525468 - nsIPrincipal.origin attribute should be based on asciiHost

Status: RESOLVED FIXED

(Core :: Security: CAPS, defect)

Description

[Honza Bambas (:mayhemer)]

At the moment this char* attribute is based on nsIURI.hostPort or nsIURI.spec attribute, that is not true ascii representation of URI.

This attribute seems not used in the application at all (what should be ones more checked, as it seems to be a bit weird) we should change it to be based on nsIURI.asciiHost (+port) or nsIURI.asciiSpec.

This change is needed for sessionStorage hashtable mapping, see bug 495337 comment 11 "So why is the change from asciiHost to host ok here?" and bug 495337 comment 13 for bz's suggestion.

Comment 1

[Honza Bambas (:mayhemer)]

We should also discuss if/how to include a certificate in the origin string attribute. Something like "https://example.com:80:A FINGER PRINT OF THE CERTIFICATE" for example? According html5 spec the origin must reflect (include) the certificate.

Comment 2

[Honza Bambas (:mayhemer)]

Attachment: v1

This is the first implementation.

nsMozIconURI and nsJARURI however return Host (non-ascii) and not AsciiHost when their GetAsciiHost implementation gets called.

Maybe that should be fixed as part of this bug or is not an issue at all?

Comment 3

[Boris Zbarsky [:bzbarsky]]

Comment on attachment 568712 [details] [diff] [review]
v1

Followup is fine for the broken URI impls.

Comment 4

[Honza Bambas (:mayhemer)]

https://hg.mozilla.org/integration/mozilla-inbound/rev/a47adda7f98a

Comment 5

[Marco Bonardo [:mak]]

https://hg.mozilla.org/mozilla-central/rev/a47adda7f98a