mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-26 06:11:37 +00:00
bug 948574 - remote nsISiteSecurityService::IsSecureURI r=bz
This commit is contained in:
parent
4160c2d1c0
commit
12478c7858
@ -21,6 +21,7 @@
|
||||
#include "mozilla/Telemetry.h"
|
||||
#include "mozilla/unused.h"
|
||||
#include "mozilla/VisualEventTracer.h"
|
||||
#include "URIUtils.h"
|
||||
|
||||
#ifdef MOZ_LOGGING
|
||||
// so we can get logging even in release builds (but only for some things)
|
||||
@ -4447,16 +4448,24 @@ nsDocShell::DisplayLoadError(nsresult aError, nsIURI *aURI,
|
||||
|
||||
// if this is a Strict-Transport-Security host and the cert
|
||||
// is bad, don't allow overrides (STS Spec section 7.3).
|
||||
uint32_t type = nsISiteSecurityService::HEADER_HSTS;
|
||||
uint32_t flags = mInPrivateBrowsing
|
||||
? nsISocketProvider::NO_PERMANENT_STORAGE
|
||||
: 0;
|
||||
bool isStsHost = false;
|
||||
if (XRE_GetProcessType() == GeckoProcessType_Default) {
|
||||
nsCOMPtr<nsISiteSecurityService> sss =
|
||||
do_GetService(NS_SSSERVICE_CONTRACTID, &rv);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
uint32_t flags =
|
||||
mInPrivateBrowsing ? nsISocketProvider::NO_PERMANENT_STORAGE : 0;
|
||||
|
||||
bool isStsHost = false;
|
||||
rv = sss->IsSecureURI(nsISiteSecurityService::HEADER_HSTS,
|
||||
aURI, flags, &isStsHost);
|
||||
rv = sss->IsSecureURI(type, aURI, flags, &isStsHost);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
} else {
|
||||
mozilla::dom::ContentChild* cc =
|
||||
mozilla::dom::ContentChild::GetSingleton();
|
||||
mozilla::ipc::URIParams uri;
|
||||
SerializeURI(aURI, uri);
|
||||
cc->SendIsSecureURI(type, uri, flags, &isStsHost);
|
||||
}
|
||||
|
||||
uint32_t bucketId;
|
||||
if (isStsHost) {
|
||||
|
@ -76,6 +76,7 @@
|
||||
#include "nsIPresShell.h"
|
||||
#include "nsIRemoteBlob.h"
|
||||
#include "nsIScriptError.h"
|
||||
#include "nsISiteSecurityService.h"
|
||||
#include "nsIStyleSheet.h"
|
||||
#include "nsISupportsPrimitives.h"
|
||||
#include "nsIURIFixup.h"
|
||||
@ -2722,6 +2723,24 @@ ContentParent::RecvGetRandomValues(const uint32_t& length,
|
||||
return true;
|
||||
}
|
||||
|
||||
bool
|
||||
ContentParent::RecvIsSecureURI(const uint32_t& type,
|
||||
const URIParams& uri,
|
||||
const uint32_t& flags,
|
||||
bool* isSecureURI)
|
||||
{
|
||||
nsCOMPtr<nsISiteSecurityService> sss(do_GetService(NS_SSSERVICE_CONTRACTID));
|
||||
if (!sss) {
|
||||
return false;
|
||||
}
|
||||
nsCOMPtr<nsIURI> ourURI = DeserializeURI(uri);
|
||||
if (!ourURI) {
|
||||
return false;
|
||||
}
|
||||
nsresult rv = sss->IsSecureURI(type, ourURI, flags, isSecureURI);
|
||||
return NS_SUCCEEDED(rv);
|
||||
}
|
||||
|
||||
bool
|
||||
ContentParent::RecvLoadURIExternal(const URIParams& uri)
|
||||
{
|
||||
|
@ -345,6 +345,9 @@ private:
|
||||
virtual bool RecvGetRandomValues(const uint32_t& length,
|
||||
InfallibleTArray<uint8_t>* randomValues);
|
||||
|
||||
virtual bool RecvIsSecureURI(const uint32_t& type, const URIParams& uri,
|
||||
const uint32_t& flags, bool* isSecureURI);
|
||||
|
||||
virtual bool DeallocPHalParent(PHalParent*) MOZ_OVERRIDE;
|
||||
|
||||
virtual bool DeallocPIndexedDBParent(PIndexedDBParent* aActor);
|
||||
|
@ -355,6 +355,9 @@ parent:
|
||||
sync GetRandomValues(uint32_t length)
|
||||
returns (uint8_t[] randomValues);
|
||||
|
||||
sync IsSecureURI(uint32_t type, URIParams uri, uint32_t flags)
|
||||
returns (bool isSecureURI);
|
||||
|
||||
PHal();
|
||||
|
||||
PIndexedDB();
|
||||
|
@ -20,6 +20,7 @@
|
||||
#include "mozilla/Preferences.h"
|
||||
#include "mozilla/LinkedList.h"
|
||||
#include "nsSecurityHeaderParser.h"
|
||||
#include "nsXULAppAPI.h"
|
||||
|
||||
// A note about the preload list:
|
||||
// When a site specifically disables sts by sending a header with
|
||||
@ -87,6 +88,11 @@ NS_IMPL_ISUPPORTS2(nsSiteSecurityService,
|
||||
nsresult
|
||||
nsSiteSecurityService::Init()
|
||||
{
|
||||
// Child processes are not allowed direct access to this.
|
||||
if (XRE_GetProcessType() != GeckoProcessType_Default) {
|
||||
MOZ_CRASH("Child process: no direct access to nsSiteSecurityService");
|
||||
}
|
||||
|
||||
nsresult rv;
|
||||
|
||||
mPermMgr = do_GetService(NS_PERMISSIONMANAGER_CONTRACTID, &rv);
|
||||
|
Loading…
Reference in New Issue
Block a user