зеркало из https://github.com/mozilla/gecko-dev.git
27c96362b9
There are several ways that expanded principals can be used as triggering principals for requests. While that works fine for security checks, it also sometimes causes them to be inherited, and used as result principals in contexts where expanded principals aren't allowed. This patch changes our inheritance behavior so that expanded principals are downgraded to the most appropriate constituent principal when they would otherwise be inherited. The logic for choosing the most appropriate principal is a bit suspect, and may eventually need to be changed to always select the last whitelist principal, but I chose it to preserve the current principal downgrade behavior used by XMLHttpRequest for the time being. MozReview-Commit-ID: 9fvAKr2e2fa --HG-- extra : rebase_source : c30df1b3851c11fed5a1d6a7fb158cec14933182 |
||
---|---|---|
.. | ||
tests | ||
BasePrincipal.cpp | ||
BasePrincipal.h | ||
ContentPrincipal.cpp | ||
ContentPrincipal.h | ||
DomainPolicy.cpp | ||
DomainPolicy.h | ||
ExpandedPrincipal.cpp | ||
ExpandedPrincipal.h | ||
NullPrincipal.cpp | ||
NullPrincipal.h | ||
NullPrincipalURI.cpp | ||
NullPrincipalURI.h | ||
OriginAttributes.cpp | ||
OriginAttributes.h | ||
SystemPrincipal.cpp | ||
SystemPrincipal.h | ||
moz.build | ||
nsIAddonPolicyService.idl | ||
nsIDomainPolicy.idl | ||
nsIPrincipal.idl | ||
nsIScriptSecurityManager.idl | ||
nsJSPrincipals.cpp | ||
nsJSPrincipals.h | ||
nsScriptSecurityManager.cpp | ||
nsScriptSecurityManager.h |