Open Bug 1716730 Opened 3 years ago Updated 3 years ago

[meta] Improve NullPrincipal/ExpandedPrincipal handling

Tracking

()

Status:

NEW

People

(Reporter: ckerschb, Unassigned)

References

(Depends on 2 open bugs)

Details

(Keywords: meta, Whiteboard: [domsecurity-meta])

Christoph Kerschbaumer [:ckerschb]

Reporter

Description

•

3 years ago

There are various ways how we can improve our NullPrincipal/ExpandedPrincipal handling, most of which is important in the context of Fission and also to make Principals threadsafe.

In more detail we could improve the handling by:

Using secure PRNG when generating a NullPrincipalURI
Storing the precursor URI within NullPrincipals
Store information (maybe precursor URI) which allows to detect whether a NullPrincipal was created in a secure context
Move CSP off ExpandedPrincipals
...

Christoph Kerschbaumer [:ckerschb]

Reporter

Updated

•

3 years ago

Depends on: 1715167, 1660452, 1700675, 1548468

Christoph Kerschbaumer [:ckerschb]

Reporter

Updated

•

3 years ago

See Also: → https://bugzilla.mozilla.org/show_bug.cgi?id=1443925

BugBot [:suhaib / :marco/ :calixte]

Updated

•

3 years ago

Keywords: meta

Niklas

Updated

•

3 years ago

Assignee: nobody → ngogge

Status: NEW → ASSIGNED

Niklas

Updated

•

3 years ago

Depends on: 1734379

Niklas

Updated

•

3 years ago

Assignee: ngogge → nobody

Status: ASSIGNED → NEW

You need to log in before you can comment on or make changes to this bug.

Bugzilla

[meta] Improve NullPrincipal/ExpandedPrincipal handling

Categories

(Core :: DOM: Security, task, P3)

Tracking

()

People

(Reporter: ckerschb, Unassigned)

References

(Depends on 2 open bugs)

Details

(Keywords: meta, Whiteboard: [domsecurity-meta])

Crash Data

Security

(public)

User Story

Description

Updated

Updated

Updated

Updated

Updated

Updated