366878 - getting submission error using JS + xf:send

Status: RESOLVED FIXED

(Core Graveyard :: XForms, defect)

Description

[aaronr]

On the branches (FF 2 and FF 1.5.0.8) we are running into a problem where we are getting a xforms-submit-error trying to do cross domain submission even though the user has whitelisted the site that is serving the XForms.

We run into this while using ImportNode to deep clone xf:submission's bound node into the document that we are building for submitting.  The document that contains the bound node has a different principal than the document that we are building.  Usually this doesn't matter.  However, in cases where the form runs JS during the action that causes the xf:send to do the submission, there will be a JS context on the stack when the security manager looks for it.  This causes extra principal testing to occur that will discover that the principals don't match.  This will cause the ImportNode to fail and the XForms extension to generate a xforms-submit-error.

This only occurs on the branches because the trunk (gecko 1.9) manages principals differently than the branches (gecko 1.8).

Comment 1

[aaronr]

Attachment: testcase

Comment 2

[aaronr]

Attachment: patch1 for 1.8.x

fixing the problem by using setPrincipal to ensure the document that we are building for submission has the same principal as the instance document that contains the node that we are going to submit.

Comment 3

[Olli Pettay [:smaug][bugs@pettay.fi]]

Comment on attachment 251336 [details] [diff] [review]
patch1 for 1.8.x

So this is similar to Bug 338451.

Comment 4

[aaronr]

marking this resolved + fixed since we have a reviewed patch ready for checkin (this isn't a bug on trunk so nothing to check in there) and xf-to-branch so that we remember to check it in on the branches during our next sync.

Comment 5

[aaronr]

checked into 1.8 branch on 2007-04-12
checked into 1.8.0 branch on 2007-04-16