Closed Bug 636097 Opened 9 years ago Closed 9 years ago

Regression: problem with Location object's principal


(Core :: XPConnect, defect)

Windows XP
Not set



Tracking Status
blocking2.0 --- final+
status1.9.2 --- unaffected
status1.9.1 --- unaffected


(Reporter: moz_bug_r_a4, Assigned: mrbkap)


(Keywords: helpwanted, regression, Whiteboard: [sg:moderate][hardblocker][has patch], fixed-in-tracemonkey)


(1 file, 1 obsolete file)

Attached file testcase
This is the same as the testcase in bug 593602.
It would be good to get regression ranges in terms of csets instead of dates. Did you get the regression range from the 3-Feb to 4-Feb nightlies?

Likely candidates: Bug 630716 (likely), Bug 602256 (less likely)
blocking2.0: --- → final+
Keywords: regression
Whiteboard: [sg:moderate][hardblocker]
Can we please check in a test this time?  :(
Flags: in-testsuite?
Any volunteer takers?
Component: Security → XPConnect
Keywords: helpwanted
QA Contact: toolkit → xpconnect
Giving this one to Andreas, mrbkap has another.
Assignee: nobody → gal
(In reply to comment #2)
> Did you get the regression range from the 3-Feb to 4-Feb nightlies?


> Likely candidates: Bug 630716 (likely), Bug 602256 (less likely)

         if (AccessCheck::isCrossOriginAccessPermitted(cx, wrapper, id, act) ||
-            AccessCheck::isLocationObjectSameOrigin(cx, wrapper)) {
+            AccessCheck::isLocationObjectSameOrigin(cx, wrapper) ||
+            AccessCheck::documentDomainMakesSameOrigin(cx, wrapper->unwrap())) {
             perm = PermitPropertyAccess;
             return true;

I confirmed that isCrossOriginAccessPermitted and isLocationObjectSameOrigin
return false, and documentDomainMakesSameOrigin returns true.  So, bug 630716
seems to be the culprit.
(In reply to comment #3)
> Can we please check in a test this time?  :(

This bug does not affect the old branches, it's not "instant-pwn" for FF4 beta users, the testcase does not reveal/rely-on other unfixed bugs. There should be no reason not to check in a test.
Attached patch Fix + test (obsolete) — Splinter Review
Assignee: gal → mrbkap
Attachment #514692 - Flags: review?(gal)
Comment on attachment 514692 [details] [diff] [review]
Fix + test

The test might need an attribution to the original author.
Attachment #514692 - Flags: review?(gal) → review+
Whiteboard: [sg:moderate][hardblocker] → [sg:moderate][hardblocker][has patch]
Attached patch Updated patchSplinter Review
Still waiting on try results, but we think this should be ready to go.
Attachment #514692 - Attachment is obsolete: true
Attachment #514701 - Flags: review+
Whiteboard: [sg:moderate][hardblocker][has patch] → [sg:moderate][hardblocker][has patch], fixed-in-tracemonkey
Closed: 9 years ago
Resolution: --- → FIXED
Group: core-security
You need to log in before you can comment on or make changes to this bug.