Open Bug 1329572 Opened 8 years ago Updated 2 years ago

Consider making origin attributes become a XPCOM object

Categories

(Core :: DOM: Security, defect, P3)

defect

Tracking

()

Tracking Status
firefox57 --- fix-optional

People

(Reporter: jhao, Unassigned)

Details

(Whiteboard: [OA][domsecurity-backlog3])

Currently, a method with an origin attributes parameter can't be used by both JS and C++. For JS, the type is "jsval" and for C++ the type is "(Necko/Principal/DocShell)OriginAttributes". Can we consider making origin attributes become a XPCOM object, so a method can be used by both JS and C++? One downside is that we can't just use a JS object literal {...} as origin attributes anymore, but we can probably use a factory method to create an origin attributes object.
Tanvi, can you assing a priority to this bug as well please?
Flags: needinfo?(tanvi)
Whiteboard: [OA]
baku, what do you think about this?
Flags: needinfo?(amarchesini)
(In reply to Jonathan Hao [:jhao] (Away 1/27-2/1) from comment #0) > Can we consider making origin attributes become a XPCOM object, so a method > can be used by both JS and C++? One downside is that we can't just use a JS > object literal {...} as origin attributes anymore, but we can probably use a > factory method to create an origin attributes object. An example of the factory method is the factory of the nsILoadContextInfo[1] which is used by Necko. It allows JS code to produce nsILoadContextInfo. We can adopt the same mechanism here after originAttributes be converted into an XPCOM object. By doing so, Javascript can still use a JS object literal to generate an originAttributes XPCOM object them passing into the function. [1] http://searchfox.org/mozilla-central/source/netwerk/base/nsILoadContextInfo.idl#80
I like the idea to have nsIOriginAttributes. But I remember that bholley was strongly again it, if I remember correctly. Maybe I'm wrong.
Flags: needinfo?(amarchesini) → needinfo?(bobbyholley)
I was against XPCOM-ifying OriginAttributes because it would add a lot of overhead and boilerplate, both in C++ and JS. And there wasn't a use-case that required it. The general idea has been that C++ consumers should use generally move towards non-XPIDL interfaces to stuff, and therefore the only consumers of the XPIDL APIs would be JS consumers, which would use the jsval signature, because that's how modern webby JS works. Are there situations where, for some reason, we really need to use the same API in both C++ and JS? In those situations I could imagine the jsval getting in the way for C++ callers. We could add an nsIOriginAttributesHolder or something for those cases, but I'd rather not use XPIDL for the common case here.
Flags: needinfo?(bobbyholley)
Priority: -- → P3
Whiteboard: [OA] → [OA][domsecurity-backlog3]
Clearing my ni? queue at the moment. It seems that bholly's answer in comment 5 provides the ni? answer from tanvi. Keeping this in the backlog.
Flags: needinfo?(tanvi)
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.