Closed Bug 1292522 Opened 5 years ago Closed 5 years ago
.domain set on iframe/parent, permission denied on property-access across frame/parent when coming from different ports
Regression window: https://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=df7e8620c830db77b0d51b78ae81fcdb3d122d29&tochange=9613753f5c1c94b9ccbf0a2003913e17f69f617a Triggered by: d81ec460382e Dragana Damjanovic dd mozilla — Bug 409885 - Use SetHostPort in nsHTMLDocument::SetDomain. r=bz
Assignee: nobody → dd.mozilla
Status: NEW → ASSIGNED
I made a minimal change so that we can uplift it to aurora and beta. Maybe we should change SetHostPort function, but I would not uplift such a patch.
Attachment #8780554 - Flags: review?(bugs)
Olli, if you do not have time, I can give it to bz when he comes back.
Not critical enough for the 48 dot release. However, happy to take a patch in 49
SetHostPort has rather unexpected behavior. Why doesn't it reset port?
oh, nm, I misunderstood.
Comment on attachment 8780554 [details] [diff] [review] bug_1292522.patch Hmm, still rather unexpected API. Why doesn't it reset port by default? Can we get some test for this
Attachment #8780554 - Flags: review?(bugs) → review+
(In reply to Olli Pettay [:smaug] from comment #8) > Comment on attachment 8780554 [details] [diff] [review] > bug_1292522.patch > > Hmm, still rather unexpected API. Why doesn't it reset port by default? > This function was added in bug 887364 and it is form the start implemented in this way. There is no comment in the bug why is it implemented in this way. I will open another bug to fix this. > Can we get some test for this I will write a test.
Attachment #8781608 - Flags: review?(bugs)
I have open a new bug, bug 1295636, for fixing SetHostPort function.
Pushed by email@example.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/06b37b01a0a5 Fix regression from bug 409885. r=smaug https://hg.mozilla.org/integration/mozilla-inbound/rev/af1ae450676a Add test for bug 1292522 - the same domain host with different port numbers must be treated as the same domain. r=smaug
Shouldn't the patch be proposed for branches too? This is breaking web sites.
(In reply to Olli Pettay [:smaug] from comment #16) > Shouldn't the patch be proposed for branches too? This is breaking web sites. I was just waiting for patch to land on m.-c. before asking for an uplift. It just landed, I will ask for an uplift.
Comment on attachment 8781610 [details] [diff] [review] bug_1292522.patch Approval Request Comment [Feature/regressing bug #]: bug 409885 [User impact if declined]: it break some sites, I do not know how many. The uri from doc and iframe must differ only in the port number. [Describe test coverage new/current, TreeHerder]: Test is added as well. [Risks and why]: low it is only one line [String/UUID change made/needed]: none
Comment on attachment 8781608 [details] [diff] [review] bug_1292522_test.patch Approval Request Comment [Feature/regressing bug #]: bug 409885, but this is only a test. [User impact if declined]: [Describe test coverage new/current, TreeHerder]: [Risks and why]: no risk, this is only a test. [String/UUID change made/needed]:
Comment on attachment 8781610 [details] [diff] [review] bug_1292522.patch Fix for regression from 48, includes new tests. This should land in the beta 6 build today.
Comment on attachment 8781608 [details] [diff] [review] bug_1292522_test.patch Test-only patches do not need relman review, they are auto approved.
Posted the site compatibility document for the record: https://www.fxsitecompat.com/en-CA/docs/2016/setting-document-domain-doesn-t-change-the-port-may-cause-permission-errors/
You need to log in before you can comment on or make changes to this bug.