Closed Bug 1305996 Opened 4 years ago Closed 4 years ago

Tweak Documentation for nsILoadInfo

Categories

(Core :: DOM: Security, defect, P1)

defect

Tracking

()

RESOLVED FIXED
mozilla52
Tracking Status
firefox52 --- fixed

People

(Reporter: ckerschb, Assigned: ckerschb)

References

Details

(Whiteboard: [domsecurity-active])

Attachments

(1 file)

As a follow up for
> https://bugzilla.mozilla.org/show_bug.cgi?id=1291458#c15
we should slightly teak the documentation to incorporate when a loadingPrincipa/triggeringPrincipal should not be a SystemPrincipal.
Assignee: nobody → ckerschb
Status: NEW → ASSIGNED
Priority: -- → P1
Whiteboard: [domsecurity-active]
Blocks: 1291458
Comment on attachment 8795704 [details] [diff] [review]
bug_1305996_documentation_loadinfo.patch

Some replacements below. r+ with the changes.


>diff --git a/netwerk/base/nsILoadInfo.idl b/netwerk/base/nsILoadInfo.idl
>--- a/netwerk/base/nsILoadInfo.idl
>+++ b/netwerk/base/nsILoadInfo.idl
>@@ -203,45 +203,67 @@ interface nsILoadInfo : nsISupports
>    * So if document at http://a.com/page.html loads an image from
>    * http://b.com/pic.jpg, then loadingPrincipal will be
>    * http://a.com/page.html.
>    *
>    * For <iframe> and <frame> loads, the LoadingPrincipal is the
>    * principal of the parent document. For top-level loads, the
>    * LoadingPrincipal is null. For all loads except top-level loads
>    * the LoadingPrincipal is never null.
>+   *
>+   * If the loadingPrincipal is the system principal, no security checks
>+   * will be done at all, not during the initial load, and not during
will be done at all.  There will be no security checks on the initial load or any subsequent redirects.

>+   * redirects. This includes not doing any nsIContentPolicy checks or
This means there will be no nsIContentPolicy checks or any CheckLoadURI checks.
>+   * any CheckLoadURI checks. Because of this, never set the
>+   * loadingPrincipal to the system principal when the URI to be loaded
>+   * is controlled by a webpage.
>+   * If the loadingPrincipal and triggeringPrincipal are both
>+   * codebase-principals, then we will at least call into
codebase-principals, then we will always call into nsIContentPolicies and CheckLoadURI.
>+   * nsIContentPolicies. This happens even if the uri to be loaded is
The call to nsIContentPolicies and CheckLoadURI happen even if the URI to be loaded is same-origin with the loadingPrincipal or triggeringPrincipal. [Note I changed it to or.]
>+   * same-origin with the loadingPrincipal and triggeringPrincipal.
>    */
>   readonly attribute nsIPrincipal loadingPrincipal;
> 


And the same changes apply to the triggeringPrincipal section below.
Attachment #8795704 - Flags: review?(tanvi) → review+
https://hg.mozilla.org/mozilla-central/rev/b001b0ed40e1
Status: ASSIGNED → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla52
You need to log in before you can comment on or make changes to this bug.