Closed Bug 1366973 Opened 3 years ago Closed 3 months ago
Rename security flags within ns
ILoad Info to not contain '_DATA _'
47 bytes, text/x-phabricator-request
|Details | Review|
There are still other protocols that inherit the security context (by setting URI_INHERITS_SECURITY_CONTEXT in the protocol handler). Since data: URIs will *not* inherit the security context anymore, we should rename those flags to something like: SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS -> SEC_REQUIRE_SAME_ORIGIN_INHERIT_SEC_CONTEXT Similar, for all the other security flags within nsILoadInfo.
Assignee: nobody → ckerschb
Status: NEW → ASSIGNED
Priority: -- → P3
Whiteboard: [domsecurity-active] → [domsecurity-backlog1]
Olli, now that we are about to treat data: URIs to be cross origin I think we should rename the five security flags within the loadinfo (and subsequent everywhere in the codebase) to not contain _DATA_. What do you think about the following renaming: SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS -> SEC_REQUIRE_SAME_ORIGIN_INHERITS_SEC_CONTEXT SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED -> [I think that should remain the same] SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS -> SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL -> SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL SEC_REQUIRE_CORS_DATA_INHERITS -> SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT Please note that we obviously would also update documentation of those flags within nsILoadInfo.idl.
Looks reasonable, but perhaps we should do it only once we have some experience on whether the new data: handling causes tons of regressions.
(In reply to Olli Pettay [:smaug] from comment #2) > Looks reasonable, but perhaps we should do it only once we have some > experience on whether the new data: handling causes tons of regressions. I agree, let's hold off on that bug for a little while (and hopefully the new data: URI handling does not cause tons of regresssions).
Assignee: ckerschb → fbraun
Type: enhancement → task
Pushed by firstname.lastname@example.org: https://hg.mozilla.org/integration/autoland/rev/e34785ffe0ed Rename security flags to not contain DATA anymore r=geckoview-reviewers,ckerschb,snorp
You need to log in before you can comment on or make changes to this bug.