Assignee: nobody → ckerschb
Status: NEW → ASSIGNED
Priority: -- → P2
Context for those following along at home: (In reply to Christoph Kerschbaumer [:ckerschb] from bug 1024557 comment #22) > Created attachment 8875196 [details] [diff] [review] > bug_1024557_ignore_x-frame-options.patch > b) I filed Bug 1370788 to move XFO out of nsDSURIContentListener.cpp and > into dom/security. That's where XFO belongs in my opinion. Further we should > use the same implementation for XFO and frame-ancestors in the end, but > that's yet a different bug.
Created attachment 8878909 [details] [diff] [review] bug_1370788_move_xfo_into_dom_security.patch Hey Smaug, as discussed on IRC, I think XFO belongs into dom/security. Within this patch I am not changing any behavior, just removing the XFO code from nsDSURIContentListener.cpp and put it into FramingChecker. Notes: * Need to make FramingChecker a friend of nsDocShell because of GetHttpChannel(). * https://treeherder.mozilla.org/#/jobs?repo=try&revision=799747324c498e17e2f52667af875eb225494df2
Attachment #8878909 - Flags: review?(bugs)
Additional note: mostly I moving the code over to dom/security because ultimately XFO and our implementation for frame-ancestors should use the same implementation. No need for having two implementations doing the same thing.
Pushed by email@example.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/f55086b153eb Move XFO out of nsDSURIContentListener.cpp into dom/security. r=smaug
Status: ASSIGNED → RESOLVED
Last Resolved: 8 months ago
status-firefox56: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla56
You need to log in before you can comment on or make changes to this bug.