Closed Bug 729706 Opened 8 years ago Closed 8 years ago
Ensure worker XHRs inherit load context of page in private mode
This came up in the security review and should be investigated.
Component: DOM: Core & HTML → DOM
Pretty sure we do this correctly already, sicking should verify: https://mxr.mozilla.org/mozilla-central/source/dom/workers/XMLHttpRequestPrivate.cpp#125
Josh, can you clarify what constitutes "load context" here? Loads happening from worker-xhr as well as importScripts inside workers (importScripts allows dynamic loading of script files). Before starting any loads, we check the load against the principal of the page. Every load is also added to the page's LoadGroup. Is anything else needed?
In this case, we care that the nsILoadContext of the channel is the same as the one you would get from a non-worker XHR.
How does one get from a nsIChannel to a nsILoadContext? I've never heard of associating nsILoadContext directly with nsIChannels at all.
NS_QueryNotificationCallbacks on an nsIChannel gets you an nsILoadContext.
That goes through the loadgroup, so yeah, that should be fine
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WORKSFORME
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.