Closed
Bug 1232901
Opened 9 years ago
Closed 9 years ago
Use channel.asyncOpen2 within dom/browser-element/BrowserElementParent.js
Categories
(Core :: DOM: Security, defect)
Core
DOM: Security
Tracking
()
RESOLVED
FIXED
mozilla47
Tracking | Status | |
---|---|---|
firefox47 | --- | fixed |
People
(Reporter: ckerschb, Assigned: ckerschb)
References
Details
Attachments
(1 file, 1 obsolete file)
4.29 KB,
patch
|
aus
:
review+
|
Details | Diff | Splinter Review |
No description provided.
Assignee | ||
Updated•9 years ago
|
Assignee | ||
Comment 1•9 years ago
|
||
Taking https://bugzilla.mozilla.org/show_bug.cgi?id=1232430#c4 and splitting the patch into several subproblems.
(In reply to Aus Lacroix [:aus] from comment #4)
> The goal of grabbing the loadingPrincipal is to have access to the correct
> cookie jar and other session related information so that you can download
> content properly because, often, sites require sign-in which is verified via
> session data.
Thanks Aus, but in what circumstances do we end up with a 'null' principal. Can that ever be the case? Probably we can simplify that code.
As the code is right now we never end up with a nullPrincipal (at least not in debug code) because we have assertions in place that don't allow creating of a channel without a loadingPrincipal.
Flags: needinfo?(aus)
Assignee | ||
Updated•9 years ago
|
Comment 2•9 years ago
|
||
(In reply to Christoph Kerschbaumer [:ckerschb] from comment #1)
> Created attachment 8698795 [details] [diff] [review]
> bug_1232901_asyncopen2_dom_browser_element.patch
>
> Taking https://bugzilla.mozilla.org/show_bug.cgi?id=1232430#c4 and splitting
> the patch into several subproblems.
>
> (In reply to Aus Lacroix [:aus] from comment #4)
> > The goal of grabbing the loadingPrincipal is to have access to the correct
> > cookie jar and other session related information so that you can download
> > content properly because, often, sites require sign-in which is verified via
> > session data.
>
> Thanks Aus, but in what circumstances do we end up with a 'null' principal.
> Can that ever be the case? Probably we can simplify that code.
>
> As the code is right now we never end up with a nullPrincipal (at least not
> in debug code) because we have assertions in place that don't allow creating
> of a channel without a loadingPrincipal.
Sounds like based on the fact that we have this assertion we could completely remove the extra code and assume we'll have a loadingPrincipal. Awesome! :)
Flags: needinfo?(aus)
Assignee | ||
Comment 3•9 years ago
|
||
Hey Aus, thanks for the update. One last question. Unfortunately, I don't fully understand what the code is doing but it seems we do not perform any kind of network security checks. Since we are going to change the callsite to use asyncOpen2(), do we still want no security checks to be performed? Or let me rephrase that, what kind of security checks would be appropriate for that channel?
Attachment #8698795 -
Attachment is obsolete: true
Attachment #8700204 -
Flags: review?(aus)
Comment 4•9 years ago
|
||
Comment on attachment 8700204 [details] [diff] [review]
bug_1232901_asyncopen2_dom_browser_element.patch
Looks fantastic! I love ditching old code. :)
Attachment #8700204 -
Flags: review?(aus) → review+
Assignee | ||
Comment 5•9 years ago
|
||
(In reply to Christoph Kerschbaumer [:ckerschb] from comment #3)
> Created attachment 8700204 [details] [diff] [review]
> bug_1232901_asyncopen2_dom_browser_element.patch
>
> Hey Aus, thanks for the update. One last question. Unfortunately, I don't
> fully understand what the code is doing but it seems we do not perform any
> kind of network security checks. Since we are going to change the callsite
> to use asyncOpen2(), do we still want no security checks to be performed? Or
> let me rephrase that, what kind of security checks would be appropriate for
> that channel?
Thanks for the r+ but I would really like you to weigh in what kind of security checks we need to perform before opening that channel. Maybe you could explain what this code is doing, then we can easily come up with the right policy. Thanks!
Flags: needinfo?(aus)
Comment 6•9 years ago
|
||
(In reply to Christoph Kerschbaumer [:ckerschb] from comment #5)
> (In reply to Christoph Kerschbaumer [:ckerschb] from comment #3)
> > Created attachment 8700204 [details] [diff] [review]
> > bug_1232901_asyncopen2_dom_browser_element.patch
> >
> > Hey Aus, thanks for the update. One last question. Unfortunately, I don't
> > fully understand what the code is doing but it seems we do not perform any
> > kind of network security checks. Since we are going to change the callsite
> > to use asyncOpen2(), do we still want no security checks to be performed? Or
> > let me rephrase that, what kind of security checks would be appropriate for
> > that channel?
>
> Thanks for the r+ but I would really like you to weigh in what kind of
> security checks we need to perform before opening that channel. Maybe you
> could explain what this code is doing, then we can easily come up with the
> right policy. Thanks!
Since this functionality in the browser element is used to support things such as 'save link as' and 'save image as' and the likes, I would imagine that SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS would be most correct while being the safest.
Flags: needinfo?(aus)
Assignee | ||
Comment 7•9 years ago
|
||
Those look all like intermittents to me:
https://treeherder.mozilla.org/#/jobs?repo=try&revision=43811d303d19&selectedJob=15651127
Comment 9•9 years ago
|
||
Backed out in https://hg.mozilla.org/integration/mozilla-inbound/rev/a6c0026d360b as being the more likely of the two to have caused https://treeherder.mozilla.org/logviewer.html#?job_id=20163348&repo=mozilla-inbound
Comment 10•9 years ago
|
||
Comment 11•9 years ago
|
||
bugherder |
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
status-firefox47:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla47
You need to log in
before you can comment on or make changes to this bug.
Description
•