Closed Bug 1365166 Opened 4 years ago Closed 4 years ago

rename security.data_uri.inherit_security_context

Categories

(Core :: DOM: Security, enhancement)

enhancement
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla55
Tracking Status
firefox55 --- fixed

People

(Reporter: allstars.chh, Assigned: allstars.chh)

References

Details

(Whiteboard: [domsecurity-active])

Attachments

(1 file)

We introduced the name 'security.data_uri.inherit_security_context' in bug 1328860.
However I think the naming is a little confusing,

for example, when we're doing a feature, it's default pref 'off', when the feature is ready, we turn 'on'

But the feature security.data_uri.inherit_security_context now is 'On', and we are going to turn it 'OFF'.

I am guessing this may cause some misunderstanding in the future, specially for release engineering, 

ckerschb, smaug, what do you think?

Thanks
Flags: needinfo?(ckerschb)
Flags: needinfo?(bugs)
(In reply to Yoshi Huang [:allstars.chh] from comment #0)
> ckerschb, smaug, what do you think?

I don't have a strong opinion about that. If you wanna change it, that's fine with me.
Flags: needinfo?(ckerschb)
I don't have a strong opinion either.
I see it so that currently we have legacy behavior enabled, and once everything is fixed, we can disable it.
Flags: needinfo?(bugs)
Thanks, then I'll rename it to security.data_uri.unique_opaque_origin and pref default off.
Assignee: nobody → allstars.chh
Whiteboard: [domsecurity-active]
Summary: Should we rename security.data_uri.inherit_security_context? → rename security.data_uri.inherit_security_context
Status: NEW → ASSIGNED
Attached patch Patch.Splinter Review
Attachment #8868405 - Flags: review?(bugs)
Attachment #8868405 - Flags: feedback?(ckerschb)
Comment on attachment 8868405 [details] [diff] [review]
Patch.

>
>+// TODO: Bug 1324406: Treat 'data:' documents as unique, opaque origins
>+// If true, data: URIs will be treated as unique opaque origins, hence will use
>+// a NullPrincipal as the security context.
>+// Otherwise it will inherit the origin from parent node, this is the legacy
>+// behavior of Firefox.
>+pref ("security.data_uri.unique_opaque_origin", false);
Looks like the old code had extra space between pref and (, want to fix it here.
Attachment #8868405 - Flags: review?(bugs) → review+
Comment on attachment 8868405 [details] [diff] [review]
Patch.

Review of attachment 8868405 [details] [diff] [review]:
-----------------------------------------------------------------

thanks
Attachment #8868405 - Flags: feedback?(ckerschb) → review+
Pushed by yhuang@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/9cf73dbcd1a0
rename security.data_uri.inherit_security_context to security.data_uri.unique_opaque_origin. r=smaug, ckerschb
https://hg.mozilla.org/mozilla-central/rev/9cf73dbcd1a0
Status: ASSIGNED → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla55
You need to log in before you can comment on or make changes to this bug.