Hi everyone, we are about to move security checks from 'before creating a channel' in Gecko to 'when the channel is actually opened' in Necko. We do this for several reasons:
(i) If no security check is performed in Gecko before creating the channel, then no security check is performed at all. We would like to move away from that practice and make sure that security checks are always performed before a channel is opened. Also, different channels need different security checks (SOP, CORS, CSP, MixedContent, etc.) and it was hard to follow what security checks are performed at each callsite. When moving security checks into Necko, we have one central point, that all channels have to pass through before the channel is actually allowed to be opened. (ii) Once a channel was created, we didn't know who initiated the load or what content type the channel is loading. Hence we attach a loadInfo object at creation time of every channel. This loadinfo allows us to reason about security throughout the lifetime of a channel. From now on, we don't allow any channels to be created using the old NewChannel-API. Please use NewChannel2 and provide the necessary security/loadinfo arguments. Please find a description of each argument here [1]. (iii) Further, this loadInfo also allows us to perform security checks after redirects at one central point in our code. === Attention Addon developers === Addons using the deprecated NewChannel-API will continue to work in release code. If used in debug builds however, those addons will also hit the newly added assertions in NewChannel (see [2]). Please be aware and start migrating your addons to use new NewChannel2 API for creating channels. I am happy to answer any additional questions! Cheers, Christoph [1] http://mxr.mozilla.org/mozilla-central/source/netwerk/base/nsIIOService.idl#73 [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1162657 _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
