Open
Bug 1344819
Opened 8 years ago
Updated 2 years ago
Investigate if triggeringPrincipal should be queried from mOSHE within docShell
Categories
(Core :: DOM: Security, enhancement, P3)
Core
DOM: Security
Tracking
()
NEW
People
(Reporter: ckerschb, Unassigned)
References
Details
(Whiteboard: [domsecurity-backlog1])
As discussed with smaug (see also [0]) we should potentially *not* query the triggeringPrincipal from mOSHE when creating a new session entry [1].
This needs more investigation.
[0] https://bugzilla.mozilla.org/show_bug.cgi?id=1341754#c14
[1] https://dxr.mozilla.org/mozilla-central/source/docshell/base/nsDocShell.cpp#10416
|
Reporter | |
Updated•8 years ago
|
Priority: -- → P3
Whiteboard: [domsecurity-backlog1]
|
|
Reporter | |
Comment 1•7 years ago
|
||
Thomas, to get some more background info, you could read Comments 14 (15,16,17,...) from Bug 1341754. The essential question is, should we query the triggeringPrincipal and PrincipalToInherit from mOSHE [1] in case there is an mOSHE or not. Potentially we could remove that if-else branch and always use the else branch, but we need to do some audit.
To fix the bug, ideally we run a bunch of tests (in particular loading about: pages) and investigate the principalToInherit and TriggeringPrincipal in the different scenarios. Once we have a list of that, we can move on with the code fix.
[1] https://dxr.mozilla.org/mozilla-central/source/docshell/base/nsDocShell.cpp#10623-10634
Flags: needinfo?(tnguyen)
|
||
Comment 2•7 years ago
|
||
Thanks for the info. Assign to myself so I can take a look later
Assignee: nobody → tnguyen
Flags: needinfo?(tnguyen)
|
|
||
Updated•7 years ago
|
Assignee: tnguyen → nobody
|
|
||
Updated•6 years ago
|
Assignee: nobody → tnguyen
|
||
Updated•3 years ago
|
Assignee: tnguyen → nobody
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•