Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-24 13:21:05 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1254689 - Remove SEC_NORMAL where loadingPrincipal is SystemPrincipal or NullPrincipal (r=sicking)

Browse Source 
MozReview-Commit-ID: LKK3MGMODNI
This commit is contained in:
Christoph Kerschbaumer 2016-03-09 09:01:45 -08:00
parent f0fbe292c5
commit 007c074be0
11 changed files with 26 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
dom/html/nsHTMLDocument.cpp
View File

@ -1223,9 +1223,11 @@ nsHTMLDocument::CreateDummyChannelForCookies(nsIURI* aCodebaseURI)
// FOR ANY OTHER PURPOSE.
MOZ_ASSERT(!mChannel);
// The following channel is never openend, so it does not matter what
// securityFlags we pass; let's follow the principle of least privilege.
nsCOMPtr<nsIChannel> channel;
NS_NewChannel(getter_AddRefs(channel), aCodebaseURI, this,
nsILoadInfo::SEC_NORMAL,
nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED,
nsIContentPolicy::TYPE_INVALID);
nsCOMPtr<nsIPrivateBrowsingChannel> pbChannel =
do_QueryInterface(channel);

4
dom/jsurl/nsJSProtocolHandler.cpp
View File

@ -426,11 +426,13 @@ nsresult nsJSChannel::Init(nsIURI *aURI)
// If the resultant script evaluation actually does return a value, we
// treat it as html.
// The following channel is never openend, so it does not matter what
// securityFlags we pass; let's follow the principle of least privilege.
rv = NS_NewInputStreamChannel(getter_AddRefs(channel),
aURI,
mIOThunk,
nullPrincipal,
nsILoadInfo::SEC_NORMAL,
nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED,
nsIContentPolicy::TYPE_OTHER,
NS_LITERAL_CSTRING("text/html"));
if (NS_FAILED(rv)) return rv;

4
dom/xul/templates/nsXULTemplateQueryProcessorStorage.cpp
View File

@ -210,10 +210,12 @@ nsXULTemplateQueryProcessorStorage::GetDatasource(nsIArray* aDataSources,
nsCOMPtr<nsIChannel> channel;
nsCOMPtr<nsINode> node = do_QueryInterface(aRootNode);
// The following channel is never openend, so it does not matter what
// securityFlags we pass; let's follow the principle of least privilege.
rv = NS_NewChannel(getter_AddRefs(channel),
uri,
node,
nsILoadInfo::SEC_NORMAL,
nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED,
nsIContentPolicy::TYPE_OTHER);
NS_ENSURE_SUCCESS(rv, rv);

2
netwerk/base/nsIOService.cpp
View File

@ -1794,7 +1794,7 @@ nsIOService::SpeculativeConnectInternal(nsIURI *aURI,
nullptr, // aLoadingNode,
systemPrincipal,
nullptr, //aTriggeringPrincipal,
nsILoadInfo::SEC_NORMAL,
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
nsIContentPolicy::TYPE_OTHER,
getter_AddRefs(channel));
NS_ENSURE_SUCCESS(rv, rv);

2
netwerk/base/nsProtocolProxyService.cpp
View File

@ -1347,7 +1347,7 @@ nsProtocolProxyService::AsyncResolve(nsISupports *channelOrURI, uint32_t flags,
rv = NS_NewChannel(getter_AddRefs(channel),
uri,
systemPrincipal,
nsILoadInfo::SEC_NORMAL,
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
nsIContentPolicy::TYPE_OTHER);
NS_ENSURE_SUCCESS(rv, rv);
}

5
netwerk/cookie/CookieServiceParent.cpp
View File

@ -49,9 +49,12 @@ CreateDummyChannel(nsIURI* aHostURI, NeckoOriginAttributes& aAttrs, bool aIsPriv
return;
}
// The following channel is never openend, so it does not matter what
// securityFlags we pass; let's follow the principle of least privilege.
nsCOMPtr<nsIChannel> dummyChannel;
NS_NewChannel(getter_AddRefs(dummyChannel), dummyURI, principal,
nsILoadInfo::SEC_NORMAL, nsIContentPolicy::TYPE_INVALID);
nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED,
nsIContentPolicy::TYPE_INVALID);
nsCOMPtr<nsIPrivateBrowsingChannel> pbChannel = do_QueryInterface(dummyChannel);
if (!pbChannel) {
return;

2
netwerk/protocol/file/nsFileChannel.cpp
View File

@ -356,7 +356,7 @@ nsFileChannel::OpenContentStream(bool async, nsIInputStream **result,
rv = NS_NewChannel(getter_AddRefs(newChannel),
newURI,
nsContentUtils::GetSystemPrincipal(),
nsILoadInfo::SEC_NORMAL,
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
nsIContentPolicy::TYPE_OTHER);
if (NS_FAILED(rv))

5
netwerk/protocol/viewsource/nsViewSourceChannel.cpp
View File

@ -65,7 +65,8 @@ nsViewSourceChannel::Init(nsIURI* uri)
// This function is called from within nsViewSourceHandler::NewChannel2
// and sets the right loadInfo right after returning from this function.
// Until then we follow the principal of least privilege and use
// nullPrincipal as the loadingPrincipal.
// nullPrincipal as the loadingPrincipal and the least permissive
// securityflag.
nsCOMPtr<nsIPrincipal> nullPrincipal = nsNullPrincipal::Create();
NS_ENSURE_TRUE(nullPrincipal, NS_ERROR_FAILURE);
@ -75,7 +76,7 @@ nsViewSourceChannel::Init(nsIURI* uri)
nullptr, // aLoadingNode
nullPrincipal,
nullptr, // aTriggeringPrincipal
nsILoadInfo::SEC_NORMAL,
nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED,
nsIContentPolicy::TYPE_OTHER,
getter_AddRefs(mChannel));
NS_ENSURE_SUCCESS(rv, rv);

2
netwerk/protocol/wyciwyg/WyciwygChannelChild.cpp
View File

@ -108,7 +108,7 @@ WyciwygChannelChild::Init(nsIURI* uri)
&requestingPrincipalInfo);
mozilla::ipc::PrincipalToPrincipalInfo(nsContentUtils::GetSystemPrincipal(),
&triggeringPrincipalInfo);
securityFlags = nsILoadInfo::SEC_NORMAL;
securityFlags = nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL;
policyType = nsIContentPolicy::TYPE_OTHER;
}

4
parser/xml/nsSAXXMLReader.cpp
View File

@ -499,12 +499,14 @@ nsSAXXMLReader::ParseFromStream(nsIInputStream *aStream,
nsCOMPtr<nsIPrincipal> nullPrincipal = nsNullPrincipal::Create();
NS_ENSURE_TRUE(nullPrincipal, NS_ERROR_FAILURE);
// The following channel is never openend, so it does not matter what
// securityFlags we pass; let's follow the principle of least privilege.
nsCOMPtr<nsIChannel> parserChannel;
rv = NS_NewInputStreamChannel(getter_AddRefs(parserChannel),
mBaseURI,
aStream,
nullPrincipal,
nsILoadInfo::SEC_NORMAL,
nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED,
nsIContentPolicy::TYPE_OTHER,
nsDependentCString(aContentType));
if (!parserChannel || NS_FAILED(rv))

4
rdf/base/nsRDFXMLParser.cpp
View File

@ -118,12 +118,14 @@ nsRDFXMLParser::ParseString(nsIRDFDataSource* aSink, nsIURI* aBaseURI, const nsA
nsCOMPtr<nsIPrincipal> nullPrincipal = nsNullPrincipal::Create();
NS_ENSURE_TRUE(nullPrincipal, NS_ERROR_FAILURE);
// The following channel is never openend, so it does not matter what
// securityFlags we pass; let's follow the principle of least privilege.
nsCOMPtr<nsIChannel> channel;
rv = NS_NewInputStreamChannel(getter_AddRefs(channel),
aBaseURI,
stream,
nullPrincipal,
nsILoadInfo::SEC_NORMAL,
nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED,
nsIContentPolicy::TYPE_OTHER,
NS_LITERAL_CSTRING("text/xml"));
if (NS_FAILED(rv)) return rv;