Closed
Bug 991466
Opened 11 years ago
Closed 10 years ago
CSP in C++: Remove specCompliant flag everywhere after removing the old parser
Categories
(Core :: DOM: Security, defect)
Core
DOM: Security
Tracking
()
RESOLVED
FIXED
mozilla33
People
(Reporter: ckerschb, Assigned: geekboy)
References
Details
Attachments
(2 files, 1 obsolete file)
|
17.31 KB,
patch
|
ckerschb
:
review+
jst
:
review+
|
Details | Diff | Splinter Review |
|
37.37 KB,
patch
|
ckerschb
:
review+
|
Details | Diff | Splinter Review |
The new parser does not support the 'X-Content-Security-Policy' header, therefore we can remove the specCompliant flag everywhere, e.g.
> void appendPolicy(in AString policyString, in nsIURI selfURI,
> in boolean reportOnly, in boolean specCompliant);
|
Assignee | |
Updated•11 years ago
|
Depends on: csp-legacy-removal
|
|
Assignee | |
Comment 1•11 years ago
|
||
First whack at removing specCompliant. This will probably suffer some bitrot depending on when some of the other removals (and test changes) land.
Assignee: nobody → sstamm
Status: NEW → ASSIGNED
|
|
Assignee | |
Comment 2•10 years ago
|
||
This patch removes spec-compliant arguments from everywhere and updates the tests accordingly to use spec-compliant policies. This applies to mozilla-central now that bug 949533 has landed.
Attachment #8433665 -
Attachment is obsolete: true
Attachment #8449785 -
Flags: review?(mozilla)
|
Reporter | |
Comment 3•10 years ago
|
||
Comment on attachment 8449785 [details] [diff] [review]
remove-specCompliant
Review of attachment 8449785 [details] [diff] [review]:
-----------------------------------------------------------------
This all looks good to me, but probably we also want to remove:
> security.csp.speccompliant
from all the tests since it's not needed anymore, see:
http://mxr.mozilla.org/mozilla-central/search?string=security.csp.speccompliant&find=&findi=&filter=%5E%5B%5E%5C0%5D*%24&hitlimit=&tree=mozilla-central
Please remove from testcases and flag me again!
Attachment #8449785 -
Flags: review?(mozilla) → review-
|
|
Assignee | |
Comment 4•10 years ago
|
||
As requested, this patch adds removal of that pref from the mochitests. Applied with the previous patch, the tests still all pass.
Attachment #8449847 -
Flags: review?(mozilla)
|
|
Assignee | |
Comment 5•10 years ago
|
||
Comment on attachment 8449785 [details] [diff] [review]
remove-specCompliant
Reflagging this patch for review; the additional changes you requested are in the other patch on this bug and I don't think you requested changes to this patch. Anything else to change?
Attachment #8449785 -
Flags: review- → review?(mozilla)
|
|
Assignee | |
Comment 6•10 years ago
|
||
Forgot to add: I put the test changes in a separate patch because it was very mechanical (pretty close to the same changes in each file) and there are > 30 files touched for that basic change.
|
|
Reporter | |
Comment 7•10 years ago
|
||
Comment on attachment 8449847 [details] [diff] [review]
remove security.csp.speccompliant from mochitests
Review of attachment 8449847 [details] [diff] [review]:
-----------------------------------------------------------------
Exactly what I was looking for! Quick turnaround - I am impressed!
Attachment #8449847 -
Flags: review?(mozilla) → review+
|
|
Reporter | |
Comment 8•10 years ago
|
||
Comment on attachment 8449785 [details] [diff] [review]
remove-specCompliant
Review of attachment 8449785 [details] [diff] [review]:
-----------------------------------------------------------------
That one was ok before - since you incorporated the requested changes in a separate patch I can safely r+ this one!
Attachment #8449785 -
Flags: review?(mozilla) → review+
|
|
Assignee | |
Comment 9•10 years ago
|
||
Comment on attachment 8449785 [details] [diff] [review]
remove-specCompliant
For good measure, before landing I would also like jst to take a quick look at the changes to nsDocument.cpp (small changes, jst).
Attachment #8449785 -
Flags: review?(jst)
|
||
Comment 10•10 years ago
|
||
Comment on attachment 8449785 [details] [diff] [review]
remove-specCompliant
Should we worry about extension compat issues here due to the nsIContentSecurityPolicy API change? If so, please add the appropriate keywords to this bug so the right folks have a chance to weigh in before we ship this.
r=jst
Attachment #8449785 -
Flags: review?(jst) → review+
|
|
Assignee | |
Comment 11•10 years ago
|
||
Thanks, jst! I think we're ok with extension compat because the code *should* disregard the extra boolean argument (without error) from any js-callers of appendPolicy who pass it in.
|
|
Assignee | |
Comment 12•10 years ago
|
||
Since inbound has been a bit fragile lately: https://tbpl.mozilla.org/?tree=Try&rev=842b8bf0883c
|
|
Assignee | |
Comment 13•10 years ago
|
||
Try was green.
https://hg.mozilla.org/integration/mozilla-inbound/rev/3a34bf944379
https://hg.mozilla.org/integration/mozilla-inbound/rev/5ae58efd730b
Target Milestone: --- → mozilla33
|
||
Comment 14•10 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/3a34bf944379
https://hg.mozilla.org/mozilla-central/rev/5ae58efd730b
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•