Open Bug 1344819 Opened 3 years ago Updated 2 years ago

Investigate if triggeringPrincipal should be queried from mOSHE within docShell


(Core :: DOM: Security, enhancement, P3)





(Reporter: ckerschb, Assigned: tnguyen)



(Whiteboard: [domsecurity-backlog1])

As discussed with smaug (see also [0]) we should potentially *not* query the triggeringPrincipal from mOSHE when creating a new session entry [1].

This needs more investigation.

Depends on: 1341754
Priority: -- → P3
Whiteboard: [domsecurity-backlog1]
Thomas, to get some more background info, you could read Comments 14 (15,16,17,...) from Bug 1341754. The essential question is, should we query the triggeringPrincipal and PrincipalToInherit from mOSHE [1] in case there is an mOSHE or not. Potentially we could remove that if-else branch and always use the else branch, but we need to do some audit.

To fix the bug, ideally we run a bunch of tests (in particular loading about: pages) and investigate the principalToInherit and TriggeringPrincipal in the different scenarios. Once we have a list of that, we can move on with the code fix.

Flags: needinfo?(tnguyen)
Thanks for the info. Assign to myself so I can take a look later
Assignee: nobody → tnguyen
Flags: needinfo?(tnguyen)
Assignee: tnguyen → nobody
Assignee: nobody → tnguyen
You need to log in before you can comment on or make changes to this bug.