Closed Bug 426308 Opened 12 years ago Closed 12 years ago

Cross site XHR backout broke redirect handling for privileged code

Categories

(Core :: XML, defect, P1)

defect

Tracking

()

RESOLVED FIXED
mozilla1.9

People

(Reporter: mozbugs, Assigned: mozbugs)

References

Details

(Keywords: regression)

Attachments

(1 file)

If chrome privileged code tries an XHR against a URL that responds with a redirect  that goes to a different domain, a security error is thrown. In FF2, this would work. The cross site XHR backout busted this.
Flags: blocking1.9?
This restores the logic from FF2.
Attachment #312869 - Flags: review?(jonas)
Blocks: 424923
"Backing it out can't break anything!"
Flags: blocking1.9? → blocking1.9+
Priority: -- → P1
Comment on attachment 312869 [details] [diff] [review]
Patch to fix with testcase

There should already be a redirect url you can use. Please use that rather than creating your own.
Attachment #312869 - Flags: review?(jonas) → review+
Comment on attachment 312869 [details] [diff] [review]
Patch to fix with testcase

Asking for a1.9?

There isn't a generic redirect sjs, I filed bug #426454 for that.
Attachment #312869 - Flags: approval1.9?
Comment on attachment 312869 [details] [diff] [review]
Patch to fix with testcase

Approval not needed.  It's a blocker.
Attachment #312869 - Flags: approval1.9?
Checking in content/base/src/nsXMLHttpRequest.cpp;
/cvsroot/mozilla/content/base/src/nsXMLHttpRequest.cpp,v  <--  nsXMLHttpRequest.cpp
new revision: 1.235; previous revision: 1.234
done
Checking in content/base/test/Makefile.in;
/cvsroot/mozilla/content/base/test/Makefile.in,v  <--  Makefile.in
new revision: 1.68; previous revision: 1.67
done
RCS file: /cvsroot/mozilla/content/base/test/bug426308-redirect.sjs,v
done
Checking in content/base/test/bug426308-redirect.sjs;
/cvsroot/mozilla/content/base/test/bug426308-redirect.sjs,v  <--  bug426308-redirect.sjs
initial revision: 1.1
done
RCS file: /cvsroot/mozilla/content/base/test/test_bug426308.html,v
done
Checking in content/base/test/test_bug426308.html;
/cvsroot/mozilla/content/base/test/test_bug426308.html,v  <--  test_bug426308.html
initial revision: 1.1
done
Status: NEW → RESOLVED
Closed: 12 years ago
Flags: in-testsuite+
Keywords: checkin-needed
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.9
Duplicate of this bug: 431297
You need to log in before you can comment on or make changes to this bug.