On the branches (FF 2 and FF 188.8.131.52) we are running into a problem where we are getting a xforms-submit-error trying to do cross domain submission even though the user has whitelisted the site that is serving the XForms. We run into this while using ImportNode to deep clone xf:submission's bound node into the document that we are building for submitting. The document that contains the bound node has a different principal than the document that we are building. Usually this doesn't matter. However, in cases where the form runs JS during the action that causes the xf:send to do the submission, there will be a JS context on the stack when the security manager looks for it. This causes extra principal testing to occur that will discover that the principals don't match. This will cause the ImportNode to fail and the XForms extension to generate a xforms-submit-error. This only occurs on the branches because the trunk (gecko 1.9) manages principals differently than the branches (gecko 1.8).
Created attachment 251336 [details] [diff] [review] patch1 for 1.8.x fixing the problem by using setPrincipal to ensure the document that we are building for submission has the same principal as the instance document that contains the node that we are going to submit.
Attachment #251336 - Flags: review?(doronr)
Attachment #251336 - Attachment description: patch1 → patch1 for 1.8.x
Comment on attachment 251336 [details] [diff] [review] patch1 for 1.8.x So this is similar to Bug 338451.
Attachment #251336 - Flags: review?(Olli.Pettay) → review+
marking this resolved + fixed since we have a reviewed patch ready for checkin (this isn't a bug on trunk so nothing to check in there) and xf-to-branch so that we remember to check it in on the branches during our next sync.
Status: NEW → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → FIXED
checked into 1.8 branch on 2007-04-12 checked into 1.8.0 branch on 2007-04-16
Keywords: fixed184.108.40.206, fixed220.127.116.11
You need to log in before you can comment on or make changes to this bug.