PushRecord needs to use origin attributes when creating a codebase principal

RESOLVED WONTFIX

Status

()

RESOLVED WONTFIX
3 years ago
3 years ago

People

(Reporter: huseby, Assigned: baku)

Tracking

(Blocks: 1 bug)

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [OA])

Attachments

(1 attachment, 1 obsolete attachment)

(Reporter)

Description

3 years ago
in the file dom/push/PushRecord.jsm there is a call to createCodebasePrincipalFromOrigin:

> 246         principal = Services.scriptSecurityManager.createCodebasePrincipalFromOrigin(url);
> 247         principals.set(this, principal);

I think we need to change this to a GlobalContextOriginAttribute and call createCodebasePrincipal with the url and the attrs so that we avoid any user context isolation.
(Assignee)

Comment 1

3 years ago
Created attachment 8704111 [details] [diff] [review]
patch
Assignee: huseby → amarchesini
Attachment #8704111 - Flags: review?(huseby)
(Reporter)

Comment 2

3 years ago
Comment on attachment 8704111 [details] [diff] [review]
patch

Review of attachment 8704111 [details] [diff] [review]:
-----------------------------------------------------------------

createGlobalContextOriginAttributes -> createDefaultContextOriginAttributes
Attachment #8704111 - Flags: review?(huseby) → review-
(Assignee)

Comment 3

3 years ago
Created attachment 8704564 [details] [diff] [review]
bug_1235929.patch
Attachment #8704111 - Attachment is obsolete: true
Attachment #8704564 - Flags: review?(huseby)
(Assignee)

Updated

3 years ago
Depends on: 1229222
(Reporter)

Updated

3 years ago
Attachment #8704564 - Flags: review?(huseby) → review+
(Reporter)

Comment 4

3 years ago
I don't think this patch is needed.  

* The origin attributes are being added as a suffix to the uri here: http://mzl.la/1SlYnXU
* The call to createCodebasePrincipalFromOrigin calls CreateCodebasePrincipal: http://mzl.la/1SlYqD3
* CreateCodebasePrincipal correctly populates the origin attributes from the origin: http://mzl.la/1MqybMH

Resolving as WON'T FIX.
Status: ASSIGNED → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → WONTFIX
(Reporter)

Updated

3 years ago
Whiteboard: [OA]
You need to log in before you can comment on or make changes to this bug.