mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-08 10:44:56 +00:00
Bug 1257861 - Default to sending all cookies if we can't compute 3rdpartyness. r=sicking
This commit is contained in:
parent
ce83243b88
commit
76cf7eedc8
@ -41,8 +41,9 @@ function run_test() {
|
||||
let spec2 = "http://bar.com/bar.html";
|
||||
let uri1 = NetUtil.newURI(spec1);
|
||||
let uri2 = NetUtil.newURI(spec2);
|
||||
let channel1 = NetUtil.newChannel({uri: uri1, loadUsingSystemPrincipal: true});
|
||||
let channel2 = NetUtil.newChannel({uri: uri2, loadUsingSystemPrincipal: true});
|
||||
const contentPolicyType = Ci.nsIContentPolicy.TYPE_DOCUMENT;
|
||||
let channel1 = NetUtil.newChannel({uri: uri1, loadUsingSystemPrincipal: true, contentPolicyType});
|
||||
let channel2 = NetUtil.newChannel({uri: uri2, loadUsingSystemPrincipal: true, contentPolicyType});
|
||||
|
||||
// Create some file:// URIs.
|
||||
let filespec1 = "file://foo.txt";
|
||||
@ -70,12 +71,12 @@ function run_test() {
|
||||
// hierarchy. We leave that to mochitests.
|
||||
|
||||
// Test isThirdPartyChannel. As above, we can't test the bits that require
|
||||
// a load context or window heirarchy. Because of that, the code assumes
|
||||
// that these are all third-party loads.
|
||||
// a load context or window heirarchy. Because of bug 1259873, we assume
|
||||
// that these are not third-party.
|
||||
do_check_throws(function() { util.isThirdPartyChannel(null); },
|
||||
NS_ERROR_INVALID_ARG);
|
||||
do_check_true(util.isThirdPartyChannel(channel1));
|
||||
do_check_true(util.isThirdPartyChannel(channel1, uri1));
|
||||
do_check_false(util.isThirdPartyChannel(channel1));
|
||||
do_check_false(util.isThirdPartyChannel(channel1, uri1));
|
||||
do_check_true(util.isThirdPartyChannel(channel1, uri2));
|
||||
|
||||
let httpchannel1 = channel1.QueryInterface(Ci.nsIHttpChannelInternal);
|
||||
|
@ -41,7 +41,7 @@ Tests of DOM Worker Threads XHR(Bug 450452 )
|
||||
case "load": {
|
||||
ok(gotUploadLoad, "Should have gotten upload load event");
|
||||
gotLoadend = true;
|
||||
todo_is(args.data, "a=cookie_is_set", "correct data");
|
||||
is(args.data, "a=cookie_is_set", "correct data");
|
||||
document.getElementById("content").textContent = args.data;
|
||||
} break;
|
||||
case "loadend": {
|
||||
|
@ -53,13 +53,19 @@ LoadInfo::LoadInfo(nsIPrincipal* aLoadingPrincipal,
|
||||
, mParentOuterWindowID(0)
|
||||
, mEnforceSecurity(false)
|
||||
, mInitialSecurityCheckDone(false)
|
||||
, mIsThirdPartyContext(true)
|
||||
, mIsThirdPartyContext(false)
|
||||
, mForcePreflight(false)
|
||||
, mIsPreflight(false)
|
||||
{
|
||||
MOZ_ASSERT(mLoadingPrincipal);
|
||||
MOZ_ASSERT(mTriggeringPrincipal);
|
||||
|
||||
// TODO(bug 1259873): Above, we initialize mIsThirdPartyContext to false meaning
|
||||
// that consumers of LoadInfo that don't pass a context or pass a context from
|
||||
// which we can't find a window will default to assuming that they're 1st
|
||||
// party. It would be nice if we could default "safe" and assume that we are
|
||||
// 3rd party until proven otherwise.
|
||||
|
||||
// if consumers pass both, aLoadingContext and aLoadingPrincipal
|
||||
// then the loadingPrincipal must be the same as the node's principal
|
||||
MOZ_ASSERT(!aLoadingContext || !aLoadingPrincipal ||
|
||||
|
Loading…
Reference in New Issue
Block a user