Closed Bug 504441 Opened 16 years ago Closed 16 years ago

Provide a way to load URLs with overridden mime type and null principal

Categories

(Core :: Security: CAPS, enhancement)

Product:
Core
Component:
Security: CAPS
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: jruderman, Unassigned)

References

(Blocks 1 open bug)

Details

Many users have requested a "View as HTML" feature for sites that use incorrect mime types or content-disposition: attachment (bug 57342). Implementing "View as HTML" safely requires not treating the page content as "part of the site" for security checks (cross-window scripting, script interaction with cookies, extension installation, geolocation, etc) and setting of referrer. Maybe something like: null-principal:text/html,https://mail.google.com/attachment/3 We probably wouldn't want to let sites link to such URLs.
It doesn't have to be a psuedo-protocol, btw. It would be nice if this could be done in a way that avoids making a second request to the server.
I'm pretty sure this wouldn't be a CAPS bug. Could be networking or the uriloader. A data: URI probably already does what you want, as long as the chrome UI capturing the already-downloaded content opens it in a new window/tab or zaps the current content.
Assignee: dveditz → nobody
I don't understand the problem. The relevant UI would be setting the channel's MIME type to text/html and redispatching the channel, right? It can just set its owner to a nullprincipal object at the same time....
That is, given an nsIChannel it's already possible to do what you're asking for.
And bug 57342 has the redispatching work-in-progress, no?
ok
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.