CacheStoragePermissions calls CanAccess of the storage as a security check. I have just found out that nsDOMStorage2 (sessionStorage and localStorage implementation) calls an old nsDOMStorage::CanAccess that only checks domain and NOT the whole principal. We have to change CacheStoragePermissions to call the correct method somehow, nsDOMStorage2 is wrapping nsDOMStorage.
Doesn't block, would take patch with tests.
This got fixed for 1.9.1 by the fix for bug 495112.
Fixed on trunk by the fix for bug 495112. Bug 495337 filed as a followup. http://hg.mozilla.org/mozilla-central/rev/363750f510ec
Status: ASSIGNED → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.