Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2025-03-01 22:07:41 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1319904 - Ignore origin attributes in webchannel origin check. r=markh

Browse Source 
Including the attributes in the origin check causes webchannels to fail in
e.g. private browsing windows and container tabs.  We only want to compare
against the base origin URL.

MozReview-Commit-ID: AMCjf4vJF9E

--HG--
extra : rebase_source : 0267d8693dbed2e8782ccb7f5496d55bcbb70668
This commit is contained in:
Ryan Kelly 2016-11-25 15:52:02 +11:00
parent dc33a3b7dc
commit 090dab6438
2 changed files with 22 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
browser/base/content/test/general/browser_web_channel.js
View File

@ -36,6 +36,26 @@ var gTests = [
});
}
},
{
desc: "WebChannel generic message in a private window.",
run: function* () {
let promiseTestDone = new Promise(function(resolve, reject) {
let channel = new WebChannel("generic", Services.io.newURI(HTTP_PATH, null, null));
channel.listen(function(id, message, target) {
is(id, "generic");
is(message.something.nested, "hello");
channel.stopListening();
resolve();
});
});
const url = HTTP_PATH + HTTP_ENDPOINT + "?generic";
let privateWindow = yield BrowserTestUtils.openNewBrowserWindow({private: true});
yield BrowserTestUtils.openNewForegroundTab(privateWindow.gBrowser, url);
yield promiseTestDone;
yield BrowserTestUtils.closeWindow(privateWindow);
}
},
{
desc: "WebChannel two way communication",
run: function* () {

4
toolkit/modules/WebChannel.jsm
View File

@ -176,7 +176,7 @@ this.WebChannel = function(id, originOrPermission) {
// The permission manager operates on domain names rather than true
// origins (bug 1066517). To mitigate that, we explicitly check that
// the scheme is https://.
let uri = Services.io.newURI(requestPrincipal.origin, null, null);
let uri = Services.io.newURI(requestPrincipal.originNoSuffix, null, null);
if (uri.scheme != "https") {
return false;
}
@ -188,7 +188,7 @@ this.WebChannel = function(id, originOrPermission) {
} else {
// a simple URI, so just check for an exact match.
this._originCheckCallback = requestPrincipal => {
return originOrPermission.prePath === requestPrincipal.origin;
return originOrPermission.prePath === requestPrincipal.originNoSuffix;
}
}
this._originOrPermission = originOrPermission;