Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-08 10:44:56 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1257861 - Default to sending all cookies if we can't compute 3rdpartyness. r=sicking

Browse Source
This commit is contained in:
Blake Kaplan 2016-03-25 14:47:31 -07:00
parent ce83243b88
commit 76cf7eedc8
3 changed files with 15 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
dom/base/test/unit/test_thirdpartyutil.js
View File

@ -41,8 +41,9 @@ function run_test() {
let spec2 = "http://bar.com/bar.html";
let uri1 = NetUtil.newURI(spec1);
let uri2 = NetUtil.newURI(spec2);
let channel1 = NetUtil.newChannel({uri: uri1, loadUsingSystemPrincipal: true});
let channel2 = NetUtil.newChannel({uri: uri2, loadUsingSystemPrincipal: true});
const contentPolicyType = Ci.nsIContentPolicy.TYPE_DOCUMENT;
let channel1 = NetUtil.newChannel({uri: uri1, loadUsingSystemPrincipal: true, contentPolicyType});
let channel2 = NetUtil.newChannel({uri: uri2, loadUsingSystemPrincipal: true, contentPolicyType});
// Create some file:// URIs.
let filespec1 = "file://foo.txt";
@ -70,12 +71,12 @@ function run_test() {
// hierarchy. We leave that to mochitests.
// Test isThirdPartyChannel. As above, we can't test the bits that require
// a load context or window heirarchy. Because of that, the code assumes
// that these are all third-party loads.
// a load context or window heirarchy. Because of bug 1259873, we assume
// that these are not third-party.
do_check_throws(function() { util.isThirdPartyChannel(null); },
NS_ERROR_INVALID_ARG);
do_check_true(util.isThirdPartyChannel(channel1));
do_check_true(util.isThirdPartyChannel(channel1, uri1));
do_check_false(util.isThirdPartyChannel(channel1));
do_check_false(util.isThirdPartyChannel(channel1, uri1));
do_check_true(util.isThirdPartyChannel(channel1, uri2));
let httpchannel1 = channel1.QueryInterface(Ci.nsIHttpChannelInternal);

2
dom/workers/test/test_xhr_3rdparty.html
View File

@ -41,7 +41,7 @@ Tests of DOM Worker Threads XHR(Bug 450452 )
case "load": {
ok(gotUploadLoad, "Should have gotten upload load event");
gotLoadend = true;
todo_is(args.data, "a=cookie_is_set", "correct data");
is(args.data, "a=cookie_is_set", "correct data");
document.getElementById("content").textContent = args.data;
} break;
case "loadend": {

8
netwerk/base/LoadInfo.cpp
View File

@ -53,13 +53,19 @@ LoadInfo::LoadInfo(nsIPrincipal* aLoadingPrincipal,
, mParentOuterWindowID(0)
, mEnforceSecurity(false)
, mInitialSecurityCheckDone(false)
, mIsThirdPartyContext(true)
, mIsThirdPartyContext(false)
, mForcePreflight(false)
, mIsPreflight(false)
{
MOZ_ASSERT(mLoadingPrincipal);
MOZ_ASSERT(mTriggeringPrincipal);
// TODO(bug 1259873): Above, we initialize mIsThirdPartyContext to false meaning
// that consumers of LoadInfo that don't pass a context or pass a context from
// which we can't find a window will default to assuming that they're 1st
// party. It would be nice if we could default "safe" and assume that we are
// 3rd party until proven otherwise.
// if consumers pass both, aLoadingContext and aLoadingPrincipal
// then the loadingPrincipal must be the same as the node's principal
MOZ_ASSERT(!aLoadingContext || !aLoadingPrincipal ||