Closed
Bug 1366973
Opened 7 years ago
Closed 4 years ago
Rename security flags within nsILoadInfo to not contain '_DATA_'
Categories
(Core :: DOM: Security, task, P3)
Core
DOM: Security
Tracking
()
RESOLVED
FIXED
mozilla80
Tracking | Status | |
---|---|---|
firefox80 | --- | fixed |
People
(Reporter: ckerschb, Assigned: freddy)
References
Details
(Whiteboard: [domsecurity-backlog1])
Attachments
(1 file)
There are still other protocols that inherit the security context (by setting URI_INHERITS_SECURITY_CONTEXT in the protocol handler). Since data: URIs will *not* inherit the security context anymore, we should rename those flags to something like: SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS -> SEC_REQUIRE_SAME_ORIGIN_INHERIT_SEC_CONTEXT Similar, for all the other security flags within nsILoadInfo.
Reporter | ||
Updated•7 years ago
|
Assignee: nobody → ckerschb
Status: NEW → ASSIGNED
Priority: -- → P3
Whiteboard: [domsecurity-active]
Reporter | ||
Updated•7 years ago
|
Whiteboard: [domsecurity-active] → [domsecurity-backlog1]
Reporter | ||
Updated•7 years ago
|
Reporter | ||
Comment 1•7 years ago
|
||
Olli, now that we are about to treat data: URIs to be cross origin I think we should rename the five security flags within the loadinfo (and subsequent everywhere in the codebase) to not contain _DATA_. What do you think about the following renaming: SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS -> SEC_REQUIRE_SAME_ORIGIN_INHERITS_SEC_CONTEXT SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED -> [I think that should remain the same] SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS -> SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL -> SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL SEC_REQUIRE_CORS_DATA_INHERITS -> SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT Please note that we obviously would also update documentation of those flags within nsILoadInfo.idl.
Flags: needinfo?(bugs)
Comment 2•7 years ago
|
||
Looks reasonable, but perhaps we should do it only once we have some experience on whether the new data: handling causes tons of regressions.
Flags: needinfo?(bugs)
Reporter | ||
Comment 3•7 years ago
|
||
(In reply to Olli Pettay [:smaug] from comment #2) > Looks reasonable, but perhaps we should do it only once we have some > experience on whether the new data: handling causes tons of regressions. I agree, let's hold off on that bug for a little while (and hopefully the new data: URI handling does not cause tons of regresssions).
Assignee | ||
Comment 5•4 years ago
|
||
A patch powered by this shell script will come soon:
rg SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS --files-with-matches | xargs sed -i 's/SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS/SEC_REQUIRE_SAME_ORIGIN_INHERITS_SEC_CONTEXT/g'
rg SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS --files-with-matches | xargs sed -i 's/SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS/SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT/g'
rg SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL --files-with-matches | xargs sed -i 's/SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL/SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL/g'
rg SEC_REQUIRE_CORS_DATA_INHERITS --files-with-matches | xargs sed -i 's/SEC_REQUIRE_CORS_DATA_INHERITS/SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT/g'
(will update the documentation as well, naturally)
Assignee | ||
Comment 6•4 years ago
|
||
Pushed by fbraun@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/e34785ffe0ed Rename security flags to not contain DATA anymore r=geckoview-reviewers,ckerschb,snorp
Comment 8•4 years ago
|
||
bugherder |
Status: ASSIGNED → RESOLVED
Closed: 4 years ago
status-firefox80:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla80
You need to log in
before you can comment on or make changes to this bug.
Description
•