Use channel->ascynOpen2 toolkit/components/url-classifier/nsUrlClassifierStreamUpdater.cpp

RESOLVED FIXED in Firefox 43

Status

()

Core
DOM: Security
RESOLVED FIXED
3 years ago
3 years ago

People

(Reporter: ckerschb, Assigned: ckerschb)

Tracking

unspecified
mozilla43
Points:
---

Firefox Tracking Flags

(firefox43 fixed)

Details

Attachments

(1 attachment, 2 obsolete attachments)

Comment hidden (empty)
(Assignee)

Updated

3 years ago
Assignee: nobody → mozilla
Blocks: 1182535
(Assignee)

Comment 1

3 years ago
Created attachment 8648954 [details] [diff] [review]
bug_1195504_urlclassifierstreamupdater.patch
Attachment #8648954 - Flags: review?(jonas)
Comment on attachment 8648954 [details] [diff] [review]
bug_1195504_urlclassifierstreamupdater.patch

Review of attachment 8648954 [details] [diff] [review]:
-----------------------------------------------------------------

Why same-origin? The existing code doesn't seem to enforce that.

Speaking of.. is there a difference between REQUIRE_SAME_ORIGIN and ALLOW_CROSS_ORIGIN when the principal is the system principal?
(Assignee)

Comment 3

3 years ago
Created attachment 8648968 [details] [diff] [review]
bug_1195504_urlclassifierstreamupdater.patch

(In reply to Jonas Sicking (:sicking) from comment #2)
> Why same-origin? The existing code doesn't seem to enforce that.

Obviously you are right, we should use sec_allow_cross_origin.
 
> Speaking of.. is there a difference between REQUIRE_SAME_ORIGIN and
> ALLOW_CROSS_ORIGIN when the principal is the system principal?

Only a semantic difference, that's why test test_cookiejars_safebrowsing.js succeeded even with the wrong flag.
Attachment #8648954 - Attachment is obsolete: true
Attachment #8648954 - Flags: review?(jonas)
Attachment #8648968 - Flags: review?(jonas)
Comment on attachment 8648968 [details] [diff] [review]
bug_1195504_urlclassifierstreamupdater.patch

Review of attachment 8648968 [details] [diff] [review]:
-----------------------------------------------------------------

Cool. I think you should use _DATA_IS_NULL as well since the difference between that and _DATA_INHERITS is also semantic when the loading principal is the system principal. I.e. we never actually inherit the system principal for data: loads.

r=me with that.
Attachment #8648968 - Flags: review?(jonas) → review+
(Assignee)

Comment 5

3 years ago
Created attachment 8648974 [details] [diff] [review]
bug_1195504_urlclassifierstreamupdater.patch

(In reply to Jonas Sicking (:sicking) from comment #4)
> Cool. I think you should use _DATA_IS_NULL as well since the difference
> between that and _DATA_INHERITS is also semantic when the loading principal
> is the system principal.

Sure, I was thinking about that as well. DATA_IS_NULL makes more sense in the end. We should do the same for applicationreputation.
Attachment #8648968 - Attachment is obsolete: true
Attachment #8648974 - Flags: review+
(Assignee)

Comment 6

3 years ago
url:        https://hg.mozilla.org/integration/mozilla-inbound/rev/7723ccb537c76b76e4fe0a98012475d69cbcd7cd
changeset:  7723ccb537c76b76e4fe0a98012475d69cbcd7cd
user:       Christoph Kerschbaumer <mozilla@christophkerschbaumer.com>
date:       Tue Aug 18 09:53:15 2015 -0700
description:
Bug 1195504 - Use channel->ascynOpen2 toolkit/components/url-classifier/nsUrlClassifierStreamUpdater.cpp (r=sicking)
https://hg.mozilla.org/mozilla-central/rev/7723ccb537c7
Status: NEW → RESOLVED
Last Resolved: 3 years ago
status-firefox43: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla43
You need to log in before you can comment on or make changes to this bug.