Closed
Bug 1321687
Opened 8 years ago
Closed 7 years ago
Improve documentation of security checks in WebChannel code
Categories
(Core :: DOM: Core & HTML, defect)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
FIXED
mozilla53
| Tracking | Status | |
|---|---|---|
| firefox53 | --- | fixed |
People
(Reporter: rfkelly, Assigned: rfkelly)
Details
Attachments
(1 file)
|
3.98 KB,
patch
|
ehsan.akhgari
:
review+
|
Details | Diff | Splinter Review |
In particular, document why it uses the almost-always-a-bad-idea `originNoSuffix` property in its origin check, as a followup to https://bugzilla.mozilla.org/show_bug.cgi?id=1319904#c60
|
Assignee | |
Comment 1•8 years ago
|
||
It's not exactly War and Peace, but here's my attempt to clarify the choices made in the webchannel origin-checking code. I'm happy to iterate if this doesn't seem to cover all the bases.
Attachment #8816349 -
Flags: review?(ehsan)
|
||
Comment 2•8 years ago
|
||
Comment on attachment 8816349 [details] [diff] [review] webchannel-doc-update.diff Review of attachment 8816349 [details] [diff] [review]: ----------------------------------------------------------------- Thanks, looks great!
Attachment #8816349 -
Flags: review?(ehsan) → review+
|
|
Assignee | |
Updated•7 years ago
|
Keywords: checkin-needed
|
||
Comment 3•7 years ago
|
||
In the future, please attach patches with proper commit information included.
Pushed by ryanvm@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/7d52433eca7b Improve documentation of security checks in WebChannel code. r=ehsan
Keywords: checkin-needed
|
||
Comment 5•7 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/7d52433eca7b
Status: NEW → RESOLVED
Closed: 7 years ago
status-firefox53:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla53
|
||
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•