Closed Bug 1226437 Opened 9 years ago Closed 9 years ago

Meta CSP should not overwrite referrer policy when speculatively applied

Categories

(Core :: DOM: Security, defect)

defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla45
Tracking Status
firefox45 --- fixed

People

(Reporter: ckerschb, Assigned: ckerschb)

References

Details

Attachments

(1 file, 1 obsolete file)

No description provided.
Assignee: nobody → mozilla
Blocks: 663570
Status: NEW → ASSIGNED
We should treat referrer policies found in a <meta csp> the same way as we treat <meta referrer>. There's a bunch of code in place to handle that which makes sure that we never use a resource fetched with the wrong referrer.
...so it'd be nice to leverage that existing code.
Jonas, as discussed over IRC speculate meta csp should only set speculative referrer policy and not the *actual* referrer policy.
Attachment #8689848 - Flags: review?(jonas)
Comment on attachment 8689848 [details] [diff] [review] bug_1226437_meta_csp_referrer_regression.patch Review of attachment 8689848 [details] [diff] [review]: ----------------------------------------------------------------- ::: parser/html/nsHtml5TreeOpExecutor.cpp @@ +1022,5 @@ > +{ > + // Record "speculated" referrer policy locally and thread through the > + // speculation phase. The actual referrer policy will be set by > + // HTMLMetaElement::BindToTree(). > + mSpeculationReferrerPolicy = aReferrerPolicy; Don't move this function. It'll just make hg-history messier.
Attachment #8689848 - Flags: review?(jonas) → review+
Attachment #8689848 - Attachment is obsolete: true
Attachment #8690157 - Flags: review+
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla45
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: