Closed
Bug 1226444
Opened 9 years ago
Closed 9 years ago
Use helper function to identify preloads
Categories
(Core :: DOM: Security, defect)
Core
DOM: Security
Tracking
()
RESOLVED
FIXED
mozilla45
Tracking | Status | |
---|---|---|
firefox45 | --- | fixed |
People
(Reporter: ckerschb, Assigned: ckerschb)
References
Details
Attachments
(1 file)
2.74 KB,
patch
|
sicking
:
review+
|
Details | Diff | Splinter Review |
No description provided.
Assignee | ||
Updated•9 years ago
|
Assignee | ||
Comment 1•9 years ago
|
||
Jonas, as agreed we should use the helper function to identify preloads within nsHttpChannel. The other update where we set mUpgradeInsecurePreloads to true if the parent document uses mUpgradeInsecureRequests is rather cosmetically because within nsHttpChannel we check if preload && upgradeSInecurePreloads || upgradeInsecureReqeusts. csp/test_upgrade_insecure.html makes sure we upgrade preloads *if* upgrade-insecure-requests is used within a CSP *header*.
Attachment #8689847 -
Flags: review?(jonas)
Comment on attachment 8689847 [details] [diff] [review] bug_1226444_use_helperfunction_to_identify_preloads.patch Review of attachment 8689847 [details] [diff] [review]: ----------------------------------------------------------------- ::: dom/base/nsDocument.cpp @@ +2543,2 @@ > mUpgradeInsecurePreloads = > + mUpgradeInsecureRequests || I don't actually think this is needed given that the httpchannel looks at both. Up to you.
Attachment #8689847 -
Flags: review?(jonas) → review+
Assignee | ||
Comment 3•9 years ago
|
||
(In reply to Jonas Sicking (:sicking) from comment #2) > Comment on attachment 8689847 [details] [diff] [review] > bug_1226444_use_helperfunction_to_identify_preloads.patch > > Review of attachment 8689847 [details] [diff] [review]: > ----------------------------------------------------------------- > > ::: dom/base/nsDocument.cpp > @@ +2543,2 @@ > > mUpgradeInsecurePreloads = > > + mUpgradeInsecureRequests || > > I don't actually think this is needed given that the httpchannel looks at > both. Up to you. In case someone inspects that flag at a different point in the codebase it's nicer to get the correct value. Not having a strong opinion but I think keeping it that way is slightly better.
Keywords: checkin-needed
Comment 5•9 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/ab8b0e58aa82
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
status-firefox45:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla45
You need to log in
before you can comment on or make changes to this bug.
Description
•