Closed
Bug 1365166
Opened 8 years ago
Closed 8 years ago
rename security.data_uri.inherit_security_context
Categories
(Core :: DOM: Security, enhancement)
Core
DOM: Security
Tracking
()
RESOLVED
FIXED
mozilla55
| Tracking | Status | |
|---|---|---|
| firefox55 | --- | fixed |
People
(Reporter: allstars.chh, Assigned: allstars.chh)
References
Details
(Whiteboard: [domsecurity-active])
Attachments
(1 file)
|
8.29 KB,
patch
|
smaug
:
review+
ckerschb
:
review+
|
Details | Diff | Splinter Review |
We introduced the name 'security.data_uri.inherit_security_context' in bug 1328860.
However I think the naming is a little confusing,
for example, when we're doing a feature, it's default pref 'off', when the feature is ready, we turn 'on'
But the feature security.data_uri.inherit_security_context now is 'On', and we are going to turn it 'OFF'.
I am guessing this may cause some misunderstanding in the future, specially for release engineering,
ckerschb, smaug, what do you think?
Thanks
|
Assignee | |
Updated•8 years ago
|
Flags: needinfo?(ckerschb)
|
|
Assignee | |
Updated•8 years ago
|
Flags: needinfo?(bugs)
|
||
Comment 1•8 years ago
|
||
(In reply to Yoshi Huang [:allstars.chh] from comment #0)
> ckerschb, smaug, what do you think?
I don't have a strong opinion about that. If you wanna change it, that's fine with me.
Flags: needinfo?(ckerschb)
|
||
Comment 2•8 years ago
|
||
I don't have a strong opinion either.
I see it so that currently we have legacy behavior enabled, and once everything is fixed, we can disable it.
Flags: needinfo?(bugs)
|
|
Assignee | |
Comment 3•8 years ago
|
||
Thanks, then I'll rename it to security.data_uri.unique_opaque_origin and pref default off.
Assignee: nobody → allstars.chh
Whiteboard: [domsecurity-active]
|
|
Assignee | |
Updated•8 years ago
|
Summary: Should we rename security.data_uri.inherit_security_context? → rename security.data_uri.inherit_security_context
|
|
Assignee | |
Updated•8 years ago
|
Status: NEW → ASSIGNED
|
|
Assignee | |
Comment 4•8 years ago
|
||
Attachment #8868405 -
Flags: review?(bugs)
Attachment #8868405 -
Flags: feedback?(ckerschb)
|
|
||
Comment 5•8 years ago
|
||
Comment on attachment 8868405 [details] [diff] [review]
Patch.
>
>+// TODO: Bug 1324406: Treat 'data:' documents as unique, opaque origins
>+// If true, data: URIs will be treated as unique opaque origins, hence will use
>+// a NullPrincipal as the security context.
>+// Otherwise it will inherit the origin from parent node, this is the legacy
>+// behavior of Firefox.
>+pref ("security.data_uri.unique_opaque_origin", false);
Looks like the old code had extra space between pref and (, want to fix it here.
Attachment #8868405 -
Flags: review?(bugs) → review+
|
|
||
Comment 6•8 years ago
|
||
Comment on attachment 8868405 [details] [diff] [review]
Patch.
Review of attachment 8868405 [details] [diff] [review]:
-----------------------------------------------------------------
thanks
Attachment #8868405 -
Flags: feedback?(ckerschb) → review+
Pushed by yhuang@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/9cf73dbcd1a0
rename security.data_uri.inherit_security_context to security.data_uri.unique_opaque_origin. r=smaug, ckerschb
|
||
Comment 8•8 years ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
status-firefox55:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla55
You need to log in
before you can comment on or make changes to this bug.
Description
•