Mercurial > mozilla-central / changeset / 9e8a703809578d524c4f102b710bc72624bc0929
summary | shortlog | changelog | pushlog | graph | tags | bookmarks | branches | files | changeset | raw | zip | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Bug 1233895 - Make Feeds.jsm properly handle principal origin attributes when loading subresources. r=sicking
authorDave Huseby <dhuseby@mozilla.com>
Mon, 21 Mar 2016 16:41:00 -0400
changeset 289611 9e8a703809578d524c4f102b710bc72624bc0929
parent 289610 9034f1d7db43f3c4bd8540763752a2e1861b1424
child 289612 3587b25bae302c1eed72968dbd7cef883e715948
push id30107
push usercbook@mozilla.com
push dateTue, 22 Mar 2016 10:00:23 +0000
treeherdermozilla-central@3587b25bae30 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssicking
bugs1233895
milestone48.0a1
first release with
nightly linux32
3587b25bae30 / 48.0a1 / 20160322030417 / files
nightly linux64
3587b25bae30 / 48.0a1 / 20160322030417 / files
nightly mac
3587b25bae30 / 48.0a1 / 20160322030417 / files
nightly win32
3587b25bae30 / 48.0a1 / 20160322030417 / files
nightly win64
3587b25bae30 / 48.0a1 / 20160322030417 / files
last release without
nightly linux32
f14898695ee0 / 48.0a1 / 20160321030217 / files
nightly linux64
f14898695ee0 / 48.0a1 / 20160321030217 / files
nightly mac
f14898695ee0 / 48.0a1 / 20160321030217 / files
nightly win32
f14898695ee0 / 48.0a1 / 20160321030217 / files
nightly win64
f14898695ee0 / 48.0a1 / 20160321030217 / files
Bug 1233895 - Make Feeds.jsm properly handle principal origin attributes when loading subresources. r=sicking
browser/modules/Feeds.jsm file | annotate | diff | comparison | revisions 
--- a/browser/modules/Feeds.jsm
+++ b/browser/modules/Feeds.jsm
@@ -78,19 +78,21 @@ this.Feeds = {
     var type = aLink.type.toLowerCase().replace(/^\s+|\s*(?:;.*)?$/g, "");
     if (!aIsFeed) {
       aIsFeed = (type == "application/rss+xml" ||
                  type == "application/atom+xml");
     }
 
     if (aIsFeed) {
       // re-create the principal as it may be a CPOW.
+      // once this can't be a CPOW anymore, we should just use aPrincipal instead
+      // of creating a new one.
       let principalURI = BrowserUtils.makeURIFromCPOW(aPrincipal.URI);
       let principalToCheck =
-        Services.scriptSecurityManager.createCodebasePrincipal(principalURI, {});
+        Services.scriptSecurityManager.createCodebasePrincipal(principalURI, aPrincipal.originAttributes);
       try {
         BrowserUtils.urlSecurityCheck(aLink.href, principalToCheck,
                                       Ci.nsIScriptSecurityManager.DISALLOW_INHERIT_PRINCIPAL);
         return type || "application/rss+xml";
       }
       catch(ex) {
       }
     }
mozilla-central
Deployed from 3d2029ff5e1b at 2022-09-06T15:28:55Z.