Update TriggeringPrincipal when adding to session history within docshell

RESOLVED FIXED in Firefox 53

Status

()

Core
DOM: Security
P1
normal
RESOLVED FIXED
11 months ago
11 months ago

People

(Reporter: ckerschb, Assigned: ckerschb)

Tracking

unspecified
mozilla53
Points:
---

Firefox Tracking Flags

(firefox-esr45 unaffected, firefox50 unaffected, firefox51 unaffected, firefox52 unaffected, firefox53+ fixed)

Details

(Whiteboard: [domsecurity-active])

Attachments

(1 attachment)

Comment hidden (empty)
(Assignee)

Updated

11 months ago
Assignee: nobody → ckerschb
Blocks: 1307736
Status: NEW → ASSIGNED
Priority: -- → P1
Whiteboard: [domsecurity-active]
(Assignee)

Comment 1

11 months ago
Created attachment 8828359 [details] [diff] [review]
bug_1332310_add_triggeringprincipal_when_adding_session_history.patch

Boris, it seems that Bug 1307736 is a little more complicated than we thought and will require more work. Tanvi requested tracking for 53 [1]. In particular she is worried about the triggeringPrincipal fallback within docshell and hence she wants to update at least the triggeringPrincipal part when adding to session history [2] (which makes sense to me).

If you agree, then we land this bug now and clear the tracking-requested for 53 from Bug 1307736. Agreed?

[1] https://bugzilla.mozilla.org/show_bug.cgi?id=1307736#c11
[2] https://bugzilla.mozilla.org/show_bug.cgi?id=1307736#c33
Attachment #8828359 - Flags: review?(bzbarsky)
Comment on attachment 8828359 [details] [diff] [review]
bug_1332310_add_triggeringprincipal_when_adding_session_history.patch

r=me as far as it goes, but why can't we also land the changes to nsDocShell::CreateContentViewer?
Attachment #8828359 - Flags: review?(bzbarsky) → review+
Oh, and this needs a much better commit message.  We're only changing the AddState case, not general session history addition.
(Assignee)

Comment 4

11 months ago
(In reply to Boris Zbarsky [:bz] (still a bit busy) from comment #2)
> Comment on attachment 8828359 [details] [diff] [review]
> bug_1332310_add_triggeringprincipal_when_adding_session_history.patch
> 
> r=me as far as it goes, but why can't we also land the changes to
> nsDocShell::CreateContentViewer?

Yes, we can land those with this bug too - thanks.
(Assignee)

Comment 5

11 months ago
[Tracking Requested - why for this release]:
This Bug is a partial fix for Bug 1307736 and why Tanvi requested tracking for 53 [1]. We will land this bug and I will clear the tracking flags for Bug 1307736 as agreed with bz and tanvi.

[1] https://bugzilla.mozilla.org/show_bug.cgi?id=1307736#c33
status-firefox50: --- → unaffected
status-firefox51: --- → unaffected
status-firefox52: --- → unaffected
status-firefox53: --- → affected
status-firefox-esr45: --- → unaffected
tracking-firefox53: --- → ?

Comment 6

11 months ago
Pushed by mozilla@christophkerschbaumer.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/9396973616a5
Update AddState and CreateContentViewer to provide an accurate triggeringPrincipal for creating a history entry. r=bz

Comment 7

11 months ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/9396973616a5
Status: ASSIGNED → RESOLVED
Last Resolved: 11 months ago
status-firefox53: affected → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla53
tracking-firefox53: ? → +
You need to log in before you can comment on or make changes to this bug.