Closed Bug 1260921 Opened 6 years ago Closed 6 years ago

HttpChannelParent::DoAsyncOpen needs to handle userContextId correctly

Categories

(Core :: DOM: Security, defect)

defect
Not set
normal

Tracking

()

RESOLVED WONTFIX

People

(Reporter: huseby, Assigned: timhuang)

References

(Blocks 1 open bug)

Details

(Whiteboard: [userContextId][OA][domsecurity-active])

In the file HttpChannelParent.cpp there is a call to CreatCodebasePrincipal here:

https://mxr.mozilla.org/mozilla-central/source/netwerk/protocol/http/HttpChannelParent.cpp#471

This code appears to correctly pass the origin attributes from the necko origin attributes to the principal origin attributes.  We need to analyze how the newly created principal is used.  Is it used to isolate browser state?  If it is, do we want to isolate on userContextId?
Component: DOM → DOM: Security
Assignee: nobody → tihuang
Whiteboard: [userContextId] → [userContextId][OA]
Status: NEW → ASSIGNED
Whiteboard: [userContextId][OA] → [userContextId][OA][domsecurity-active]
The newly created principal here is used for checking that should this load check application cache or not. Based on the Bug 1233917 Comment 4, The check here is only for checking the permission database and does not associate with the user context id. And the app cache is going to be deprecated, it is unlikely that this checking becomes user context aware in the future. Eventhough, this is happened, the code here is not wrong anyway since the origin attributes here is correctly passed. That is to say, this bug should be marked as RESOLVE WONTFIX.
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.