Closed Bug 991474 Opened 6 years ago Closed 5 years ago

CSP in C++: Remove selfURI from AppendPolicy after removing the old parser

Categories

(Core :: DOM: Security, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
mozilla34

People

(Reporter: ckerschb, Assigned: geekboy)

References

(Blocks 1 open bug)

Details

(Keywords: dev-doc-needed)

Attachments

(1 file, 1 obsolete file)

The new CSP parser implementation is going to use the selfURI provided in

> void setRequestContext(in nsIURI selfURI,
>                         in nsIURI referrer,
>                         in nsIPrincipal documentPrincipal,
>                         in nsIChannel aChannel);

and therefore we can remove it from

> void appendPolicy(in AString policyString, in nsIURI selfURI,
>                   in boolean reportOnly, in boolean specCompliant);

because it's not going to be used any longer.
Depends on: 925004
No longer depends on: 925004
Assignee: nobody → sstamm
Blocks: CSP
Status: NEW → ASSIGNED
Depends on: 994782
When removing selfURI from AppendPolicy, we can further delete it from AppendCSPFromHeader, see:

/content/base/src/nsDocument.cpp (View Hg log or Hg annotations)
line 2635 -- AppendCSPFromHeader(nsIContentSecurityPolicy* csp, const nsAString& aHeaderValue,
line 2841 -- rv = AppendCSPFromHeader(csp, cspHeaderValue, selfURI, false, true);
line 2844 -- rv = AppendCSPFromHeader(csp, cspOldHeaderValue, selfURI, false, false);
line 2850 -- rv = AppendCSPFromHeader(csp, cspROHeaderValue, selfURI, true, true);
line 2853 -- rv = AppendCSPFromHeader(csp, cspOldROHeaderValue, selfURI, true, false);
Attached patch remove-AppendPolicy-selfURI (obsolete) — Splinter Review
Proposed patch.  This will have merge conflicts if another patch removes "specCompliant" from nsIContentSecurityPolicy::AppendPolicy().  Trivially fixed, but heads up.
Also, pushed this along with bug 994872, bug 991468 and bug 994782 to try to see how they do:
https://tbpl.mozilla.org/?tree=Try&rev=23c1af15cb65
Attachment #8431972 - Attachment is obsolete: true
Attachment #8462912 - Flags: review?(mozilla)
Attachment #8462912 - Flags: review?(grobinson)
Comment on attachment 8462912 [details] [diff] [review]
remove-AppendPolicy-selfURI

Review of attachment 8462912 [details] [diff] [review]:
-----------------------------------------------------------------

This is ready to land! Let's roll!
Attachment #8462912 - Flags: review?(mozilla) → review+
Attachment #8462912 - Flags: review?(grobinson) → review+
(In reply to Christoph Kerschbaumer [:ckerschb] from comment #4)
> This is ready to land! Let's roll!

But not before bug 994782.  :)
flagging dev-doc-needed since this is a change for the IDL.  We should probably update the dev-docs for the other bugs that change the API and land the same time as this (see comment 3).
Keywords: dev-doc-needed
https://hg.mozilla.org/mozilla-central/rev/5fd34036ca36
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.