Closed Bug 991474 Opened 6 years ago Closed 5 years ago
CSP in C++: Remove self
URI from Append Policy after removing the old parser
The new CSP parser implementation is going to use the selfURI provided in > void setRequestContext(in nsIURI selfURI, > in nsIURI referrer, > in nsIPrincipal documentPrincipal, > in nsIChannel aChannel); and therefore we can remove it from > void appendPolicy(in AString policyString, in nsIURI selfURI, > in boolean reportOnly, in boolean specCompliant); because it's not going to be used any longer.
Assignee: nobody → sstamm
Status: NEW → ASSIGNED
When removing selfURI from AppendPolicy, we can further delete it from AppendCSPFromHeader, see: /content/base/src/nsDocument.cpp (View Hg log or Hg annotations) line 2635 -- AppendCSPFromHeader(nsIContentSecurityPolicy* csp, const nsAString& aHeaderValue, line 2841 -- rv = AppendCSPFromHeader(csp, cspHeaderValue, selfURI, false, true); line 2844 -- rv = AppendCSPFromHeader(csp, cspOldHeaderValue, selfURI, false, false); line 2850 -- rv = AppendCSPFromHeader(csp, cspROHeaderValue, selfURI, true, true); line 2853 -- rv = AppendCSPFromHeader(csp, cspOldROHeaderValue, selfURI, true, false);
Proposed patch. This will have merge conflicts if another patch removes "specCompliant" from nsIContentSecurityPolicy::AppendPolicy(). Trivially fixed, but heads up.
Also, pushed this along with bug 994872, bug 991468 and bug 994782 to try to see how they do: https://tbpl.mozilla.org/?tree=Try&rev=23c1af15cb65
Comment on attachment 8462912 [details] [diff] [review] remove-AppendPolicy-selfURI Review of attachment 8462912 [details] [diff] [review]: ----------------------------------------------------------------- This is ready to land! Let's roll!
Attachment #8462912 - Flags: review?(mozilla) → review+
Attachment #8462912 - Flags: review?(grobinson) → review+
(In reply to Christoph Kerschbaumer [:ckerschb] from comment #4) > This is ready to land! Let's roll! But not before bug 994782. :)
flagging dev-doc-needed since this is a change for the IDL. We should probably update the dev-docs for the other bugs that change the API and land the same time as this (see comment 3).
Target Milestone: --- → mozilla34
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.