Closed
Bug 1269568
Opened 8 years ago
Closed 8 years ago
Remove LoginManagerContent's isDocumentSecure function in favor of Window.isSecureContext
Categories
(Toolkit :: Password Manager, defect, P3)
Toolkit
Password Manager
Tracking
()
RESOLVED
FIXED
mozilla52
| Tracking | Status | |
|---|---|---|
| firefox52 | --- | fixed |
People
(Reporter: jwatt, Assigned: MattN)
References
Details
(Whiteboard: [passwords:tech-debt])
Attachments
(2 files)
|
58 bytes,
text/x-review-board-request
|
johannh
:
review+
|
Details |
|
Bug 1269568 - Update browser_webconsole_bug_762593_... to check for the more accurate frame message.
58 bytes,
text/x-review-board-request
|
MattN
:
review+
|
Details |
LoginManagerContent has an isDocumentSecure function that tries to provide a rough approximation of whether or not a document creates a Secure Context, aka: https://w3c.github.io/webappsec-secure-contexts/ Now that bug 1162772 has landed this code should be removed in favor of Window.isSecureContext. Note that the hasInsecureLoginForms function in LoginManagerContent.jsm no longer needs the parentIsInsecure argument since Window.isSecureContext takes that into account. Similarly _checkForInsecureNestedDocuments is not needed since all it does is walk the parent chain checking if each document is secure. Note that Window.isSecureContext also takes into account the security of opener windows, so switching to Window.isSecureContext does involve a change in behavior to become more restrict in that regard.
|
Reporter | |
Comment 1•8 years ago
|
||
(gScriptSecurityManager can also be removed from LoginManagerContent.jsm since isDocumentSecure is the only consumer.)
|
Assignee | |
Comment 2•8 years ago
|
||
Yeah, I was planning on switching this out after bug 1261234 lands. It seems like we would still need isOriginPotentiallyTrustworthy in InsecurePasswordUtils for the form @action attribute.
Depends on: 1261234
|
|
Reporter | |
Comment 3•8 years ago
|
||
MattN: Should this be assigned to you?
|
|
Assignee | |
Comment 4•8 years ago
|
||
No as I have no time to work on it this quarter and it doesn't seem like a high priority. If Sean or you want to figure it out I can review but I'm not sure what the urgency is since I don't think we'll ever be able to remove isOriginPotentiallyTrustworthy.
|
|
Assignee | |
Updated•8 years ago
|
Whiteboard: [passwords:tech-debt]
|
|
Assignee | |
Comment 5•8 years ago
|
||
This mess of differing security checks was getting in the way of bug 1302474 so I'm putting up a patch. Bug 1302474 will clean up the security checks even more.
| Comment hidden (mozreview-request) |
|
||
Comment 7•8 years ago
|
||
| mozreview-review | ||
Comment on attachment 8798695 [details] Bug 1269568 - Remove LoginManagerContent's isDocumentSecure function in favor of Window.isSecureContext. https://reviewboard.mozilla.org/r/84114/#review83114 Looks good, thanks!
Attachment #8798695 -
Flags: review?(jhofmann) → review+
Pushed by mozilla@noorenberghe.ca: https://hg.mozilla.org/integration/autoland/rev/084f217c4d49 Remove LoginManagerContent's isDocumentSecure function in favor of Window.isSecureContext. r=johannh
| Comment hidden (mozreview-request) |
|
|
Assignee | |
Comment 10•8 years ago
|
||
| mozreview-review | ||
Comment on attachment 8799540 [details] Bug 1269568 - Update browser_webconsole_bug_762593_... to check for the more accurate frame message. https://reviewboard.mozilla.org/r/84686/#review83276
Attachment #8799540 -
Flags: review?(MattN+bmo) → review+
|
||
Comment 11•8 years ago
|
||
Pushed by mozilla@noorenberghe.ca: https://hg.mozilla.org/integration/autoland/rev/2919296c48c0 Update browser_webconsole_bug_762593_... to check for the more accurate frame message. r=me
|
||
Comment 12•8 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/084f217c4d49 https://hg.mozilla.org/mozilla-central/rev/2919296c48c0
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
status-firefox52:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla52
You need to log in
before you can comment on or make changes to this bug.
Description
•