Closed Bug 749372 Opened 12 years ago Closed 12 years ago

SecReview: Relax same-origin XHR restrictions for privileged applications


( :: Security Assurance: Review Request, task, P2)


(Not tracked)



(Reporter: curtisk, Assigned: pauljt)



(Whiteboard: [pending secreview][start yyyy-mm-dd][target yyyy-mm-dd])

1. Who is/are the point of contact(s) for this review?
2. Please provide a short description of the feature / application (e.g. problem solved, use cases, etc.):
3. Please provide links to additional information (e.g. feature page, wiki) if available and not yet included in feature description:
4. Does this request block another bug? If so, please indicate the bug number
5. This review will be scheduled amongst other requested reviews. What is the urgency or needed completion date of this review?
6. Please answer the following few questions: (Note: If you are asked to describe anything, 1-2 sentences shall suffice.)
6a. Does this feature or code change affect Firefox, Thunderbird or any product or service the Mozilla ships to end users?
6b. Are there any portions of the project that interact with 3rd party services?
6c. Will your application/service collect user data? If so, please describe 
7. If you feel something is missing here or you would like to provide other kind of feedback, feel free to do so here (no limits on size):
8. Desired Date of review (if known from and whom to invite.
Assignee: nobody → ptheriault
I have reviewed patch v1.1 and I can't see any issues, other that the obvious thing that currently this is controlled by a preference, and does not enforce that only a trusted app can use this functionality. That is blocked on an actual implementation of trusted apps, so I will leave this review open until that is done.
Priority: -- → P2
Depends on: 781331
No longer depends on: privileged-apps
please score this one and give some dates, also are we going to do a team review on this one?
Flags: needinfo?(ptheriault)
Whiteboard: [pending secreview][needs info] → [pending secreview][start yyyy-mm-dd][target yyyy-mm-dd]
This is already complete - I have reviewed with dveditz, and that was just pending the permission model be finalized, which it now is (for future reference, this will have its own permission 'systemXHR' for Firefox OS v1, ie with wont be combined with the TCP socket API). It will probably stay seperate unless a good reason for merging the two arises. (see bug 783716)
Closed: 12 years ago
Flags: needinfo?(ptheriault)
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.