Last Comment Bug 525468 - nsIPrincipal.origin attribute should be based on asciiHost
: nsIPrincipal.origin attribute should be based on asciiHost
Status: RESOLVED FIXED
[inbound]
:
Product: Core
Classification: Components
Component: Security: CAPS (show other bugs)
: Trunk
: All All
: -- normal (vote)
: mozilla10
Assigned To: Honza Bambas (:mayhemer)
:
Mentors:
Depends on:
Blocks: 495337
  Show dependency treegraph
 
Reported: 2009-10-30 08:59 PDT by Honza Bambas (:mayhemer)
Modified: 2011-11-03 08:32 PDT (History)
9 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
v1 (1.76 KB, patch)
2011-10-21 11:06 PDT, Honza Bambas (:mayhemer)
bzbarsky: review+
honzab.moz: checkin+
Details | Diff | Splinter Review

Description Honza Bambas (:mayhemer) 2009-10-30 08:59:08 PDT
At the moment this char* attribute is based on nsIURI.hostPort or nsIURI.spec attribute, that is not true ascii representation of URI.

This attribute seems not used in the application at all (what should be ones more checked, as it seems to be a bit weird) we should change it to be based on nsIURI.asciiHost (+port) or nsIURI.asciiSpec.

This change is needed for sessionStorage hashtable mapping, see bug 495337 comment 11 "So why is the change from asciiHost to host ok here?" and bug 495337 comment 13 for bz's suggestion.
Comment 1 Honza Bambas (:mayhemer) 2009-10-30 09:02:19 PDT
We should also discuss if/how to include a certificate in the origin string attribute. Something like "https://example.com:80:A FINGER PRINT OF THE CERTIFICATE" for example? According html5 spec the origin must reflect (include) the certificate.
Comment 2 Honza Bambas (:mayhemer) 2011-10-21 11:06:25 PDT
Created attachment 568712 [details] [diff] [review]
v1

This is the first implementation.

nsMozIconURI and nsJARURI however return Host (non-ascii) and not AsciiHost when their GetAsciiHost implementation gets called.

Maybe that should be fixed as part of this bug or is not an issue at all?
Comment 3 Boris Zbarsky [:bz] (TPAC) 2011-10-21 11:08:43 PDT
Comment on attachment 568712 [details] [diff] [review]
v1

Followup is fine for the broken URI impls.
Comment 5 Marco Bonardo [::mak] 2011-11-03 08:32:38 PDT
https://hg.mozilla.org/mozilla-central/rev/a47adda7f98a

Note You need to log in before you can comment on or make changes to this bug.