Follow-up from bug 1177957 comment 23/30. We should decide what to do about giving XPConnect sandboxes access to [SecureContext] API.
Per email discussion, we should have sandboxes inited with a window inherit its secure context state. Ones inited with a URL or principal, presumably we would not treat as secure contexts, or we could just base it on that url or principal codebase, right?
Is jwatt going to make the call here?
The email discussions bz refers to were between bholley, bz and myself. The recommendations from bholley were: * Xray caller should see the secure APIs if either (a) they are system principal, or (b) the Xrayed global sees the APIs. * We should add a sandbox option, defaulting to false, for exposing secure-context APIs. * IIUC the secure-context-ness can only be deduced from the Window, not the Principal, right? Assuming that's the case, I agree that the slightly-odd behavior of inheriting secure-context-ness when creating a sandbox from a Window-as-nsIScriptObjectPrincipal is the way to go. I agree that we should have sandboxes inited with a window inherit its secure context state. I don't think we can really have sandboxes initialized with a URL or principal be a secure context though, since as bholley notes in that case we don't have enough information to make that call.
Priority: -- → P2
Jonathan, I'm hitting test failures in bug 1333140 because it turns out that "crypto.subtle" is currently exposed to sandboxes, and even used by at least the Push service. What needs to be done here to move this forward? Do we "simply" need someone to implement what's suggested in comment #3?
I think so, yes. Maybe reach out to the XPConnect peers to see if one of them can take a look? https://wiki.mozilla.org/Modules/All#XPConnect
Flags: needinfo?(jwatt) → needinfo?(bzbarsky)
Oops, didn't actually mean to needinfo bz. Probably best to find someone less busy if possible. :)
Fwiw, the plan from comment 3 seems reasonable to me. We just need someone to implement.
Component: DOM → DOM: Core & HTML
Product: Core → Core
You need to log in before you can comment on or make changes to this bug.