Closed
Bug 1543579
Opened 5 years ago
Closed 5 years ago
Follow-up: Disallow http(s) resources to be loaded into system privileged documents for release builds
Categories
(Core :: DOM: Security, defect, P2)
Core
DOM: Security
Tracking
()
RESOLVED
FIXED
mozilla73
| Tracking | Status | |
|---|---|---|
| firefox73 | --- | fixed |
People
(Reporter: freddy, Assigned: freddy)
References
(Blocks 1 open bug)
Details
(Whiteboard: [domsecurity-active][ready to land])
Attachments
(1 file)
+++ This bug was initially created as a clone of Bug #1513445 +++
We should turn the debug assertion into a release assertion after the next merge, May 15th.
|
Assignee | |
Comment 1•5 years ago
|
||
FWIW, we disallowed in nightly/early beta through bug 1552477. We will track this for a while until we make a decision.
|
||
Comment 2•5 years ago
|
||
I think the blocking bug for this was incorrect...
|
|
||
Updated•5 years ago
|
|
|
Assignee | |
Comment 3•5 years ago
|
||
The assertion is enabled for nightly & early beta builds.
#ifdef EARLY_BETA_OR_EARLIER
AssertSystemPrincipalMustNotLoadRemoteDocuments(aChannel);
#endif
No additional crashes according to this search for assertion failures in doContentSecurityCheck.
Are you OK with removing the ifdef and letting this ride the trains?
Flags: needinfo?(ckerschb)
|
|
Assignee | |
Updated•5 years ago
|
Summary: Follow-up: Disallow http(s) resources to be loaded into system privileged documents for non-debug builds → Follow-up: Disallow http(s) resources to be loaded into system privileged documents for release builds
|
|
Assignee | |
Comment 4•5 years ago
|
||
|
||
Updated•5 years ago
|
Attachment #9110472 -
Attachment description: Bug 1543579 - Disallow SystemPrincipal for Remote documents on all channels r=ckerschb → Bug 1543579 - Disallow SystemPrincipal for Remote documents on all channels r=ckerschb,tjr
|
||
Comment 5•5 years ago
|
||
(In reply to Frederik Braun [:freddyb] from comment #3)
Are you OK with removing the
ifdefand letting this ride the trains?
Yes, already accepted the patch :-)
Flags: needinfo?(ckerschb)
|
|
Assignee | |
Updated•5 years ago
|
Whiteboard: [domsecurity-active] → [domsecurity-active][ready to land after end of soft-freeze on Dec 2nd]
|
|
Assignee | |
Updated•5 years ago
|
Whiteboard: [domsecurity-active][ready to land after end of soft-freeze on Dec 2nd] → [domsecurity-active][ready to land]
Pushed by apavel@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/60cf9b754257 Disallow SystemPrincipal for Remote documents on all channels r=ckerschb,tjr
|
||
Comment 7•5 years ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
status-firefox73:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla73
You need to log in
before you can comment on or make changes to this bug.
Description
•