Open Bug 1490093 Opened 6 years ago Updated 2 years ago

CORS Preflight Cache can be cleared by a rogue Content Process

Categories

(Core :: Networking: HTTP, enhancement, P3)

enhancement

Tracking

()

Fission Milestone Future

People

(Reporter: tjr, Unassigned)

References

(Depends on 1 open bug, Blocks 1 open bug)

Details

(Whiteboard: [necko-triaged])

RemoveCorsPreflightCacheEntry in https://searchfox.org/mozilla-central/source/netwerk/protocol/http/PHttpChannel.ipdl accepts a URI and Principal from the Content Process, and uses it directly to remove entries from a static CORS Preflight Cache without verification.

We should verify that the URI/Principal correspond to allowable values based on the content process the message is received from.
Depends on: fission-ipc-map
Priority: -- → P3
Whiteboard: [necko-triaged]

This bug is not a Fission MVP blocker.

Fission Milestone: --- → Future
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.