FirefoxOS/New security model: Difference between revisions

Jump to navigation Jump to search

FirefoxOS/New security model (view source)

Revision as of 03:46, 2 July 2015

1 byte added ,  2 July 2015
→‎Origins and cookie jars: correct a typo
(→‎Installing and updating: Add line breaks between three bugs)
Line 199: Line 199:
Signed content must never be considered same-origin with unsigned content, or content from another signed package. This is to ensure that unsigned content from the same https domain can't open the signed content in an <iframe> and then reach in to the opened page and use its privileges.
Signed content must never be considered same-origin with unsigned content, or content from another signed package. This is to ensure that unsigned content from the same https domain can't open the signed content in an <iframe> and then reach in to the opened page and use its privileges.


The mechanism which is used to ensure that signed packages get a unique cookie jar should also be used to make sure that principals from signed an unsigned pages are never considered same-origin.
The mechanism which is used to ensure that signed packages get a unique cookie jar should also be used to make sure that principals from signed and unsigned pages are never considered same-origin.


♦ '''Issue:''' Figure out exactly what field to use to indicate which signed package a principal belongs to.
♦ '''Issue:''' Figure out exactly what field to use to indicate which signed package a principal belongs to.
Jhao
93

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/1082558"

Navigation menu