Closed Bug 445725 Opened 13 years ago Closed 12 years ago

[FIX]file:// iframes get the wrong principal after a reload

Categories

(Core :: DOM: Navigation, defect)

x86
macOS
defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla1.9.1b3

People

(Reporter: mrbkap, Assigned: bzbarsky)

References

(Depends on 1 open bug)

Details

(Keywords: fixed1.9.1)

Attachments

(2 files)

Attached file testcase
I lost track of when this happened, but it appears that currently, an iframe in an HTML page loaded from a file:// URI inherits the principal of the outer page. However, when the subframe has been navigated and the page is reloaded (e.g. via the reload button), the subframe's principal changes to not inherit, meaning that the page is no longer allowed to access the subframe.

In the testcase provided by Aaron Morgulis, the subframe is one directory level deeper than the outer page.

I'm filing this as unconfirmed because I'm not sure my initial premise (about file:// iframes inheriting their owner's principal) is correct.
So there is code in nsDocShell::DoChannelLoad that should be setting the owner on the channel, and we should be passing in the "right" owner from the history entry here, I would think.  Want to look into why that's failing?
Status: UNCONFIRMED → NEW
Ever confirmed: true
There is no owner on the channel because we navigated via a click on an anchor link. This calls:
            OnNewURI(aURI, nsnull, mLoadType, PR_TRUE);
which passes a null channel (therefore, no owner). From IRC:

06:37 <@bz> That sounds like a bug
06:37 <@bz> I guess it didn't bite us before because for javascript: and data: we don't do anchor loads
Attached patch FixSplinter Review
Makes sure to copy over the owner on anchor scroll.
Assignee: nobody → bzbarsky
Status: NEW → ASSIGNED
Attachment #351651 - Flags: superreview?(jst)
Attachment #351651 - Flags: review?(jst)
Summary: file:// iframes get the wrong principal after a reload → [FIX]file:// iframes get the wrong principal after a reload
Comment on attachment 351651 [details] [diff] [review]
Fix

Looks good.
Attachment #351651 - Flags: superreview?(jst)
Attachment #351651 - Flags: superreview+
Attachment #351651 - Flags: review?(jst)
Attachment #351651 - Flags: review+
Comment on attachment 351651 [details] [diff] [review]
Fix

I think it's worth taking this in 1.9.1
Attachment #351651 - Flags: approval1.9.1?
Pushed http://hg.mozilla.org/mozilla-central/rev/633b48e70c60

Need file:// mochitests to test this.
Blocks: 230606
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Depends on: 424484
Flags: in-testsuite?
Resolution: --- → FIXED
Comment on attachment 351651 [details] [diff] [review]
Fix

a191=beltzner
Attachment #351651 - Flags: approval1.9.1? → approval1.9.1+
Target Milestone: --- → mozilla1.9.1b3
Version: unspecified → Trunk
You need to log in before you can comment on or make changes to this bug.