Closed Bug 1226437 Opened 9 years ago Closed 9 years ago

Meta CSP should not overwrite referrer policy when speculatively applied

Categories

(Core :: DOM: Security, defect)

Product:
Core
Component:
DOM: Security
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla45
Tracking Flags:
Tracking Status
firefox45 --- fixed

People

(Reporter: ckerschb, Assigned: ckerschb)

References

Details

Attachments

(1 file, 1 obsolete file)

bug_1226437_meta_csp_referrer_regression.patch
3.11 KB, patch
ckerschb
: review+
Details | Diff | Splinter Review 
      No description provided.
Assignee: nobody → mozilla
Blocks: 663570
Status: NEW → ASSIGNED
We should treat referrer policies found in a <meta csp> the same way as we treat <meta referrer>. There's a bunch of code in place to handle that which makes sure that we never use a resource fetched with the wrong referrer.
...so it'd be nice to leverage that existing code.
Jonas, as discussed over IRC speculate meta csp should only set speculative referrer policy and not the *actual* referrer policy.
Attachment #8689848 - Flags: review?(jonas)
Comment on attachment 8689848 [details] [diff] [review]
bug_1226437_meta_csp_referrer_regression.patch

Review of attachment 8689848 [details] [diff] [review]:
-----------------------------------------------------------------

::: parser/html/nsHtml5TreeOpExecutor.cpp
@@ +1022,5 @@
> +{
> +  // Record "speculated" referrer policy locally and thread through the
> +  // speculation phase.  The actual referrer policy will be set by
> +  // HTMLMetaElement::BindToTree().
> +  mSpeculationReferrerPolicy = aReferrerPolicy;

Don't move this function. It'll just make hg-history messier.
Attachment #8689848 - Flags: review?(jonas) → review+

        Attachment #8689848 -
        Attachment is obsolete: true

        Attachment #8690157 -
        Flags: review+

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/0db00ad2b8a8
Status: ASSIGNED → RESOLVED
Closed: 9 years ago

          status-firefox45:
          --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla45

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: