Closed
Bug 1260923
Opened 9 years ago
Closed 9 years ago
CookieServiceParent needs to handle userContextId correctly
Categories
(Core :: DOM: Security, defect)
Core
DOM: Security
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: huseby, Assigned: jhao)
References
Details
(Whiteboard: [userContextId][OA])
In the file CookieServiceParent.cpp there is a call to CreateCodebasePrincipal here:
https://mxr.mozilla.org/mozilla-central/source/netwerk/cookie/CookieServiceParent.cpp#41
It appears that the origin attributes are correctly getting inherited and passed on. We need to analyze how the newly created principal is used. Is it used to isolate browser state? If so, do we want to isolate on user context id?
|
Reporter | |
Updated•9 years ago
|
Component: DOM → DOM: Security
|
Assignee | |
Comment 1•9 years ago
|
||
As far as I can tell, that principal is used to creating a loadInfo, and the loadInfo is used to create a dummy channel which is never opened (according to here [1]). That channel will be passed to SetCookieStringInternal(). The only time that the principal is ever retrieved is in [2], where only its URI is used. The Necko origin attributes are passed as a separate argument to SetCookieStringInternal() [3].
To sum up, I think this principal isn't used to isolate browser state, so I'm setting this bug as RESOLVED WONTFIX. Please re-open it if anyone thinks otherwise.
[1] https://dxr.mozilla.org/mozilla-central/source/netwerk/cookie/CookieServiceParent.cpp#52
[2] https://dxr.mozilla.org/mozilla-central/source/dom/base/ThirdPartyUtil.cpp#229
[3] https://dxr.mozilla.org/mozilla-central/source/netwerk/cookie/CookieServiceParent.cpp#189
Assignee: nobody → jhao
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WONTFIX
|
|
Reporter | |
Updated•9 years ago
|
Whiteboard: [userContextId] → [userContextId][OA]
You need to log in
before you can comment on or make changes to this bug.
Description
•