roytam1/UXP
1
0
Fork 0
mirror of https://github.com/roytam1/UXP.git synced 2026-05-26 13:58:49 +00:00
Code Issues Projects Releases Wiki Activity

Issue #2736 - Part 1: Provide more consistent principals to CSP.

Browse Source 
We're currently fairly vague and inconsistent about the values we provide to
content policy implementations for requestOrigin and requestPrincipal. In some
cases they're the triggering principal, sometimes the loading principal,
sometimes the channel principal.

Our existing content policy implementations which require or expect a
loading principal currently retrieve it from the context node.
Since no current callers require the principal to be the loading
principal, and some already expect it to be the triggering principal
(which there's currently no other way to retrieve), a choice was made
to pass the triggering principal whenever possible, but use the loading
principal to determine the origin URL.
This commit is contained in:
Moonchild
2025-04-26 20:07:16 +02:00
committed by roytam1
parent 422ca16a8e
commit 9ad680cfc4
18 changed files with 109 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docshell/base/nsDocShell.cpp
+3
View File
@@ -9951,6 +9951,9 @@ nsDocShell::InternalLoad(nsIURI* aURI,
int16_t shouldLoad = nsIContentPolicy::ACCEPT;
rv = NS_CheckContentLoadPolicy(contentType,
aURI,
// This is a top-level load, so the loading
// principal is null.
nullptr,
aTriggeringPrincipal,
requestingContext,
EmptyCString(), // mime guess