Closed
Bug 749372
Opened 13 years ago
Closed 12 years ago
SecReview: Relax same-origin XHR restrictions for privileged applications
Categories
(mozilla.org :: Security Assurance: Review Request, task, P2)
mozilla.org
Security Assurance: Review Request
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: curtisk, Assigned: pauljt)
References
Details
(Whiteboard: [pending secreview][start yyyy-mm-dd][target yyyy-mm-dd])
1. Who is/are the point of contact(s) for this review?
2. Please provide a short description of the feature / application (e.g. problem solved, use cases, etc.):
3. Please provide links to additional information (e.g. feature page, wiki) if available and not yet included in feature description:
4. Does this request block another bug? If so, please indicate the bug number
5. This review will be scheduled amongst other requested reviews. What is the urgency or needed completion date of this review?
6. Please answer the following few questions: (Note: If you are asked to describe anything, 1-2 sentences shall suffice.)
6a. Does this feature or code change affect Firefox, Thunderbird or any product or service the Mozilla ships to end users?
6b. Are there any portions of the project that interact with 3rd party services?
6c. Will your application/service collect user data? If so, please describe
7. If you feel something is missing here or you would like to provide other kind of feedback, feel free to do so here (no limits on size):
8. Desired Date of review (if known from https://mail.mozilla.com/home/ckoenig@mozilla.com/Security%20Review.html) and whom to invite.
Assignee | ||
Updated•13 years ago
|
Assignee: nobody → ptheriault
Blocks: B2G-secreview
Assignee | ||
Comment 1•12 years ago
|
||
I have reviewed patch v1.1 and I can't see any issues, other that the obvious thing that currently this is controlled by a preference, and does not enforce that only a trusted app can use this functionality. That is blocked on an actual implementation of trusted apps, so I will leave this review open until that is done.
Assignee | ||
Updated•12 years ago
|
Depends on: privileged-apps
Assignee | ||
Updated•12 years ago
|
Priority: -- → P2
Assignee | ||
Updated•12 years ago
|
Reporter | ||
Comment 2•12 years ago
|
||
please score this one and give some dates, also are we going to do a team review on this one?
Flags: needinfo?(ptheriault)
Whiteboard: [pending secreview][needs info] → [pending secreview][start yyyy-mm-dd][target yyyy-mm-dd]
Assignee | ||
Comment 3•12 years ago
|
||
This is already complete - I have reviewed with dveditz, and that was just pending the permission model be finalized, which it now is (for future reference, this will have its own permission 'systemXHR' for Firefox OS v1, ie with wont be combined with the TCP socket API). It will probably stay seperate unless a good reason for merging the two arises. (see bug 783716)
Status: NEW → RESOLVED
Closed: 12 years ago
Flags: needinfo?(ptheriault)
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•