Closed Bug 1238722 Opened 8 years ago Closed 8 years ago

installing add-ons from uri needs to use default user context id in origin attributes.

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: huseby, Assigned: huseby)

References

Details

(Whiteboard: [OA])

Attachments

(1 file, 1 obsolete file)

Bug_1238722.patch
1.26 KB, patch
sicking
: review-
Details | Diff | Splinter Review 
in the file toolkit/mozapps/extensions/AddonManager.jsm we create a principal from an add-on URI with this code:

> 331   if (principalOrURI instanceof Ci.nsIURI) {
> 332     return Services.scriptSecurityManager.createCodebasePrincipal(principalOrURI, {
> 333       inBrowser: true
> 334     });
> 335   }

the fix here is to create a default context origin attribute object, set the inBrowser value to true and then pass the origin attr to the createCodebasePrincipal call.
Attached patch Bug_1238722.patch (obsolete) — Splinter Review 

    
    

    
  


  
updated for new API.

        Attachment #8717711 -
        Attachment is obsolete: true

        Attachment #8722063 -
        Flags: review?(jonas)

    
    

    
  
Comment on attachment 8722063 [details] [diff] [review]
Bug_1238722.patch

Review of attachment 8722063 [details] [diff] [review]:
-----------------------------------------------------------------

::: toolkit/mozapps/extensions/AddonManager.jsm
@@ +331,5 @@
>    if (principalOrURI instanceof Ci.nsIURI) {
> +    let attrs = ChromeUtils.createOriginAttributesFromOrigin(principalOrURI);
> +    attrs.userContextId = 0;
> +    attrs.inBrowser = true;
> +    return Services.scriptSecurityManager.createCodebasePrincipal(principalOrURI, attrs);

o_O

Why the heck does this set inBrowser=true?!? That is unlikely to produce whatever result the author was hoping for. I talked with Mossop and it seems like it was based on a misunderstanding of what setting that actually meant.

In any case I think leaving this as the default contextid=0

Also, attrs will always be the default OAs, since principalOrURI is just a URI (as tested on line 331)

        Attachment #8722063 -
        Flags: review?(jonas) → review-

    
    

    
  
that code has been removed in Bug 1250639
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX

    
  
Whiteboard: [OA]
Component: DOM → DOM: Core & HTML

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: