Closed
Bug 586891
Opened 15 years ago
Closed 15 years ago
X-Frame-Options check fails using nested URI
Categories
(Core :: DOM: Core & HTML, defect)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
FIXED
| Tracking | Status | |
|---|---|---|
| blocking2.0 | --- | final+ |
| status1.9.2 | --- | .9-fixed |
| status1.9.1 | --- | unaffected |
People
(Reporter: bsterne, Assigned: bsterne)
References
()
Details
(Whiteboard: [sg:low])
Attachments
(1 file)
|
661 bytes,
patch
|
jst
:
review+
dwitte
:
review+
christian
:
approval1.9.2.9+
|
Details | Diff | Splinter Review |
This spun out of bug 561051. The X-Frame-Options check needs to use NS_GetInnermostURI() to extract the innermost URI from the resource being requested. Also, in CheckFrameOptions we return early if we can't QI |request| to nsIHttpChannel, which is always the case for the nested URIs such as the one above. We need to get the innermost URI from that request before we run our check.
|
Assignee | |
Updated•15 years ago
|
|
||
Updated•15 years ago
|
Whiteboard: [sg:low]
|
|
||
Updated•15 years ago
|
blocking1.9.2: .9+ → needed
|
|
Assignee | |
Comment 1•15 years ago
|
||
Make sure nsViewSourceChannel::GetResponseHeader forwards X-Frame-Options value.
Attachment #466470 -
Flags: review?(jst)
|
||
Comment 2•15 years ago
|
||
Comment on attachment 466470 [details] [diff] [review]
fix
r=jst, but given that I don't work on necko code very much we should have someone who does stamp this as well. dwitte, can you have a quick look at this two-liner?
Attachment #466470 -
Flags: review?(jst)
Attachment #466470 -
Flags: review?(dwitte)
Attachment #466470 -
Flags: review+
|
|
||
Comment 3•15 years ago
|
||
Comment on attachment 466470 [details] [diff] [review]
fix
r=dwitte
Attachment #466470 -
Flags: review?(dwitte) → review+
|
|
Assignee | |
Updated•15 years ago
|
Attachment #466470 -
Flags: approval1.9.2.9?
Comment on attachment 466470 [details] [diff] [review]
fix
a=LegNeato for 1.9.2.9.
Attachment #466470 -
Flags: approval1.9.2.9? → approval1.9.2.9+
|
|
Assignee | |
Comment 5•15 years ago
|
||
1.9.2 Merge:
http://hg.mozilla.org/releases/mozilla-1.9.2/rev/6405b19fc58f
I'm going to leave the bug open until I push the trunk patch, which also fixes bug 561051.
|
|
||
Comment 6•15 years ago
|
||
Assuming you'll put the trunk patch here then bug 561051 depends on this; if you're putting the patch in the other bug then the other way around. Probably doesn't matter which way, but helpful to have the bugs linked.
Blocks: 561051
|
|
Assignee | |
Updated•15 years ago
|
|
|
Assignee | |
Updated•15 years ago
|
|
||
Updated•15 years ago
|
blocking2.0: ? → final+
|
|
Assignee | |
Comment 7•15 years ago
|
||
Merge for mozilla-central
http://hg.mozilla.org/mozilla-central/rev/c5494ee56c47
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
|
|
||
Updated•15 years ago
|
status1.9.1:
--- → unaffected
You need to log in
before you can comment on or make changes to this bug.
Description
•