There's a bug in the cross site XHR implementation that causes it to grant access even though it shouldn't. The problem is that even though we cancel the channel, we still keep getting onDataAvailable notifications from necko which we don't expect. The reason I didn't detect this is that it seems that we do drop the first set of data, so if the loaded file is small enough it'll get properly blocked. I also just realized that there might be other types of data still living on the channel that can be accessed. I'll write some tests and check that.
Priority: -- → P1
Created attachment 300281 [details] [diff] [review] Patch to fix Whoever gets to this first would be great to get an r/sr. The main problem here was that I was getting onDataAvailable calls even after cancelling the channel. Necko only stops feeding those if you actually return an error. Added belts and braces code so that this shouldn't happen again. I also made sure that we don't let through any header data for denied requests.
Comment on attachment 300281 [details] [diff] [review] Patch to fix rubber-stamp r+sr=dbaron; please get review from jst/peterv tomorrow
Target Milestone: --- → mozilla1.9beta3
Status: NEW → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.