Closed Bug 1226444 Opened 9 years ago Closed 9 years ago

Use helper function to identify preloads

Categories

(Core :: DOM: Security, defect)

defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla45
Tracking Status
firefox45 --- fixed

People

(Reporter: ckerschb, Assigned: ckerschb)

References

Details

Attachments

(1 file)

      No description provided.
Assignee: nobody → mozilla
Blocks: 663570
Status: NEW → ASSIGNED
Jonas, as agreed we should use the helper function to identify preloads within nsHttpChannel. The other update where we set mUpgradeInsecurePreloads to true if the parent document uses mUpgradeInsecureRequests is rather cosmetically because within nsHttpChannel we check if preload && upgradeSInecurePreloads || upgradeInsecureReqeusts. csp/test_upgrade_insecure.html makes sure we upgrade preloads *if* upgrade-insecure-requests is used within a CSP *header*.
Attachment #8689847 - Flags: review?(jonas)
Comment on attachment 8689847 [details] [diff] [review]
bug_1226444_use_helperfunction_to_identify_preloads.patch

Review of attachment 8689847 [details] [diff] [review]:
-----------------------------------------------------------------

::: dom/base/nsDocument.cpp
@@ +2543,2 @@
>        mUpgradeInsecurePreloads =
> +        mUpgradeInsecureRequests ||

I don't actually think this is needed given that the httpchannel looks at both. Up to you.
Attachment #8689847 - Flags: review?(jonas) → review+
(In reply to Jonas Sicking (:sicking) from comment #2)
> Comment on attachment 8689847 [details] [diff] [review]
> bug_1226444_use_helperfunction_to_identify_preloads.patch
> 
> Review of attachment 8689847 [details] [diff] [review]:
> -----------------------------------------------------------------
> 
> ::: dom/base/nsDocument.cpp
> @@ +2543,2 @@
> >        mUpgradeInsecurePreloads =
> > +        mUpgradeInsecureRequests ||
> 
> I don't actually think this is needed given that the httpchannel looks at
> both. Up to you.

In case someone inspects that flag at a different point in the codebase it's nicer to get the correct value. Not having a strong opinion but I think keeping it that way is slightly better.
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/ab8b0e58aa82
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla45
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: