Closed
Bug 504441
Opened 15 years ago
Closed 15 years ago
Provide a way to load URLs with overridden mime type and null principal
Categories
(Core :: Security: CAPS, enhancement)
Core
Security: CAPS
Tracking
()
RESOLVED
INVALID
People
(Reporter: jruderman, Unassigned)
References
(Blocks 1 open bug)
Details
Many users have requested a "View as HTML" feature for sites that use incorrect mime types or content-disposition: attachment (bug 57342). Implementing "View as HTML" safely requires not treating the page content as "part of the site" for security checks (cross-window scripting, script interaction with cookies, extension installation, geolocation, etc) and setting of referrer. Maybe something like: null-principal:text/html,https://mail.google.com/attachment/3 We probably wouldn't want to let sites link to such URLs.
Reporter | ||
Comment 1•15 years ago
|
||
It doesn't have to be a psuedo-protocol, btw. It would be nice if this could be done in a way that avoids making a second request to the server.
Comment 2•15 years ago
|
||
I'm pretty sure this wouldn't be a CAPS bug. Could be networking or the uriloader. A data: URI probably already does what you want, as long as the chrome UI capturing the already-downloaded content opens it in a new window/tab or zaps the current content.
Assignee: dveditz → nobody
Comment 3•15 years ago
|
||
I don't understand the problem. The relevant UI would be setting the channel's MIME type to text/html and redispatching the channel, right? It can just set its owner to a nullprincipal object at the same time....
Comment 4•15 years ago
|
||
That is, given an nsIChannel it's already possible to do what you're asking for.
Reporter | ||
Comment 6•15 years ago
|
||
ok
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•