Closed Bug 1368110 Opened 7 years ago Closed 7 years ago

Create child redirect target (new) channel using parent target channel's original URI

Categories

(Core :: Networking: HTTP, enhancement)

Product:
Core
Component:
Networking: HTTP
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla56
Tracking Flags:
Tracking Status
firefox56 --- fixed

People

(Reporter: mayhemer, Assigned: mayhemer)

References

Details

(Whiteboard: [necko-active])

Attachments

(1 file, 1 obsolete file)

v1
5.44 KB, patch
mayhemer
: review+
Details | Diff | Splinter Review 
Reason: URI of a channel may not always be the URI we are actually redirecting to in case the channel's result principal URI is turned by the protocol handler to an actual principal that may be different (e.g. in case of a moz-extension: URL leading to a jar: URI, and there are other examples).

OriginalURI during the redirect preprocessing (before opening the new channel or getting the final veto result) reflects the URI we've been originally redirected to (i.e. the Location header value, or the target URI obtained any other way).

This also makes sure that security checking on the child process is made correctly, mainly after we land bug 1367814.
Attachment #8871845 - Flags: review?(jduell.mcbugs)
Comment on attachment 8871845 [details] [diff] [review]
v1

This should go through :bz as well.  I think this is enough to fulfill bug 1256122 comment 85.  If the way we construct the channel is identical to how we have done that on the parent process, then we don't need to carry result principal URI, since it MUST result to the same value on child process.
Comment on attachment 8871845 [details] [diff] [review]
v1

Review of attachment 8871845 [details] [diff] [review]:
-----------------------------------------------------------------

Honza: bz isn't accepting review requests right now :) so either just land this or try to get ahold of him by other means...
Attachment #8871845 - Flags: review?(jduell.mcbugs) → review+
I know, I'll hold, this belongs to the 'sec check URI' group of bugs.
Comment on attachment 8871845 [details] [diff] [review]
v1

Boris, this should address your comment at https://bugzilla.mozilla.org/show_bug.cgi?id=1256122#c85

It's based on assumption that the child protocol handler will create the channel the same way as he parent side protocol - resulting in channel with the same URI, originalURI and result principal URI on its load info.  Hence, there is no need to send all those down, the originalURI is enough.

There is also a comment in the code: https://bugzilla.mozilla.org/attachment.cgi?id=8871845&action=diff#a/netwerk/protocol/http/HttpChannelParent.cpp_sec2 to explain it.

(Formatting nits will be fixed before landing.)

Thanks.
Attachment #8871845 - Flags: review?(bzbarsky)
Comment on attachment 8871845 [details] [diff] [review]
v1

> HttpChannelChild::Redirect1Begin(const uint32_t& registrarId,
>+  nsresult rv;

Why move this around?

If you do, please fix the indent; on the SetupRedirect call; it's broken right now.

> HttpChannelParent::StartRedirect(uint32_t registrarId,
>+  nsresult rv;

Again, why move this?

r=me assuming all this code is running before the parent process calls SetOriginalURI on the post-redirect channel to set it to the same thing as the pre-redirect originalURI.
Attachment #8871845 - Flags: review?(bzbarsky) → review+
(In reply to Boris Zbarsky [:bz] (vacation until 7/7) from comment #6)
> Comment on attachment 8871845 [details] [diff] [review]
> v1
> 
> > HttpChannelChild::Redirect1Begin(const uint32_t& registrarId,
> >+  nsresult rv;
> 
> Why move this around?

I always place nsresult rv declaration as the first in the method to prevent hidden in-block redeclaration bugs (not caught by any tool chain we use.)

> r=me assuming all this code is running before the parent process calls
> SetOriginalURI on the post-redirect channel to set it to the same thing as
> the pre-redirect originalURI.

Yes!  The channel on the parent and on the child (here) are both created before the redirect vetoing consultation (the callback wants to have the channel as a arg), therefor before we change the original URI.
Keywords: checkin-needed
Needs rebasing.
Keywords: checkin-needed
(In reply to Ryan VanderMeulen [:RyanVM] from comment #8)
> Needs rebasing.

Ups, sorry for that.  The patch lingered for too long...
Attached patch v1Splinter Review 
rebased, and to make sure everything's still right:

https://treeherder.mozilla.org/#/jobs?repo=try&revision=24b3e11d4f3574bbb78b7b2c2cc39b432cbeef4e
Attachment #8871845 - Attachment is obsolete: true
Attachment #8883648 - Flags: review+
(based on result of the try push)
Keywords: checkin-needed
Pushed by ryanvm@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/ce9c8ba8d349
Create child redirect target (new) channel using parent target channel's original URI. r=jduell, r=bz
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/ce9c8ba8d349
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
status-firefox56: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla56
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: