1235657 - Session storage needs to handle origin attributes correctly.

Status: RESOLVED FIXED

(Firefox :: Security, defect)

Description

[Dave Huseby [:huseby]]

The SessionStorage.jsm file contains a call to createCodebasePrincipalFromOrigin when I think the solution is to use the origin attributes from the docshell and use createCodebasePrincipal instead.

> 104   restore: function (aDocShell, aStorageData) {
> 105     for (let origin of Object.keys(aStorageData)) {
> 106       let data = aStorageData[origin];
> 107       let principal = Services.scriptSecurityManager.createCodebasePrincipalFromOrigin(origin);
> 108       let storageManager = aDocShell.QueryInterface(Ci.nsIDOMStorageManager);

I think the changes in Bug 1193854 will handle initializing the docshell with proper origin attributes upon tab restore.  If that's true, then the restore function should receive a docshell with the right origin attributes set on it.

Comment 1

[Andrea Marchesini [:baku]]

Attachment: part 1 - createOriginAttributesWithUserContextId

Comment 2

[Andrea Marchesini [:baku]]

Attachment: part 2 - SessionStorageInternal::restore

Comment 3

[Pulsebot]

https://hg.mozilla.org/integration/mozilla-inbound/rev/384bf27d0f58
https://hg.mozilla.org/integration/mozilla-inbound/rev/d540e9c1a4fd

Comment 4

[Carsten Book [:Tomcat]]

https://hg.mozilla.org/mozilla-central/rev/384bf27d0f58
https://hg.mozilla.org/mozilla-central/rev/d540e9c1a4fd

Comment 5

[Mayur Patil]

[bugday-20160323]

Status: RESOLVED,FIXED -> UNVERIFIED

Comments:
STR: Not clear.
Developer specific testing

Component: 
Name			Firefox
Version			46.0b9
Build ID		20160322075646
Update Channel	beta
User Agent		Mozilla/5.0 (Windows NT 6.1; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
OS				Windows 7 SP1 x86_64

Expected Results: 
Developer specific testing

Actual Results: 
As expected