Closed Bug 1226437 Opened 9 years ago Closed 9 years ago

Meta CSP should not overwrite referrer policy when speculatively applied

Tracking

()

Status:

RESOLVED FIXED

Milestone:

mozilla45

Tracking Flags:

Tracking

Status

firefox45

---

fixed

People

(Reporter: ckerschb, Assigned: ckerschb)

References

Details

Attachments

(1 file, 1 obsolete file)

bug_1226437_meta_csp_referrer_regression.patch 9 years ago Christoph Kerschbaumer [:ckerschb] (deleted), patch	sicking : review+	Details \| Diff \| Splinter Review
bug_1226437_meta_csp_referrer_regression.patch 9 years ago Christoph Kerschbaumer [:ckerschb] (deleted), patch	ckerschb : review+	Details \| Diff \| Splinter Review

Christoph Kerschbaumer [:ckerschb]

Assignee

Description

•

9 years ago

No description provided.

Christoph Kerschbaumer [:ckerschb]

Assignee

Updated

•

9 years ago

Assignee: nobody → mozilla

Blocks: 663570

Status: NEW → ASSIGNED

Jonas Sicking (:sicking) No longer reading bugmail consistently

Comment 1

•

9 years ago

We should treat referrer policies found in a <meta csp> the same way as we treat <meta referrer>. There's a bunch of code in place to handle that which makes sure that we never use a resource fetched with the wrong referrer.

Jonas Sicking (:sicking) No longer reading bugmail consistently

Comment 2

•

9 years ago

...so it'd be nice to leverage that existing code.

Christoph Kerschbaumer [:ckerschb]

Assignee

Comment 3

•

9 years ago

Attached patch bug_1226437_meta_csp_referrer_regression.patch (obsolete) (deleted) — Details — Splinter Review

Jonas, as discussed over IRC speculate meta csp should only set speculative referrer policy and not the *actual* referrer policy.

Attachment #8689848 - Flags: review?(jonas)

Jonas Sicking (:sicking) No longer reading bugmail consistently

Comment 4

•

9 years ago

Comment on attachment 8689848 [details] [diff] [review] bug_1226437_meta_csp_referrer_regression.patch Review of attachment 8689848 [details] [diff] [review]: ----------------------------------------------------------------- ::: parser/html/nsHtml5TreeOpExecutor.cpp @@ +1022,5 @@ > +{ > + // Record "speculated" referrer policy locally and thread through the > + // speculation phase. The actual referrer policy will be set by > + // HTMLMetaElement::BindToTree(). > + mSpeculationReferrerPolicy = aReferrerPolicy; Don't move this function. It'll just make hg-history messier.

Attachment #8689848 - Flags: review?(jonas) → review+

Christoph Kerschbaumer [:ckerschb]

Assignee

Comment 5

•

9 years ago

Attached patch bug_1226437_meta_csp_referrer_regression.patch (deleted) — Details — Splinter Review

Attachment #8689848 - Attachment is obsolete: true

Attachment #8690157 - Flags: review+

Christoph Kerschbaumer [:ckerschb]

Assignee

Updated

•

9 years ago

Keywords: checkin-needed

Pulsebot

Comment 6

•

9 years ago

https://hg.mozilla.org/integration/mozilla-inbound/rev/0db00ad2b8a8

Keywords: checkin-needed

Wes Kocher (:KWierso) (Not reading bugmail; email directly if needed)

Comment 7

•

9 years ago

bugherder

https://hg.mozilla.org/mozilla-central/rev/0db00ad2b8a8

Status: ASSIGNED → RESOLVED

Closed: 9 years ago

status-firefox45: --- → fixed

Resolution: --- → FIXED

Target Milestone: --- → mozilla45

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Meta CSP should not overwrite referrer policy when speculatively applied

Categories

(Core :: DOM: Security, defect)

Tracking

()

People

(Reporter: ckerschb, Assigned: ckerschb)

References

Details

Crash Data

Security

(public)

User Story

Attachments

(1 file, 1 obsolete file)

Description

Updated

Comment 1

Comment 2

Comment 3

Comment 4

Comment 5

Updated

Comment 6

Comment 7

Attachment

General

Description

File Name

Content Type