Closed
Bug 1367814
Opened 7 years ago
Closed 7 years ago
Check that a redirect may load by result principal URI (NS_GetFinalChannelURI)
Categories
(Core :: Security: CAPS, defect)
Core
Security: CAPS
Tracking
()
RESOLVED
FIXED
mozilla56
Tracking | Status | |
---|---|---|
firefox56 | --- | fixed |
People
(Reporter: mayhemer, Assigned: mayhemer)
References
Details
Attachments
(1 file, 1 obsolete file)
Based on https://bugzilla.mozilla.org/show_bug.cgi?id=1256122#c69 see also https://bugzilla.mozilla.org/show_bug.cgi?id=1256122#c85 for what yet needs to be added.
Assignee | ||
Updated•7 years ago
|
Assignee: nobody → honzab.moz
Status: NEW → ASSIGNED
Assignee | ||
Comment 1•7 years ago
|
||
Comment on attachment 8871340 [details] [diff] [review] v1 (nsContentSecurityManager::AsyncOnChannelRedirect check against final channel URI of the new channel) Try run here: https://treeherder.mozilla.org/#/jobs?repo=try&revision=325ac293772a6e865468e9a9d5758928ab0b9c7b (:bz doesn't accept reviews, this has to wait)
Attachment #8871340 -
Attachment description: wip → v1 (nsContentSecurityManager::AsyncOnChannelRedirect check against final channel URI of the new channel)
Assignee | ||
Updated•7 years ago
|
Summary: Check redirect may load by result principal URI (NS_GetFinalChannelURI) → Check that a redirect may load by result principal URI (NS_GetFinalChannelURI)
Comment 2•7 years ago
|
||
Comment on attachment 8871340 [details] [diff] [review] v1 (nsContentSecurityManager::AsyncOnChannelRedirect check against final channel URI of the new channel) r=me, but the commit message should have something after the first line about how this allows protocols that load their data from some "privileged" URI but really want everything (including the principal and the redirect behavior) to look like an "unprivileged" one to function correctly.
Attachment #8871340 -
Flags: review+
Assignee | ||
Comment 4•7 years ago
|
||
(In reply to Shane Caraveo (:mixedpuppy) from comment #3) > mayhemer: Is this ready to land? yep, I wanted to separate landing of this one and few other bugs to narrow down regressions better. I'll land this tomorrow.
Flags: needinfo?(honzab.moz)
Assignee | ||
Comment 5•7 years ago
|
||
(updated commit message)
Attachment #8871340 -
Attachment is obsolete: true
Attachment #8886143 -
Flags: review+
Assignee | ||
Comment 6•7 years ago
|
||
https://treeherder.mozilla.org/#/jobs?repo=try&revision=62f1555b421a3a1f6f7837e37b04c1b79be4c9d0
Keywords: checkin-needed
Pushed by cbook@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/5c8f80d77909 Let nsContentSecurityManager check if a redirect may load against the target channel's final URI, r=bz
Keywords: checkin-needed
Comment 8•7 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/5c8f80d77909
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
status-firefox56:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla56
You need to log in
before you can comment on or make changes to this bug.
Description
•