Add assert to nsDocShellLoadState::SetupTriggeringPrincipal to remove inferred referrer triggering principal

RESOLVED FIXED in Firefox 66

Status

()

enhancement
P1
normal
RESOLVED FIXED
7 months ago
6 months ago

People

(Reporter: jkt, Assigned: jkt)

Tracking

(Blocks 1 bug)

65 Branch
mozilla66
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox65 wontfix, firefox66 fixed)

Details

(Whiteboard: [domsecurity-active])

Attachments

(1 attachment)

Assignee

Description

7 months ago
In nsDocShellLoadState::SetupTriggeringPrincipal we are inferring a codebase principal when there isn't a triggering principal but there is a referrer.

We should require an explicit principal always.
Assignee

Comment 3

7 months ago
Depends on changes in: Bug 1508609

Comment 4

6 months ago
Pushed by jkingston@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/b36b70ed2ed2
adding in assert for referrer implied codebase principal. r=ckerschb

Comment 5

6 months ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/b36b70ed2ed2
Status: ASSIGNED → RESOLVED
Closed: 6 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla66
You need to log in before you can comment on or make changes to this bug.