Bug 1271198 - Convert Websockets to use AsyncOpen2() (r=jduell)

2024-11-25 22:01:30 +00:00 · 2016-05-19 11:54:02 +02:00 · 2016-05-19 11:54:02 +02:00 · 0e2d46a840
commit 0e2d46a840
parent d5a5ebb1c5
5 changed files with 17 additions and 28 deletions
--- a/dom/base/WebSocket.cpp
+++ b/dom/base/WebSocket.cpp
@ -1508,8 +1508,6 @@ WebSocketImpl::Init(JSContext* aCx,
    }
  }

-  // Check content policy.
-  int16_t shouldLoad = nsIContentPolicy::ACCEPT;
  nsCOMPtr<nsIDocument> originDoc = mWebSocket->GetDocumentIfCurrent();
  if (!originDoc) {
    nsresult rv = mWebSocket->CheckInnerWindowCorrectness();
@ -1520,24 +1518,6 @@ WebSocketImpl::Init(JSContext* aCx,
  }

  mOriginDocument = do_GetWeakReference(originDoc);
-  aRv = NS_CheckContentLoadPolicy(nsIContentPolicy::TYPE_WEBSOCKET,
-                                  uri,
-                                  aPrincipal,
-                                  originDoc,
-                                  EmptyCString(),
-                                  nullptr,
-                                  &shouldLoad,
-                                  nsContentUtils::GetContentPolicy(),
-                                  nsContentUtils::GetSecurityManager());
-  if (NS_WARN_IF(aRv.Failed())) {
-    return;
-  }
-
-  if (NS_CP_REJECTED(shouldLoad)) {
-    // Disallowed by content policy.
-    aRv.Throw(NS_ERROR_CONTENT_BLOCKED);
-    return;
-  }

  // Potentially the page uses the CSP directive 'upgrade-insecure-requests'.
  // In such a case we have to upgrade ws: to wss: and also update mSecure
@ -1722,6 +1702,7 @@ WebSocketImpl::AsyncOpen(nsIPrincipal* aPrincipal, uint64_t aInnerWindowID,

  aRv = mChannel->AsyncOpen(uri, asciiOrigin, aInnerWindowID, this, nullptr);
  if (NS_WARN_IF(aRv.Failed())) {
+    aRv.Throw(NS_ERROR_CONTENT_BLOCKED);
    return;
  }

@ -1792,7 +1773,7 @@ WebSocketImpl::InitializeConnection(nsIPrincipal* aPrincipal)
  wsChannel->InitLoadInfo(doc ? doc->AsDOMNode() : nullptr,
                          doc ? doc->NodePrincipal() : aPrincipal,
                          aPrincipal,
-                          nsILoadInfo::SEC_NORMAL,
+                          nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
                          nsIContentPolicy::TYPE_WEBSOCKET);

  if (!mRequestedProtocolList.IsEmpty()) {
--- a/dom/push/PushServiceWebSocket.jsm
+++ b/dom/push/PushServiceWebSocket.jsm
@ -483,7 +483,7 @@ this.PushServiceWebSocket = {
    socket.initLoadInfo(null, // aLoadingNode
                        Services.scriptSecurityManager.getSystemPrincipal(),
                        null, // aTriggeringPrincipal
-                        Ci.nsILoadInfo.SEC_NORMAL,
+                        Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
                        Ci.nsIContentPolicy.TYPE_WEBSOCKET);

    return socket;
--- a/dom/security/nsContentSecurityManager.cpp
+++ b/dom/security/nsContentSecurityManager.cpp
@ -302,7 +302,8 @@ DoContentSecurityChecks(nsIURI* aURI, nsILoadInfo* aLoadInfo)
    }

    case nsIContentPolicy::TYPE_WEBSOCKET: {
-      MOZ_ASSERT(false, "contentPolicyType not supported yet");
+      mimeTypeGuess = EmptyCString();
+      requestingContext = aLoadInfo->LoadingNode();
      break;
    }

--- a/dom/simplepush/PushService.jsm
+++ b/dom/simplepush/PushService.jsm
@ -828,7 +828,7 @@ this.PushService = {
      this._ws.initLoadInfo(null, // aLoadingNode
                            Services.scriptSecurityManager.getSystemPrincipal(),
                            null, // aTriggeringPrincipal
-                            Ci.nsILoadInfo.SEC_NORMAL,
+                            Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
                            Ci.nsIContentPolicy.TYPE_WEBSOCKET);
    }
    else if (uri.scheme === "ws") {
--- a/netwerk/protocol/websocket/WebSocketChannel.cpp
+++ b/netwerk/protocol/websocket/WebSocketChannel.cpp
@ -1400,7 +1400,14 @@ WebSocketChannel::BeginOpenInternal()
  }
 #endif

-  rv = localChannel->AsyncOpen(this, mHttpChannel);
+  nsCOMPtr<nsILoadInfo> loadInfo = localChannel->GetLoadInfo();
+  if (loadInfo && loadInfo->GetEnforceSecurity()) {
+    rv = localChannel->AsyncOpen2(this);
+  }
+  else {
+    rv = localChannel->AsyncOpen(this, nullptr);
+  }
+
  if (NS_FAILED(rv)) {
    LOG(("WebSocketChannel::BeginOpenInternal: cannot async open\n"));
    AbortSession(NS_ERROR_CONNECTION_REFUSED);
@ -3550,7 +3557,7 @@ WebSocketChannel::OnStartRequest(nsIRequest *aRequest,
                                 nsISupports *aContext)
 {
  LOG(("WebSocketChannel::OnStartRequest(): %p [%p %p] recvdhttpupgrade=%d\n",
-       this, aRequest, aContext, mRecvdHttpUpgradeTransport));
+       this, aRequest, mHttpChannel.get(), mRecvdHttpUpgradeTransport));
  MOZ_ASSERT(NS_IsMainThread(), "not main thread");
  MOZ_ASSERT(!mGotUpgradeOK, "OTA duplicated");

@ -3711,7 +3718,7 @@ WebSocketChannel::OnStopRequest(nsIRequest *aRequest,
                                nsresult aStatusCode)
 {
  LOG(("WebSocketChannel::OnStopRequest() %p [%p %p %x]\n",
-       this, aRequest, aContext, aStatusCode));
+       this, aRequest, mHttpChannel.get(), aStatusCode));
  MOZ_ASSERT(NS_IsMainThread(), "not main thread");

  ReportConnectionTelemetry();
@ -3874,7 +3881,7 @@ WebSocketChannel::OnDataAvailable(nsIRequest *aRequest,
                                    uint32_t aCount)
 {
  LOG(("WebSocketChannel::OnDataAvailable() %p [%p %p %p %llu %u]\n",
-         this, aRequest, aContext, aInputStream, aOffset, aCount));
+         this, aRequest, mHttpChannel.get(), aInputStream, aOffset, aCount));

  // This is the HTTP OnDataAvailable Method, which means this is http data in
  // response to the upgrade request and there should be no http response body