Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-26 06:11:37 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

bug 948574 - remote nsISiteSecurityService::IsSecureURI r=bz

Browse Source
This commit is contained in:
David Keeler 2014-01-07 11:31:30 -08:00
parent 4160c2d1c0
commit 12478c7858
5 changed files with 49 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
docshell/base/nsDocShell.cpp
View File

@ -21,6 +21,7 @@
#include "mozilla/Telemetry.h"
#include "mozilla/unused.h"
#include "mozilla/VisualEventTracer.h"
#include "URIUtils.h"
#ifdef MOZ_LOGGING
// so we can get logging even in release builds (but only for some things)
@ -4447,16 +4448,24 @@ nsDocShell::DisplayLoadError(nsresult aError, nsIURI *aURI,
// if this is a Strict-Transport-Security host and the cert
// is bad, don't allow overrides (STS Spec section 7.3).
nsCOMPtr<nsISiteSecurityService> sss =
do_GetService(NS_SSSERVICE_CONTRACTID, &rv);
NS_ENSURE_SUCCESS(rv, rv);
uint32_t flags =
mInPrivateBrowsing ? nsISocketProvider::NO_PERMANENT_STORAGE : 0;
uint32_t type = nsISiteSecurityService::HEADER_HSTS;
uint32_t flags = mInPrivateBrowsing
? nsISocketProvider::NO_PERMANENT_STORAGE
: 0;
bool isStsHost = false;
rv = sss->IsSecureURI(nsISiteSecurityService::HEADER_HSTS,
aURI, flags, &isStsHost);
NS_ENSURE_SUCCESS(rv, rv);
if (XRE_GetProcessType() == GeckoProcessType_Default) {
nsCOMPtr<nsISiteSecurityService> sss =
do_GetService(NS_SSSERVICE_CONTRACTID, &rv);
NS_ENSURE_SUCCESS(rv, rv);
rv = sss->IsSecureURI(type, aURI, flags, &isStsHost);
NS_ENSURE_SUCCESS(rv, rv);
} else {
mozilla::dom::ContentChild* cc =
mozilla::dom::ContentChild::GetSingleton();
mozilla::ipc::URIParams uri;
SerializeURI(aURI, uri);
cc->SendIsSecureURI(type, uri, flags, &isStsHost);
}
uint32_t bucketId;
if (isStsHost) {

19
dom/ipc/ContentParent.cpp
View File

@ -76,6 +76,7 @@
#include "nsIPresShell.h"
#include "nsIRemoteBlob.h"
#include "nsIScriptError.h"
#include "nsISiteSecurityService.h"
#include "nsIStyleSheet.h"
#include "nsISupportsPrimitives.h"
#include "nsIURIFixup.h"
@ -2722,6 +2723,24 @@ ContentParent::RecvGetRandomValues(const uint32_t& length,
return true;
}
bool
ContentParent::RecvIsSecureURI(const uint32_t& type,
const URIParams& uri,
const uint32_t& flags,
bool* isSecureURI)
{
nsCOMPtr<nsISiteSecurityService> sss(do_GetService(NS_SSSERVICE_CONTRACTID));
if (!sss) {
return false;
}
nsCOMPtr<nsIURI> ourURI = DeserializeURI(uri);
if (!ourURI) {
return false;
}
nsresult rv = sss->IsSecureURI(type, ourURI, flags, isSecureURI);
return NS_SUCCEEDED(rv);
}
bool
ContentParent::RecvLoadURIExternal(const URIParams& uri)
{

3
dom/ipc/ContentParent.h
View File

@ -345,6 +345,9 @@ private:
virtual bool RecvGetRandomValues(const uint32_t& length,
InfallibleTArray<uint8_t>* randomValues);
virtual bool RecvIsSecureURI(const uint32_t& type, const URIParams& uri,
const uint32_t& flags, bool* isSecureURI);
virtual bool DeallocPHalParent(PHalParent*) MOZ_OVERRIDE;
virtual bool DeallocPIndexedDBParent(PIndexedDBParent* aActor);

3
dom/ipc/PContent.ipdl
View File

@ -355,6 +355,9 @@ parent:
sync GetRandomValues(uint32_t length)
returns (uint8_t[] randomValues);
sync IsSecureURI(uint32_t type, URIParams uri, uint32_t flags)
returns (bool isSecureURI);
PHal();
PIndexedDB();

6
security/manager/boot/src/nsSiteSecurityService.cpp
View File

@ -20,6 +20,7 @@
#include "mozilla/Preferences.h"
#include "mozilla/LinkedList.h"
#include "nsSecurityHeaderParser.h"
#include "nsXULAppAPI.h"
// A note about the preload list:
// When a site specifically disables sts by sending a header with
@ -87,6 +88,11 @@ NS_IMPL_ISUPPORTS2(nsSiteSecurityService,
nsresult
nsSiteSecurityService::Init()
{
// Child processes are not allowed direct access to this.
if (XRE_GetProcessType() != GeckoProcessType_Default) {
MOZ_CRASH("Child process: no direct access to nsSiteSecurityService");
}
nsresult rv;
mPermMgr = do_GetService(NS_PERMISSIONMANAGER_CONTRACTID, &rv);