Unable to get the original http header inside through nsIMultipartChannel

RESOLVED FIXED in Firefox 43

Status

()

defect
RESOLVED FIXED
4 years ago
4 years ago

People

(Reporter: hchang, Assigned: hchang)

Tracking

unspecified
mozilla43
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox43 fixed)

Details

Attachments

(1 attachment, 1 obsolete attachment)

Assignee

Description

4 years ago
In new security model, we need to check the integrity of each resource in the package. While we can get the original body for each subresource, there's no way to get the original http header. The closest way is to serialize the object nsHttpResponseHead which we obtain from nsIMultipartChannel. It could be different from the original one for a couple of reasons.

We need to either add API to nsIMultipartChannel to expose original http header.
Assignee

Comment 2

4 years ago
(In reply to Dragana Damjanovic [:dragana] from comment #1)
> see bug 669259

If you are referring to get them from cache, it would be a little difficult for packaged app since we will copy some headers from the base channel to the part channel and save to the cache. Sigh...
(In reply to Henry Chang [:henry] from comment #2)
> (In reply to Dragana Damjanovic [:dragana] from comment #1)
> > see bug 669259
> 
> If you are referring to get them from cache, it would be a little difficult
> for packaged app since we will copy some headers from the base channel to
> the part channel and save to the cache. Sigh...

Sorry, I think, I understand now what you mean with "It could be different from the original one for a couple of reasons."  Because you have not really define the part "different to what" I have understood it wrong.
Assignee

Updated

4 years ago
Assignee: nobody → hchang
Assignee

Updated

4 years ago
Blocks: 1178518
Assignee

Comment 4

4 years ago
Posted patch Bug1198669.diff (obsolete) — Splinter Review
Assignee

Comment 5

4 years ago
Hi Valentin,

Sorry for bothering again :p

I just realised we need this patch to get rid of the header we copy from the base channel for verification. (since the integrity hash covers the header). 

I will provide the test case tomorrow. If you are busy or not able to review this, I may ask Jason to do the review. Just let you know first :) Thanks!
Flags: needinfo?(valentin.gosu)
Assignee

Comment 6

4 years ago
By the way, I have tested the patch and it works pretty well.
Comment on attachment 8657829 [details] [diff] [review]
Bug1198669.diff

This looks pretty nice. Add a test and it's good to go.
Flags: needinfo?(valentin.gosu)
Attachment #8657829 - Flags: review+
Assignee

Updated

4 years ago
Attachment #8657829 - Attachment is obsolete: true
Assignee

Updated

4 years ago
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/ee49a5d7058c
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla43
You need to log in before you can comment on or make changes to this bug.