776824 - Add isInBrowserElement to nsIPrincipal

Status: RESOLVED FIXED

(Core :: Security: CAPS, defect)

Description

[Mounir Lamouri (:mounir)]

Attachment: Patch

extendedOrigin might be a bad idea for the moment. A lot of places seem to require access to some of the information "hidden" in the attribute. So let's make isInMozBrowserElement a real attribute and see what happens of extendedOrigin.

Comment 1

[Blake Kaplan (:mrbkap) (inactive)]

Comment on attachment 645201 [details] [diff] [review]
Patch

This really feels like the wrong place to stick this. Extended origin makes sense, but to me principals are descriptions of privileges and asking a privilege if it's inside a browser element seems semantically wrong.

Talking to jst, one thing he suggested is that we could tie principals to an "owner" that would then be able to return this sort of information. I'm clearing the request for now. If there is really no better place to stick this, I guess I'd be willing to r+ it, but I'd really rather search for an alternative first.

Comment 2

[Blake Kaplan (:mrbkap) (inactive)]

Comment on attachment 645201 [details] [diff] [review]
Patch

After talking to Jonas, I'm OK with this. The name really threw me off though since it looks like we're asking a purely DOM question to a principal when we're actually asking "are you in this other security context."

Comment 3

[Mounir Lamouri (:mounir)]

Attachment: Patch

Jonas, could you sr that patch?

Comment 4

[Ryan VanderMeulen [:RyanVM]]

https://hg.mozilla.org/mozilla-central/rev/b69add485ebc