Closed
Bug 1175480
Opened 10 years ago
Closed 10 years ago
Expose the external content policy type from the load info objects
Categories
(Core :: DOM: Core & HTML, defect)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
FIXED
mozilla41
| Tracking | Status | |
|---|---|---|
| firefox41 | --- | fixed |
People
(Reporter: ehsan.akhgari, Assigned: ehsan.akhgari)
References
Details
Attachments
(1 file, 1 obsolete file)
|
4.71 KB,
patch
|
smaug
:
review+
|
Details | Diff | Splinter Review |
Consumers of this type need to deal with the external content policy
types. One example is HttpObserverManager.runChannelListener in
WebRequest.jsm.
|
Assignee | |
Comment 1•10 years ago
|
||
Attachment #8623610 -
Flags: review?(bugs)
|
|
Assignee | |
Updated•10 years ago
|
|
|
Assignee | |
Comment 2•10 years ago
|
||
Consumers of this type need to deal with the external content policy
types. One example is HttpObserverManager.runChannelListener in
WebRequest.jsm.
Attachment #8623610 -
Attachment is obsolete: true
Attachment #8623610 -
Flags: review?(bugs)
Attachment #8623611 -
Flags: review?(bugs)
|
||
Comment 3•10 years ago
|
||
Comment on attachment 8623611 [details] [diff] [review]
Expose the external content policy type from the load info objects
We really should have some other type for _INTERNAL_ to make it clear when one
deals with internal and when external contentpolicytypes.
But that is not about this bug.
> /**
>- * The contentPolicyType of the channel, used for security checks
>+ * The external contentPolicyType of the channel, used for security checks
> * like Mixed Content Blocking and Content Security Policy.
> */
Could you still emphasize that _INTERNAL_ values aren't ever returned.
> /**
>+ * The internal contentPolicyType of the channel, used for constructing
>+ * RequestContext values when creating a fetch event for an intercepted
>+ * channel.
>+ *
>+ * This should not be used for the purposes of security checks. Please
>+ * use the contentPolicyType attribute above for that purpose.
Why this shouldn't be used for security checks?
I would just drop the latter paragraph (or explain why this shouldn't be used for security checks).
Attachment #8623611 -
Flags: review?(bugs) → review+
|
|
Assignee | |
Comment 4•10 years ago
|
||
(In reply to Olli Pettay [:smaug] from comment #3)
> > /**
> >+ * The internal contentPolicyType of the channel, used for constructing
> >+ * RequestContext values when creating a fetch event for an intercepted
> >+ * channel.
> >+ *
> >+ * This should not be used for the purposes of security checks. Please
> >+ * use the contentPolicyType attribute above for that purpose.
> Why this shouldn't be used for security checks?
Because the content policy implementations are only expected to be able to deal with external types.
> I would just drop the latter paragraph (or explain why this shouldn't be
> used for security checks).
I'll explain more in the comment.
|
||
Comment 6•10 years ago
|
||
sorry had to back this out again, seems this and the other landing caused test failures like https://treeherder.mozilla.org/logviewer.html#?job_id=10918636&repo=mozilla-inbound
Flags: needinfo?(ehsan)
|
|
Assignee | |
Comment 8•10 years ago
|
||
This should be innocent. Relanded: https://hg.mozilla.org/integration/mozilla-inbound/rev/2d456668f53c
Flags: needinfo?(ehsan)
|
|
||
Comment 9•10 years ago
|
||
Status: NEW → RESOLVED
Closed: 10 years ago
status-firefox41:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla41
|
||
Updated•7 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•