago Closed 4 years ago

Use channel->ascynOpen2 in dom/media/MediaResource.cpp

Categories

(Core :: DOM: Security, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
mozilla43
Tracking Status
firefox43 --- fixed

People

(Reporter: ckerschb, Assigned: ckerschb)

References

Details

Attachments

(1 file)

No description provided.
Assignee: nobody → mozilla
Blocks: 1182535
Jonas, I suppose we potentially need to set 'SEC_REQUIRE_CORS_DATA_INHERITS' in both cases, not just in one, right? And the other question I have, aren't we missing a contentPolicy check somewhere?
Attachment #8660246 - Flags: review?(jonas)
Comment on attachment 8660246 [details] [diff] [review]
bug_1194524_asyncopen2_mediaresource.patch

Review of attachment 8660246 [details] [diff] [review]:
-----------------------------------------------------------------

Yes, setting it in both places looks correct.

::: dom/media/MediaResource.cpp
@@ +861,1 @@
>    }

You don't need the ChannelShouldInheritPrincipal call or the FORCE_INHERIT. The *_DATA_INHERITS modes take care of that.

@@ +1437,5 @@
>                                                      mURI,
>                                                      false, // aInheritForAboutBlank
>                                                      false // aForceInherit
>                                                      )) {
> +    securityFlags |= nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL;

Same here.
Attachment #8660246 - Flags: review?(jonas) → review+
https://hg.mozilla.org/mozilla-central/rev/f737c4a01752
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla43
Depends on: 1228677
You need to log in before you can comment on or make changes to this bug.