Closed
Bug 1238722
Opened 8 years ago
Closed 8 years ago
installing add-ons from uri needs to use default user context id in origin attributes.
Categories
(Core :: DOM: Core & HTML, defect)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: huseby, Assigned: huseby)
References
Details
(Whiteboard: [OA])
Attachments
(1 file, 1 obsolete file)
1.26 KB,
patch
|
sicking
:
review-
|
Details | Diff | Splinter Review |
in the file toolkit/mozapps/extensions/AddonManager.jsm we create a principal from an add-on URI with this code:
> 331 if (principalOrURI instanceof Ci.nsIURI) {
> 332 return Services.scriptSecurityManager.createCodebasePrincipal(principalOrURI, {
> 333 inBrowser: true
> 334 });
> 335 }
the fix here is to create a default context origin attribute object, set the inBrowser value to true and then pass the origin attr to the createCodebasePrincipal call.
Assignee | ||
Comment 1•8 years ago
|
||
Assignee | ||
Comment 2•8 years ago
|
||
updated for new API.
Attachment #8717711 -
Attachment is obsolete: true
Attachment #8722063 -
Flags: review?(jonas)
Comment on attachment 8722063 [details] [diff] [review] Bug_1238722.patch Review of attachment 8722063 [details] [diff] [review]: ----------------------------------------------------------------- ::: toolkit/mozapps/extensions/AddonManager.jsm @@ +331,5 @@ > if (principalOrURI instanceof Ci.nsIURI) { > + let attrs = ChromeUtils.createOriginAttributesFromOrigin(principalOrURI); > + attrs.userContextId = 0; > + attrs.inBrowser = true; > + return Services.scriptSecurityManager.createCodebasePrincipal(principalOrURI, attrs); o_O Why the heck does this set inBrowser=true?!? That is unlikely to produce whatever result the author was hoping for. I talked with Mossop and it seems like it was based on a misunderstanding of what setting that actually meant. In any case I think leaving this as the default contextid=0 Also, attrs will always be the default OAs, since principalOrURI is just a URI (as tested on line 331)
Attachment #8722063 -
Flags: review?(jonas) → review-
that code has been removed in Bug 1250639
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
Assignee | ||
Updated•8 years ago
|
Whiteboard: [OA]
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•