Closed
Bug 729706
Opened 12 years ago
Closed 12 years ago
Ensure worker XHRs inherit load context of page in private mode
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: jdm, Unassigned)
References
Details
This came up in the security review and should be investigated.
Component: DOM: Core & HTML → DOM
Pretty sure we do this correctly already, sicking should verify: https://mxr.mozilla.org/mozilla-central/source/dom/workers/XMLHttpRequestPrivate.cpp#125
Josh, can you clarify what constitutes "load context" here? Loads happening from worker-xhr as well as importScripts inside workers (importScripts allows dynamic loading of script files). Before starting any loads, we check the load against the principal of the page. Every load is also added to the page's LoadGroup. Is anything else needed?
Reporter | ||
Comment 3•12 years ago
|
||
In this case, we care that the nsILoadContext of the channel is the same as the one you would get from a non-worker XHR.
How does one get from a nsIChannel to a nsILoadContext? I've never heard of associating nsILoadContext directly with nsIChannels at all.
Reporter | ||
Comment 5•12 years ago
|
||
NS_QueryNotificationCallbacks on an nsIChannel gets you an nsILoadContext.
That goes through the loadgroup, so yeah, that should be fine
Reporter | ||
Comment 7•12 years ago
|
||
Thanks!
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WORKSFORME
Assignee | ||
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•