Closed Bug 1739442 Opened 3 years ago Closed 2 years ago

Add containerized mechanism to init documents with security information

Categories

(Core :: DOM: Security, task, P3)

Product:
Core
Component:
DOM: Security
Type:
task

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1706026

People

(Reporter: ckerschb, Unassigned)

Details

(Keywords: sec-want, Whiteboard: [domsecurity-backlog1])

Currently we are using patterns like the following when transferring security information or also initializing a new document.

aNewDoc->Reset(channel, loadGroup);
aNewDoc->SetPrincipals(sourcePrincipal, sourcePartitionedPrincipal);
aNewDoc->SetBaseURI(sourceDoc->GetDocBaseURI());
aNewDoc->SetSandboxFlags(sourceDoc->GetSandboxFlags());
aNewDoc->SetReferrerInfo(sourceDoc->GetReferrerInfo());
aNewDoc->SetEmbedderPolicy(sourceDoc->GetEmbedderPolicy());

Such patterns are obviously error prone and have caused problems quite so many teams. Ideally we are using some containerized mechanism when restting or initializing a document. Something like aNewDoc->SetSecurityInfo() or something there like, so in case we update one callsite the compiler would tell us all the other callsites and we can not accidentally forget to update one.

Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.