Closed
Bug 1498526
Opened 6 years ago
Closed 6 years ago
Consider pref rollout for opt builds for triggeringPrincipal checks
Categories
(Core :: DOM: Security, enhancement)
Core
DOM: Security
Tracking
()
RESOLVED
FIXED
mozilla65
| Tracking | Status | |
|---|---|---|
| firefox65 | --- | fixed |
People
(Reporter: jkt, Assigned: jkt)
References
(Blocks 1 open bug)
Details
(Whiteboard: [domsecurity-active])
Attachments
(1 file)
I think we should use a pref in docshell to fail loadURI loads when a triggeringPrincipal is implied. Example code change: https://hg.mozilla.org/try/rev/a4d04fffb025b25e1e74e6c182cbdcc353d519be The idea is to rollout the pref only to beta and nightly opt builds and wait a release cycle before removing the implied triggering principal code from DocShell: https://searchfox.org/mozilla-central/rev/1ce4e8a5601da8e744ca6eda69e782318afab54d/docshell/base/nsDocShell.cpp#942-951 This allows us to verify with a wider audience before removing the implied triggeringPrincipal code for an opt build.
|
Assignee | |
Comment 1•6 years ago
|
||
:bz / :bholley do you have any views on doing this?
Flags: needinfo?(bzbarsky)
Flags: needinfo?(bobbyholley)
|
|
Assignee | |
Comment 2•6 years ago
|
||
|
||
Comment 3•6 years ago
|
||
Seems reasonable to add a pref and try it on nightly, for sure.
Flags: needinfo?(bzbarsky)
|
||
Comment 4•6 years ago
|
||
I'm not in the loop on the particular code change, but the strategy in general sounds sensible.
Flags: needinfo?(bobbyholley)
Pushed by jkingston@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/c5cf88fb02d1 add in user pref to prevent loading implied triggeringPrincipal loads for dev and nightly builds. r=ckerschb
Backout by ebalazs@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/2f86f12badc1 Backed out changeset c5cf88fb02d1 for causing multiple failures e.g. browser/extensions/formautofill/test/mochitest/test_address_level_1_submission.html CLOSED TREE
|
||
Comment 7•6 years ago
|
||
Backed out changeset c5cf88fb02d1 (Bug 1498526) for causing multiple failures e.g. browser/extensions/formautofill/test/mochitest/test_address_level_1_submission.html CLOSED TREE Push with failures: https://treeherder.mozilla.org/#/jobs?repo=autoland&resultStatus=testfailed%2Cbusted%2Cexception%2Crunnable&revision=c5cf88fb02d1a5b8c17bc415058b09a7e308a582&selectedJob=210051089 Failure log examples: https://treeherder.mozilla.org/logviewer.html#?job_id=210051089&repo=autoland&lineNumber=3714 https://treeherder.mozilla.org/logviewer.html#?job_id=210045955&repo=autoland&lineNumber=1732 https://treeherder.mozilla.org/logviewer.html#?job_id=210044781&repo=autoland&lineNumber=2435 https://treeherder.mozilla.org/logviewer.html#?job_id=210045521&repo=autoland&lineNumber=8515 https://treeherder.mozilla.org/logviewer.html#?job_id=210045766&repo=autoland&lineNumber=20643 Backout push: https://treeherder.mozilla.org/#/jobs?repo=autoland&resultStatus=testfailed%2Cbusted%2Cexception%2Crunnable&classifiedState=unclassified&revision=2f86f12badc1e86b772e8dd95b4f6ff7e60b2d6e
Flags: needinfo?(jkt)
|
|
Assignee | |
Comment 8•6 years ago
|
||
Fixed, I was being overzealous with adding the failures in. Try push of the update here: https://treeherder.mozilla.org/#/jobs?repo=try&revision=42887c4f8048f51678cb67d06385bc27bd0deeba
Flags: needinfo?(jkt)
Pushed by jkingston@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/34938b2824ca add in user pref to prevent loading implied triggeringPrincipal loads for dev and nightly builds. r=ckerschb
|
||
Comment 10•6 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/34938b2824ca
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
status-firefox65:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla65
You need to log in
before you can comment on or make changes to this bug.
Description
•