Closed Bug 1235657 Opened 4 years ago Closed 4 years ago

Session storage needs to handle origin attributes correctly.

Categories

(Firefox :: Security, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
Firefox 46
Tracking Status
firefox46 --- fixed

People

(Reporter: huseby, Assigned: baku)

References

(Blocks 1 open bug)

Details

(Whiteboard: [OA])

Attachments

(2 files)

The SessionStorage.jsm file contains a call to createCodebasePrincipalFromOrigin when I think the solution is to use the origin attributes from the docshell and use createCodebasePrincipal instead.

> 104   restore: function (aDocShell, aStorageData) {
> 105     for (let origin of Object.keys(aStorageData)) {
> 106       let data = aStorageData[origin];
> 107       let principal = Services.scriptSecurityManager.createCodebasePrincipalFromOrigin(origin);
> 108       let storageManager = aDocShell.QueryInterface(Ci.nsIDOMStorageManager);

I think the changes in Bug 1193854 will handle initializing the docshell with proper origin attributes upon tab restore.  If that's true, then the restore function should receive a docshell with the right origin attributes set on it.
Assignee: huseby → amarchesini
Attachment #8703777 - Flags: review?(huseby) → review+
Attachment #8703785 - Flags: review?(huseby) → review+
https://hg.mozilla.org/mozilla-central/rev/384bf27d0f58
https://hg.mozilla.org/mozilla-central/rev/d540e9c1a4fd
Status: ASSIGNED → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 46
[bugday-20160323]

Status: RESOLVED,FIXED -> UNVERIFIED

Comments:
STR: Not clear.
Developer specific testing

Component: 
Name			Firefox
Version			46.0b9
Build ID		20160322075646
Update Channel	beta
User Agent		Mozilla/5.0 (Windows NT 6.1; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
OS				Windows 7 SP1 x86_64

Expected Results: 
Developer specific testing

Actual Results: 
As expected
Whiteboard: [OA]
You need to log in before you can comment on or make changes to this bug.