Closed Bug 376189 Opened 18 years ago Closed 17 years ago

Show Only This Frame and Open Frame in New Window/Tab don't send referrer.

Categories

(Firefox :: Menus, defect)

Product:
Firefox
Component:
Menus
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Firefox 3 alpha8

People

(Reporter: florian, Assigned: florian)

References

(
URL
)

Details

Attachments

(1 file, 2 obsolete files)

patch v3
(deleted), patch
asaf
: review+
Details | Diff | Splinter Review
Attached patch patch v1 (obsolete) (deleted) — Splinter Review
The frame is reloaded without sending the referrer HTTP header and the server can potentially send a different answer.
Attachment #260292 - Flags: review?(mano)
Comment on attachment 260292 [details] [diff] [review] patch v1 Canceling review request until the meta refresh issue we've discussed is figured.
Attachment #260292 - Flags: review?(mano)
Attached patch patch v2 (obsolete) (deleted) — Splinter Review
In showOnlyThisFrame, I removed the try/catch because I think that when loading is denied, it is better to have a message in the error console. In viewImage and viewBGImage, there is no try/catch around urlSecurityCheck.
Assignee: nobody → f.qu
Attachment #260292 - Attachment is obsolete: true
Status: NEW → ASSIGNED
Attachment #271822 - Flags: review?(mano)
(In reply to comment #3) > comment 1? > This issue in comment 1 about the first version of the patch was that I used the url of the parent frame as the referrer, which was not the good referring url in case of a meta refresh of the frame. In the version 2 of the patch, I always use this.target.ownerDocument.referrer which should always be good. If you want, you can test it with the iframe in: http://mozilla.queze.net/testcase/ref.php
Comment on attachment 271822 [details] [diff] [review] patch v2 >Index: browser/base/content/nsContextMenu.js >=================================================================== >RCS file: /cvsroot/mozilla/browser/base/content/nsContextMenu.js,v >retrieving revision 1.16 >diff -U 8 -p -r1.16 nsContextMenu.js >--- browser/base/content/nsContextMenu.js 3 Jul 2007 21:11:15 -0000 1.16 >+++ browser/base/content/nsContextMenu.js 11 Jul 2007 12:23:02 -0000 >@@ -619,40 +619,47 @@ nsContextMenu.prototype = { > > // Open linked-to URL in a new tab. > openLinkInTab: function() { > openNewTabWith(this.linkURL, this.target.ownerDocument, null, null, false); > }, > > // Open frame in a new tab. > openFrameInTab: function() { >- openNewTabWith(this.target.ownerDocument.location.href, >- null, null, null, false); >+ var doc = this.target.ownerDocument; >+ var frameURL = doc.location.href; >+ For future reference, prefer doc.documentURIObject. >+ urlSecurityCheck(frameURL, this.browser.contentPrincipal, >+ Ci.nsIScriptSecurityManager.DISALLOW_SCRIPT); I don't think this makes sense, a document can always link to itself (no security check was done here before btw). > // Reload clicked-in frame. > reloadFrame: function() { > this.target.ownerDocument.location.reload(); > }, > > // Open clicked-in frame in its own window. > openFrame: function() { >- openNewWindowWith(this.target.ownerDocument.location.href, >- null, null, false); >+ var doc = this.target.ownerDocument; >+ var frameURL = doc.location.href; >+ >+ urlSecurityCheck(frameURL, this.browser.contentPrincipal, >+ Ci.nsIScriptSecurityManager.DISALLOW_SCRIPT); ditto >+ openNewWindowWith(frameURL, null, null, false, makeURI(doc.referrer)); > }, > > // Open clicked-in frame in the same window. > showOnlyThisFrame: function() { >- var frameURL = this.target.ownerDocument.location.href; >+ var doc = this.target.ownerDocument; >+ var frameURL = doc.location.href; > >- try { >- urlSecurityCheck(frameURL, this.browser.contentPrincipal, >- Ci.nsIScriptSecurityManager.DISALLOW_SCRIPT); >- this.browser.loadURI(frameURL); >- } catch(e) {} >+ urlSecurityCheck(frameURL, this.browser.contentPrincipal, >+ Ci.nsIScriptSecurityManager.DISALLOW_SCRIPT); hrm, not sure about this case so please do keep it. >Index: browser/base/content/utilityOverlay.js >=================================================================== >RCS file: /cvsroot/mozilla/browser/base/content/utilityOverlay.js,v >retrieving revision 1.52 >diff -U 8 -p -r1.52 utilityOverlay.js >--- browser/base/content/utilityOverlay.js 30 Jun 2007 01:47:53 -0000 1.52 >+++ browser/base/content/utilityOverlay.js 11 Jul 2007 12:23:02 -0000 >@@ -520,19 +520,22 @@ function getBrowserFromContentWindow(aCo > * Form POST data, or null. > * @param aEvent > * The triggering event (for the purpose of determining whether to open > * in the background), or null. > * @param aAllowThirdPartyFixup > * If true, then we allow the URL text to be sent to third party services > * (e.g., Google's I Feel Lucky) for interpretation. This parameter may > * be undefined in which case it is treated as false. >+ * @param aReferrer >+ * If aDocument is null, then this will be used as the referrer. >+ * There will be no security check. > */ hrm, @param [optional]?
Attachment #271822 - Flags: review?(mano) → review-
Attached patch patch v3 (deleted) — Splinter Review
Attachment #271822 - Attachment is obsolete: true
Attachment #277247 - Flags: review?(mano)
Comment on attachment 277247 [details] [diff] [review] patch v3 r=mano
Attachment #277247 - Flags: review?(mano) → review+
Keywords: checkin-needed
browser/base/content/nsContextMenu.js 1.23 browser/base/content/utilityOverlay.js 1.53
Status: ASSIGNED → RESOLVED
Closed: 17 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
Target Milestone: --- → Firefox 3 M8
Depends on: 396241
Depends on: 423833
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: