On 1/26/16 12:42 AM, Cameron Kaiser wrote:
Currently, it sets ALLOWS_PROXY | ALLOWS_PROXY_HTTP | URI_IS_LOADABLE_BY_ANYONE | URI_IS_UI_RESOURCE.
Those last two flags are defined to be mutually exclusive; setting both has undefined behavior in the sense that code will and does assume they are not both set and might check for one and do something, ignoring the other.
There should not generally be a security error for loading a URI_IS_LOADABLE_BY_ANYONE thing; that's what LOADABLE_BY_ANYONE means. It would be good to figure out why you get an error there (or even just using mozregression to find who broke it).
Or, can I use resource:// here?
It really depends on what principal the page linking to this thing is running as...
-Boris _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
