Move XFO out of nsDSURIContentListener.cpp into dom/security

RESOLVED FIXED in Firefox 56

Status

()

Core
DOM: Security
P2
normal
RESOLVED FIXED
9 months ago
8 months ago

People

(Reporter: ckerschb, Assigned: ckerschb)

Tracking

(Blocks: 1 bug)

unspecified
mozilla56
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox56 fixed)

Details

(Whiteboard: [domsecurity-active])

Attachments

(1 attachment)

Comment hidden (empty)
(Assignee)

Updated

9 months ago
Assignee: nobody → ckerschb
Status: NEW → ASSIGNED
Priority: -- → P2
Whiteboard: [domsecurity-active]
(Assignee)

Updated

9 months ago
Depends on: 1024557
Context for those following along at home:

(In reply to Christoph Kerschbaumer [:ckerschb] from bug 1024557 comment #22)
> Created attachment 8875196 [details] [diff] [review]
> bug_1024557_ignore_x-frame-options.patch

> b) I filed Bug 1370788 to move XFO out of nsDSURIContentListener.cpp and
> into dom/security. That's where XFO belongs in my opinion. Further we should
> use the same implementation for XFO and frame-ancestors in the end, but
> that's yet a different bug.
(Assignee)

Comment 2

8 months ago
Created attachment 8878909 [details] [diff] [review]
bug_1370788_move_xfo_into_dom_security.patch

Hey Smaug, as discussed on IRC, I think XFO belongs into dom/security. Within this patch I am not changing any behavior, just removing the XFO code from nsDSURIContentListener.cpp and put it into FramingChecker.

Notes:
* Need to make FramingChecker a friend of nsDocShell because of GetHttpChannel().
* https://treeherder.mozilla.org/#/jobs?repo=try&revision=799747324c498e17e2f52667af875eb225494df2
Attachment #8878909 - Flags: review?(bugs)
(Assignee)

Comment 3

8 months ago
Additional note: mostly I moving the code over to dom/security because ultimately XFO and our implementation for frame-ancestors should use the same implementation. No need for having two implementations doing the same thing.

Updated

8 months ago
Attachment #8878909 - Flags: review?(bugs) → review+

Comment 4

8 months ago
Pushed by mozilla@christophkerschbaumer.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/f55086b153eb
Move XFO out of nsDSURIContentListener.cpp into dom/security. r=smaug

Comment 5

8 months ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/f55086b153eb
Status: ASSIGNED → RESOLVED
Last Resolved: 8 months ago
status-firefox56: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla56
(Assignee)

Updated

8 months ago
Blocks: 1374313
You need to log in before you can comment on or make changes to this bug.