Closed Bug 935690 Opened 11 years ago Closed 11 years ago

Document::InitCSP should not ignore return value of SetCsp

Categories

(Core :: Security, defect)

x86_64
Linux
defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla28

People

(Reporter: deian, Assigned: deian)

References

(Blocks 1 open bug)

Details

(Whiteboard: [qa-])

Attachments

(1 file)

Following up on bug 919587 comment 10 and
bug 886164 comment 39:

We need to make sure that InitCSP checks handles failure of SetCSP in:

https://mxr.mozilla.org/mozilla-central/source/content/base/src/nsDocument.cpp#2723

Unfortunatelly, just failing when SetCsp fails reintroduces bug 919587.
Depends on: 919587
Blocks: CSP
Assignee: nobody → deian
Status: UNCONFIRMED → NEW
Ever confirmed: true
Depends on: 941404
Attachment #8335832 - Flags: review?(bzbarsky)
Comment on attachment 8335832 [details] [diff] [review]
0001-Bug-935690-InitCSP-checks-SetCsp-failure.patch

So this is OK now because data documents no longer InitCSP, right?

r=me
Attachment #8335832 - Flags: review?(bzbarsky) → review+
(In reply to Boris Zbarsky [:bz] from comment #3)
> Comment on attachment 8335832 [details] [diff] [review]
> 0001-Bug-935690-InitCSP-checks-SetCsp-failure.patch

Thanks to looking at all my trivial patches!
 
> So this is OK now because data documents no longer InitCSP, right?


Yes, that's right. I just tried the email client on b2g with this patch, the patch for bug 941404, and bug 88616; the issue reported in bug 919587 did not reappear.
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/91c18951d81a
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla28
Depends on: 943460
Whiteboard: [qa-]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: