Closed
Bug 991474
Opened 10 years ago
Closed 10 years ago
CSP in C++: Remove selfURI from AppendPolicy after removing the old parser
Categories
(Core :: DOM: Security, defect)
Core
DOM: Security
Tracking
()
RESOLVED
FIXED
mozilla34
People
(Reporter: ckerschb, Assigned: geekboy)
References
(Blocks 1 open bug)
Details
(Keywords: dev-doc-needed)
Attachments
(1 file, 1 obsolete file)
8.20 KB,
patch
|
ckerschb
:
review+
grobinson
:
review+
|
Details | Diff | Splinter Review |
The new CSP parser implementation is going to use the selfURI provided in > void setRequestContext(in nsIURI selfURI, > in nsIURI referrer, > in nsIPrincipal documentPrincipal, > in nsIChannel aChannel); and therefore we can remove it from > void appendPolicy(in AString policyString, in nsIURI selfURI, > in boolean reportOnly, in boolean specCompliant); because it's not going to be used any longer.
Assignee | ||
Updated•10 years ago
|
Reporter | ||
Comment 1•10 years ago
|
||
When removing selfURI from AppendPolicy, we can further delete it from AppendCSPFromHeader, see: /content/base/src/nsDocument.cpp (View Hg log or Hg annotations) line 2635 -- AppendCSPFromHeader(nsIContentSecurityPolicy* csp, const nsAString& aHeaderValue, line 2841 -- rv = AppendCSPFromHeader(csp, cspHeaderValue, selfURI, false, true); line 2844 -- rv = AppendCSPFromHeader(csp, cspOldHeaderValue, selfURI, false, false); line 2850 -- rv = AppendCSPFromHeader(csp, cspROHeaderValue, selfURI, true, true); line 2853 -- rv = AppendCSPFromHeader(csp, cspOldROHeaderValue, selfURI, true, false);
Assignee | ||
Comment 2•10 years ago
|
||
Proposed patch. This will have merge conflicts if another patch removes "specCompliant" from nsIContentSecurityPolicy::AppendPolicy(). Trivially fixed, but heads up.
Assignee | ||
Comment 3•10 years ago
|
||
Also, pushed this along with bug 994872, bug 991468 and bug 994782 to try to see how they do: https://tbpl.mozilla.org/?tree=Try&rev=23c1af15cb65
Attachment #8431972 -
Attachment is obsolete: true
Attachment #8462912 -
Flags: review?(mozilla)
Attachment #8462912 -
Flags: review?(grobinson)
Reporter | ||
Comment 4•10 years ago
|
||
Comment on attachment 8462912 [details] [diff] [review] remove-AppendPolicy-selfURI Review of attachment 8462912 [details] [diff] [review]: ----------------------------------------------------------------- This is ready to land! Let's roll!
Attachment #8462912 -
Flags: review?(mozilla) → review+
Updated•10 years ago
|
Attachment #8462912 -
Flags: review?(grobinson) → review+
Assignee | ||
Comment 5•10 years ago
|
||
(In reply to Christoph Kerschbaumer [:ckerschb] from comment #4) > This is ready to land! Let's roll! But not before bug 994782. :)
Assignee | ||
Comment 6•10 years ago
|
||
flagging dev-doc-needed since this is a change for the IDL. We should probably update the dev-docs for the other bugs that change the API and land the same time as this (see comment 3).
Keywords: dev-doc-needed
Assignee | ||
Comment 7•10 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/5fd34036ca36
Target Milestone: --- → mozilla34
Comment 8•10 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/5fd34036ca36
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•