If chrome privileged code tries an XHR against a URL that responds with a redirect that goes to a different domain, a security error is thrown. In FF2, this would work. The cross site XHR backout busted this.

This restores the logic from FF2.

"Backing it out can't break anything!"

Comment on attachment 312869 [details] [diff] [review] Patch to fix with testcase There should already be a redirect url you can use. Please use that rather than creating your own.

Comment on attachment 312869 [details] [diff] [review] Patch to fix with testcase Asking for a1.9? There isn't a generic redirect sjs, I filed bug #426454 for that.

Comment on attachment 312869 [details] [diff] [review] Patch to fix with testcase Approval not needed. It's a blocker.

Checking in content/base/src/nsXMLHttpRequest.cpp; /cvsroot/mozilla/content/base/src/nsXMLHttpRequest.cpp,v <-- nsXMLHttpRequest.cpp new revision: 1.235; previous revision: 1.234 done Checking in content/base/test/Makefile.in; /cvsroot/mozilla/content/base/test/Makefile.in,v <-- Makefile.in new revision: 1.68; previous revision: 1.67 done RCS file: /cvsroot/mozilla/content/base/test/bug426308-redirect.sjs,v done Checking in content/base/test/bug426308-redirect.sjs; /cvsroot/mozilla/content/base/test/bug426308-redirect.sjs,v <-- bug426308-redirect.sjs initial revision: 1.1 done RCS file: /cvsroot/mozilla/content/base/test/test_bug426308.html,v done Checking in content/base/test/test_bug426308.html; /cvsroot/mozilla/content/base/test/test_bug426308.html,v <-- test_bug426308.html initial revision: 1.1 done