Closed Bug 1584991 (fission-dom-security) Opened 5 years ago Closed 2 years ago

[meta] Fission and DOM:Security

Categories

(Core :: DOM: Security, task)

Product:
Core
Component:
DOM: Security
Type:
task
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Project Flags:
Fission Milestone Future

People

(Reporter: ckerschb, Assigned: ckerschb)

References

(Depends on 1 open bug, Blocks 1 open bug)

Details

(Keywords: meta, Whiteboard: [domsecurity-meta])

It seems that fission breaks a variety of content security features. At least:

  • mixed content blocking
  • upgrade-insecure-requests
  • same-site cookies
  • CSP frame-ancestors
  • X-frame-options
  • ...
Depends on: 1584157
Assignee: nobody → ckerschb
Status: NEW → ASSIGNED
Type: defect → task
Depends on: 1584992
Depends on: 1584993
Depends on: 1584998
Depends on: 1585000
Depends on: 1580462
Depends on: 1583553
Alias: fission-dom-security

Overall, we should check all appearances of 'docSheel' within dom/security. Good things to query for:

  • GetDocShell()
  • nsIDocShell
  • GetInProcessSameTypeRootTreeItem()

All these need to be evaluated at least.

Depends on: 1585312
Depends on: 1586051
Depends on: 1586684
Depends on: 1586704
Depends on: 1586705
Depends on: 1586707
Depends on: 1586708
Depends on: 1586709
Depends on: 1586710
Depends on: 1586711
Depends on: 1586712
Depends on: 1586713
Depends on: 1586714
Depends on: 1586715
Depends on: 1586716
Depends on: 1586717
Depends on: 1586718
Depends on: 1586719
Depends on: 1586721
Depends on: 1586722
Depends on: 1586723
Depends on: 1586725
Depends on: 1586726
Depends on: 1587743
Depends on: 1589996
Depends on: 1590032
Depends on: 1590318
Depends on: 1590321
Depends on: 1590322
Depends on: 1590335
Depends on: 1590076
Depends on: 1580643
Depends on: 1591865
Depends on: 1592201
Depends on: 1592548
Depends on: 1592657
No longer blocks: 1595541
Depends on: 1595541
Depends on: 1597209
Fission Milestone: --- → M4.1
Depends on: 1597606
Depends on: 1598362
Depends on: 1599256
Depends on: 1599131
Depends on: 1601887
Depends on: 1589275

Tracking meta bug for Fission Nightly (M6)

Fission Milestone: M4.1 → M6
Depends on: 1587434
Depends on: 1588178
No longer depends on: 1587434
No longer depends on: 1593282
Depends on: 1622364
Depends on: 1625366
No longer depends on: 1598362
Depends on: 1627963
Depends on: 1627971
Depends on: 1627972
Depends on: 1570243
Depends on: 1620709
Depends on: 1639080
Depends on: 1639200

Moving this meta bug to Fission milestone M6c as a reminder to make sure there are no open DOM Security issues before we enable Fission in Nightly.

Fission Milestone: M6 → M6c
Depends on: 1653455
Fission Milestone: M6c → Future
No longer depends on: 1639200
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.