Closed Bug 991474 Opened 12 years ago Closed 11 years ago

CSP in C++: Remove selfURI from AppendPolicy after removing the old parser

Categories

(Core :: DOM: Security, defect)

Product:
Core
Component:
DOM: Security
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla34

People

(Reporter: ckerschb, Assigned: geekboy)

References

(Blocks 1 open bug)

Details

(Keywords: dev-doc-needed)

Attachments

(1 file, 1 obsolete file)

remove-AppendPolicy-selfURI
8.20 KB, patch
ckerschb
: review+
grobinson
: review+
Details | Diff | Splinter Review
The new CSP parser implementation is going to use the selfURI provided in > void setRequestContext(in nsIURI selfURI, > in nsIURI referrer, > in nsIPrincipal documentPrincipal, > in nsIChannel aChannel); and therefore we can remove it from > void appendPolicy(in AString policyString, in nsIURI selfURI, > in boolean reportOnly, in boolean specCompliant); because it's not going to be used any longer.
Depends on: 925004
No longer depends on: 925004
Assignee: nobody → sstamm
Blocks: CSP
Status: NEW → ASSIGNED
Depends on: 994782
When removing selfURI from AppendPolicy, we can further delete it from AppendCSPFromHeader, see: /content/base/src/nsDocument.cpp (View Hg log or Hg annotations) line 2635 -- AppendCSPFromHeader(nsIContentSecurityPolicy* csp, const nsAString& aHeaderValue, line 2841 -- rv = AppendCSPFromHeader(csp, cspHeaderValue, selfURI, false, true); line 2844 -- rv = AppendCSPFromHeader(csp, cspOldHeaderValue, selfURI, false, false); line 2850 -- rv = AppendCSPFromHeader(csp, cspROHeaderValue, selfURI, true, true); line 2853 -- rv = AppendCSPFromHeader(csp, cspOldROHeaderValue, selfURI, true, false);
Attached patch remove-AppendPolicy-selfURI (obsolete) — Splinter Review
Proposed patch. This will have merge conflicts if another patch removes "specCompliant" from nsIContentSecurityPolicy::AppendPolicy(). Trivially fixed, but heads up.
Also, pushed this along with bug 994872, bug 991468 and bug 994782 to try to see how they do: https://tbpl.mozilla.org/?tree=Try&rev=23c1af15cb65
Attachment #8431972 - Attachment is obsolete: true
Attachment #8462912 - Flags: review?(mozilla)
Attachment #8462912 - Flags: review?(grobinson)
Comment on attachment 8462912 [details] [diff] [review] remove-AppendPolicy-selfURI Review of attachment 8462912 [details] [diff] [review]: ----------------------------------------------------------------- This is ready to land! Let's roll!
Attachment #8462912 - Flags: review?(mozilla) → review+
Attachment #8462912 - Flags: review?(grobinson) → review+
(In reply to Christoph Kerschbaumer [:ckerschb] from comment #4) > This is ready to land! Let's roll! But not before bug 994782. :)
flagging dev-doc-needed since this is a change for the IDL. We should probably update the dev-docs for the other bugs that change the API and land the same time as this (see comment 3).
Keywords: dev-doc-needed
https://hg.mozilla.org/mozilla-central/rev/5fd34036ca36
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: