Closed Bug 916881 Opened 9 years ago Closed 9 years ago

remove stray refinePolicy call in CSPUtils.jsm (does not exist after fixing bug 836922)

Categories

(Core :: DOM: Core & HTML, defect)

defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla27

People

(Reporter: geekboy, Assigned: geekboy)

References

Details

Attachments

(1 file)

Bug 836922 removed refinePolicy, but it's still in the code.  Need to remove it before it causes a bug in policy-uri fetching.

155       // problem fetching policy so fail closed
156       this._csp.refinePolicy("default-src 'none'", this._docURI,
157                              this._csp._specCompliant);
Attached patch bug916881Splinter Review
Changes refinePolicy to appendPolicy and adds a warning message in the console (for the failed attempt at fetching the policy).
Attachment #807354 - Flags: review?(grobinson)
Attachment #807354 - Flags: review?(grobinson) → review+
     1.1 --- a/content/base/src/CSPUtils.jsm
     1.2 +++ b/content/base/src/CSPUtils.jsm
     1.3 @@ -147,19 +147,23 @@ CSPPolicyURIListener.prototype = {
     1.4    function(request, context, status) {
     1.5      if (Components.isSuccessCode(status)) {
     1.6        // send the policy we received back to the parent document's CSP
     1.7        // for parsing
     1.8        this._csp.appendPolicy(this._policy, this._docURI,
     1.9                               this._reportOnly, this._csp._specCompliant);
    1.10      }
    1.11      else {
    1.12 -      // problem fetching policy so fail closed
    1.13 -      this._csp.refinePolicy("default-src 'none'", this._docURI,
    1.14 -                             this._csp._specCompliant);
    1.15 +      // problem fetching policy so fail closed by appending a "block it all"
    1.16 +      // policy.  Also toss an error into the console so developers can see why
    1.17 +      // this policy is used.
    1.18 +      this._csp.log(WARN_FLAG, CSPLocalizer.getFormatStr("errorFetchingPolicy",
    1.19 +                                                         [status]);
    1.20 +      this._csp.appendPolicy("default-src 'none'", this._docURI,
    1.21 +                             this._reportOnly, this._csp._specCompliant);
    1.22      }
    1.23      // resume the parent document request
    1.24      this._docRequest.resume();
    1.25    }
    1.26  };
    1.27  
    1.28  //:::::::::::::::::::::::: CLASSES :::::::::::::::::::::::::://


Line 1.14 is missing a closing parenthesis, right?
(In reply to Wes Kocher (:KWierso) from comment #5)

> Line 1.14 is missing a closing parenthesis, right?

Er, 1.19*
Yep, sorry.  I'll actually run this through try before re-landing.
Try is green this time (fixed the missing paren).

Inbound: https://hg.mozilla.org/integration/mozilla-inbound/rev/33be4ad3a720
https://hg.mozilla.org/mozilla-central/rev/33be4ad3a720
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.