Closed
Bug 1260921
Opened 9 years ago
Closed 9 years ago
HttpChannelParent::DoAsyncOpen needs to handle userContextId correctly
Categories
(Core :: DOM: Security, defect)
Core
DOM: Security
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: huseby, Assigned: timhuang)
References
Details
(Whiteboard: [userContextId][OA][domsecurity-active])
In the file HttpChannelParent.cpp there is a call to CreatCodebasePrincipal here:
https://mxr.mozilla.org/mozilla-central/source/netwerk/protocol/http/HttpChannelParent.cpp#471
This code appears to correctly pass the origin attributes from the necko origin attributes to the principal origin attributes. We need to analyze how the newly created principal is used. Is it used to isolate browser state? If it is, do we want to isolate on userContextId?
Reporter | ||
Updated•9 years ago
|
Component: DOM → DOM: Security
Assignee | ||
Updated•9 years ago
|
Assignee: nobody → tihuang
Reporter | ||
Updated•9 years ago
|
Whiteboard: [userContextId] → [userContextId][OA]
Reporter | ||
Updated•9 years ago
|
Status: NEW → ASSIGNED
Updated•9 years ago
|
Whiteboard: [userContextId][OA] → [userContextId][OA][domsecurity-active]
Assignee | ||
Comment 1•9 years ago
|
||
The newly created principal here is used for checking that should this load check application cache or not. Based on the Bug 1233917 Comment 4, The check here is only for checking the permission database and does not associate with the user context id. And the app cache is going to be deprecated, it is unlikely that this checking becomes user context aware in the future. Eventhough, this is happened, the code here is not wrong anyway since the origin attributes here is correctly passed. That is to say, this bug should be marked as RESOLVE WONTFIX.
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•