Bug 163950 - allow opening connections for XML data transfer services when document.domain has been set. r=jst, sr=heikki.

2025-02-27 12:50:09 +00:00 · 2003-05-28 23:22:36 +00:00 · 2003-05-28 23:22:36 +00:00 · 11919bb299
commit 11919bb299
parent 0ed8e8a306
2 changed files with 17 additions and 5 deletions
--- a/caps/include/nsScriptSecurityManager.h
+++ b/caps/include/nsScriptSecurityManager.h
@ -323,7 +323,8 @@ private:
    nsresult
    CheckSameOriginDOMProp(nsIPrincipal* aSubject, 
                           nsIPrincipal* aObject,
-                           PRUint32 aAction);
+                           PRUint32 aAction,
                           PRBool aIsCheckConnect);
    PRInt32 
    GetSecurityLevel(nsIPrincipal *principal,
--- a/caps/src/nsScriptSecurityManager.cpp
+++ b/caps/src/nsScriptSecurityManager.cpp
@ -590,7 +590,8 @@ nsScriptSecurityManager::CheckSameOriginPrincipal(nsIPrincipal* aSourcePrincipal
                                                  nsIPrincipal* aTargetPrincipal)
 {
    return CheckSameOriginDOMProp(aSourcePrincipal, aTargetPrincipal,
-                                  nsIXPCSecurityManager::ACCESS_SET_PROPERTY);
+                                  nsIXPCSecurityManager::ACCESS_SET_PROPERTY,
                                  PR_FALSE);
 }
@ -724,7 +725,8 @@ nsScriptSecurityManager::CheckPropertyAccessImpl(PRUint32 aAction,
                    NS_ERROR("CheckPropertyAccessImpl called without a target object or URL");
                    return NS_ERROR_FAILURE;
                }
-                rv = CheckSameOriginDOMProp(subjectPrincipal, objectPrincipal, aAction);
+                rv = CheckSameOriginDOMProp(subjectPrincipal, objectPrincipal,
                                            aAction, (PRBool)aTargetURI);
                break;
            }
        default:
@ -849,7 +851,8 @@ nsScriptSecurityManager::CheckPropertyAccessImpl(PRUint32 aAction,
 nsresult
 nsScriptSecurityManager::CheckSameOriginDOMProp(nsIPrincipal* aSubject,
                                                nsIPrincipal* aObject,
-                                                PRUint32 aAction)
+                                                PRUint32 aAction,
                                                PRBool aIsCheckConnect)
 {
    nsresult rv;
    /*
@ -867,6 +870,14 @@ nsScriptSecurityManager::CheckSameOriginDOMProp(nsIPrincipal* aSubject,
        // explicitly setting document.domain then the other must also have
        // done so in order to be considered the same origin. This prevents
        // DNS spoofing based on document.domain (154930)
        // But this restriction does not apply to CheckConnect calls, since
        // that's called for data-only load checks like XMLHTTPRequest, where
        // the target document has not yet loaded and can't have set its domain
        // (bug 163950)
        if (aIsCheckConnect)
            return NS_OK;
        nsCOMPtr<nsIAggregatePrincipal> subjectAgg(do_QueryInterface(aSubject, &rv));
        NS_ENSURE_SUCCESS(rv, rv);
        PRBool subjectSetDomain = PR_FALSE;