bugzilla.mozilla.org has resumed normal operation. Attachments prior to 2014 will be unavailable for a few days. This is tracked in Bug 1475801.
Please report any other irregularities here.

Update CSPService to use aRequestPrincipal

RESOLVED WONTFIX

Status

()

Core
Security
--
minor
RESOLVED WONTFIX
6 years ago
6 years ago

People

(Reporter: devd, Unassigned)

Tracking

Trunk
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

6 years ago
CSPService currently uses the node to extract out the principal. This does not, imo, encourage trust in the code. We should use the new aRequestPrincipal argument instead.
(Reporter)

Comment 1

6 years ago
Created attachment 679536 [details] [diff] [review]
Change CSP code to use aRequestPrincipal
(Reporter)

Comment 2

6 years ago
Comment on attachment 679536 [details] [diff] [review]
Change CSP code to use aRequestPrincipal

Try run is https://tbpl.mozilla.org/?tree=Try&rev=787d9ee7396d
Attachment #679536 - Flags: review?(bzbarsky)
Comment on attachment 679536 [details] [diff] [review]
Change CSP code to use aRequestPrincipal

r=me
Attachment #679536 - Flags: review?(bzbarsky) → review+
(Reporter)

Comment 4

6 years ago
I am planning on requesting a checkin. There is only 1 CSP test failing, and its a timeout for a worker test. Other worker tests seem to be working fine, and this one is timing out repeatedly. Please let me know if you think I shouldn't request checkin, or if you think I should run the tests on more platforms.
(Reporter)

Updated

6 years ago
Keywords: checkin-needed
No, you shouldn't be checking things in with known test failures. Either fix the failure or disable the test.
Keywords: checkin-needed
(Reporter)

Comment 6

6 years ago
Resolving this WONTFIX. Seems that addons call contentpolicy directly, and thus, we can't rely on aRequestPrincipal existing.
(Reporter)

Updated

6 years ago
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.