Bug 1541860 - Omit cookies sent when preloading intermediates r=johannh
authorJ.C. Jones <jjones@mozilla.com>
Thu, 04 Apr 2019 21:43:34 +0000
changeset 471752 87be514024ac53ab6362ffc26610c063d50abe07
parent 471751 0e93a381964bd65bf2785c7856b3d9806094f13e
child 471753 21ef00977ab69cd330d727d582fef291276391c4
push id35934
push usershindli@mozilla.com
push dateMon, 29 Apr 2019 21:53:38 +0000
treeherdermozilla-central@f6766ba4ac77 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjohannh
bugs1541860
milestone68.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1541860 - Omit cookies sent when preloading intermediates r=johannh Intermediate preloading was including cookies during attachment fetches to our Kinto attachment servers. There's no reason for that, so let's not. Differential Revision: https://phabricator.services.mozilla.com/D26193
security/manager/ssl/RemoteSecuritySettings.jsm
--- a/security/manager/ssl/RemoteSecuritySettings.jsm
+++ b/security/manager/ssl/RemoteSecuritySettings.jsm
@@ -24,17 +24,19 @@ const INTERMEDIATES_PRELOADED_TELEMETRY 
 const INTERMEDIATES_UPDATE_MS_TELEMETRY  = "INTERMEDIATE_PRELOADING_UPDATE_TIME_MS";
 
 XPCOMUtils.defineLazyGlobalGetters(this, ["fetch"]);
 
 XPCOMUtils.defineLazyGetter(this, "gTextDecoder", () => new TextDecoder());
 
 XPCOMUtils.defineLazyGetter(this, "baseAttachmentsURL", async () => {
   const server = Services.prefs.getCharPref("services.settings.server");
-  const serverInfo = await (await fetch(`${server}/`)).json();
+  const serverInfo = await (await fetch(`${server}/`, {
+    credentials: "omit",
+  })).json();
   const {capabilities: {attachments: {base_url}}} = serverInfo;
   return base_url;
 });
 
 XPCOMUtils.defineLazyGetter(this, "log", () => {
   let { ConsoleAPI } = ChromeUtils.import("resource://gre/modules/Console.jsm");
   return new ConsoleAPI({
     prefix: "RemoteSecuritySettings.jsm",
@@ -163,18 +165,20 @@ this.RemoteSecuritySettings = class Remo
      * @return {Promise}          resolves to a Uint8Array on success
      */
     async _downloadAttachmentBytes(record) {
       const {attachment: {location}} = record;
       const remoteFilePath = (await baseAttachmentsURL) + location;
       const headers = new Headers();
       headers.set("Accept-Encoding", "gzip");
 
-      return fetch(remoteFilePath, {headers})
-      .then(resp => {
+      return fetch(remoteFilePath, {
+        headers,
+        credentials: "omit",
+      }).then(resp => {
         log.debug(`Download fetch completed: ${resp.ok} ${resp.status}`);
         if (!resp.ok) {
           Cu.reportError(`Failed to fetch ${remoteFilePath}: ${resp.status}`);
 
           Services.telemetry.getHistogramById(INTERMEDIATES_ERRORS_TELEMETRY)
             .add("failedToFetch");
 
           return Promise.reject();