Closed Bug 1332422 Opened 3 years ago Closed Last year

CSP should not use 'aExtra' to indicate redirects within ContentPolicy

Categories

(Core :: DOM: Security, defect, P3)

defect

Tracking

()

RESOLVED FIXED
mozilla63
Tracking Status
firefox63 --- fixed

People

(Reporter: ckerschb, Assigned: baku)

References

(Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-backlog1])

Attachments

(1 file)

nsIContentPolicy states

   * @param aExtra            an OPTIONAL argument, pass-through for non-Gecko
   *                          callers to pass extra data to callees.

CSP should not use aExtra to indicate redirects instead CSP should call a non public API.
Blocks: csp-w3c-3
Priority: -- → P3
Whiteboard: [domsecurity-backlog1]
I don't know if this is what we want, but working on other CSP related things, I removed this aExtra parameter, passing a nsIURI object directly when needed.
Assignee: nobody → amarchesini
Attachment #8992907 - Flags: review?(ckerschb)
Comment on attachment 8992907 [details] [diff] [review]
csp_blockedURI4.patch

Review of attachment 8992907 [details] [diff] [review]:
-----------------------------------------------------------------

Thanks for cleaning that up. r=me
Attachment #8992907 - Flags: review?(ckerschb) → review+
Pushed by amarchesini@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/8a66951dd403
CSP should not use 'aExtra' to indicate redirects within ContentPolicy, r=ckerschb
https://hg.mozilla.org/mozilla-central/rev/8a66951dd403
Status: NEW → RESOLVED
Closed: Last year
Resolution: --- → FIXED
Target Milestone: --- → mozilla63
You need to log in before you can comment on or make changes to this bug.