Closed
Bug 193953
Opened 22 years ago
Closed 21 years ago
WSDL Proxy callback doesn't allow access to the SOAP Response
Categories
(Core Graveyard :: Web Services, defect, P2)
Tracking
(Not tracked)
RESOLVED
FIXED
mozilla1.4beta
People
(Reporter: doronr, Assigned: harishd)
References
Details
Attachments
(2 files, 2 obsolete files)
7.94 KB,
patch
|
hjtoi-bugzilla
:
review+
jst
:
superreview+
|
Details | Diff | Splinter Review |
8.50 KB,
patch
|
Details | Diff | Splinter Review |
In my wsdl-proxy using sample, I have:
translateCallback : function (aTranslatedValue, aSOAPXPCOMClasses){
responseSOAP = aSOAPXPCOMClasses.soapResponse.message;
// serialize message
.....
}
Trying to serialize the response message gives me a security error.
aSOAPXPCOMClasses seems to be a nsIWebServiceProxy.
So either we should not expose the message (which is bad, I think its usable for
debugging) or allow accessing of the message.
Reporter | ||
Comment 1•22 years ago
|
||
http://lxr.mozilla.org/seamonkey/source/extensions/xmlextras/proxy/public/nsIWebServiceProxy.idl
283 [scriptable, uuid(1ef83ece-b645-4b55-a501-df42c3333b47)]
284 interface nsIWebServiceSOAPCallContext : nsIWebServiceCallContext {
285 /**
286 * For users who want access to the lower-level constructs that
287 * are used for the method invocation, this attributes provides
288 * the SOAP response once the call has completed.
289 *
290 * @see nsISOAPResponse
291 */
292 readonly attribute nsISOAPResponse soapResponse;
293 };
is what I used to be more exact.
Reporter | ||
Comment 2•22 years ago
|
||
harish - this still happens - try my wsdl tool and check the checkbox after a
wsdl call to get the error.
Updated•22 years ago
|
Component: XML → Web Services
This patch should fix the problem serializing the response. However, the
response document's properties are still not accessible because the script
security manager denies access if the codebase is changed. Talked to Mitch and
he promised to take a look into it.
Comment 4•22 years ago
|
||
I'm looking at ways to make this cleaner.
Comment 5•22 years ago
|
||
Apply this patch in addition to the one you've got, and things should work.
This patch doesn't change anything in XMLExtras. I realized it was semantically
incorrect to assume that calls to nsAggregatePrincipal::SetCodebase only come
from nsHTMLDocument::SetDomain (obviously, since you're calling SetCodebase as
well), so I added an extra method to nsAggregatePrincipal which SetDomain calls
explicitly to activate the "both pages must set domain" rule. That way, when
XMLRequest calls SetDomain, that restriction will not get in your way.
Regarding your patch, please change the name of ForgePrincipal to something
like ChangePrincipal. ForgePrincipal makes it sound like something
inappropriate, but I think it's perfectly legit - the script is "adopting" the
XML page, just as it would an external .js or CSS file.
Comment on attachment 124478 [details] [diff] [review]
Patch part 2
Nit pick: PRBool, in nsAggregatePrincipal.h, can be replaced with PRPackedBool.
Attachment #124391 -
Attachment is obsolete: true
Attachment #124478 -
Attachment is obsolete: true
Attachment #124492 -
Flags: superreview?(jst)
Attachment #124492 -
Flags: review?(heikki)
Comment on attachment 124492 [details] [diff] [review]
Patch v1.2 [ includes patchv1.0 & patch part2 ]
>Index: extensions/webservices/soap/src/Makefile.in
>===================================================================
>+ widget \
Where does the widget dependency come from?
>Index: extensions/webservices/soap/src/nsHTTPSOAPTransport.cpp
>===================================================================
>+ * codebase pricipal with the subject codebase to.
>+ * override cross domain checks. So use caution
What's the period doing there?
>+ rv = secMgr->CheckSameOrigin(0, targetURI);
s/0/nsnull/
>+ // forge the principal only if the script security
s/forge/change/
> rv = mResponse->SetMessage(document);
>+ ChangePrincipal(document);
Should you change principal before setting the message?
>Index: caps/idl/nsIAggregatePrincipal.idl
>===================================================================
>+ void domainWasSet();
>+ boolean wasDomainSet();
This seems to beg for an attribute instead. How about
attribute boolean domainChanged
>Index: caps/include/nsAggregatePrincipal.h
>===================================================================
>+ PRBool mDomainWasSet;
If you change the IDL to my suggestion then this should be mDomainChanged. Same
with later code.
With those, r=heikki
Attachment #124492 -
Flags: review?(heikki) → review+
Comment 9•21 years ago
|
||
Comment on attachment 124492 [details] [diff] [review]
Patch v1.2 [ includes patchv1.0 & patch part2 ]
sr=jst with the heikki's changes made.
Attachment #124492 -
Flags: superreview?(jst) → superreview+
Assignee | ||
Comment 10•21 years ago
|
||
Heikki, Could you please rs this patch?
Comment on attachment 125429 [details] [diff] [review]
Patch v1.3 [ includes heikki's suggestion ]
rs=heikki for the changes
Assignee | ||
Comment 12•21 years ago
|
||
Fix landed on the trunk.
Status: ASSIGNED → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
Updated•7 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•