Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-09 19:35:51 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1104623 - Inherit security flags if channel already has a loadinfo attached in NS_NewChannel (r=bz,sworkman)

Browse Source
This commit is contained in:
Christoph Kerschbaumer 2014-12-07 19:53:33 -08:00
parent 9a56a97e41
commit 208f069325
3 changed files with 65 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docshell/base/LoadInfo.cpp
View File

@ -122,4 +122,10 @@ LoadInfo::GetBaseURI(nsIURI** aBaseURI)
return NS_OK;
}
nsIURI*
LoadInfo::BaseURI()
{
return mBaseURI;
}
} // namespace mozilla

12
docshell/base/nsILoadInfo.idl
View File

@ -17,7 +17,7 @@ typedef unsigned long nsSecurityFlags;
/**
* An nsILoadOwner represents per-load information about who started the load.
*/
[scriptable, builtinclass, uuid(da363267-236d-49bf-83a2-33da8d892728)]
[scriptable, builtinclass, uuid(768a1f20-57d4-462a-812a-41c04e5d1e19)]
interface nsILoadInfo : nsISupports
{
/**
@ -156,7 +156,7 @@ interface nsILoadInfo : nsISupports
* The contentPolicyType of the channel, used for security checks
* like Mixed Content Blocking and Content Security Policy.
*/
readonly attribute nsContentPolicyType contentPolicyType;
readonly attribute nsContentPolicyType contentPolicyType;
%{ C++
inline nsContentPolicyType GetContentPolicyType()
@ -173,5 +173,11 @@ interface nsILoadInfo : nsISupports
* This attribute may be null. The value of this attribute may be
* ignored if the base URI can be inferred by the channel's URI.
*/
readonly attribute nsIURI baseURI;
readonly attribute nsIURI baseURI;
/**
* A C++-friendly version of baseURI.
*/
[noscript, notxpcom, nostdcall, binaryname(BaseURI)]
nsIURI binaryBaseURI();
};

74
netwerk/base/public/nsNetUtil.h
View File

@ -200,13 +200,17 @@ NS_NewFileURI(nsIURI* *result,
inline nsresult
NS_NewChannelInternal(nsIChannel** outChannel,
nsIURI* aUri,
nsILoadInfo* aLoadInfo,
nsINode* aRequestingNode,
nsIPrincipal* aRequestingPrincipal,
nsIPrincipal* aTriggeringPrincipal,
nsSecurityFlags aSecurityFlags,
nsContentPolicyType aContentPolicyType,
nsIURI* aBaseURI = nullptr,
nsILoadGroup* aLoadGroup = nullptr,
nsIInterfaceRequestor* aCallbacks = nullptr,
nsLoadFlags aLoadFlags = nsIRequest::LOAD_NORMAL,
nsIIOService* aIoService = nullptr)
{
NS_ASSERTION(aLoadInfo, "Can not create channel without aLoadInfo!");
NS_ENSURE_ARG_POINTER(outChannel);
nsCOMPtr<nsIIOService> grip;
@ -234,11 +238,31 @@ NS_NewChannelInternal(nsIChannel** outChannel,
rv = channel->SetLoadFlags(aLoadFlags | (normalLoadFlags & nsIChannel::LOAD_REPLACE));
NS_ENSURE_SUCCESS(rv, rv);
}
channel->SetLoadInfo(aLoadInfo);
// Some channels might already have a loadInfo attached at this
// point (see bug 1104623). We have to make sure to update
// security flags in such cases before we set the loadinfo.
// Once bug 1087442 lands, this problem disappears because we
// attach the loadinfo in each individual protocol handler.
nsCOMPtr<nsILoadInfo> loadInfo;
channel->GetLoadInfo(getter_AddRefs(loadInfo));
if (loadInfo) {
aSecurityFlags |= loadInfo->GetSecurityFlags();
}
// create a new Loadinfo with the potentially updated securityFlags
loadInfo =
new mozilla::LoadInfo(aRequestingPrincipal, aTriggeringPrincipal,
aRequestingNode, aSecurityFlags,
aContentPolicyType, aBaseURI);
if (!loadInfo) {
return NS_ERROR_UNEXPECTED;
}
channel->SetLoadInfo(loadInfo);
// If we're sandboxed, make sure to clear any owner the channel
// might already have.
if (aLoadInfo->GetLoadingSandboxed()) {
if (loadInfo->GetLoadingSandboxed()) {
channel->SetOwner(nullptr);
}
@ -249,31 +273,27 @@ NS_NewChannelInternal(nsIChannel** outChannel,
inline nsresult
NS_NewChannelInternal(nsIChannel** outChannel,
nsIURI* aUri,
nsINode* aRequestingNode,
nsIPrincipal* aRequestingPrincipal,
nsIPrincipal* aTriggeringPrincipal,
nsSecurityFlags aSecurityFlags,
nsContentPolicyType aContentPolicyType,
nsILoadInfo* aLoadInfo,
nsILoadGroup* aLoadGroup = nullptr,
nsIInterfaceRequestor* aCallbacks = nullptr,
nsLoadFlags aLoadFlags = nsIRequest::LOAD_NORMAL,
nsIIOService* aIoService = nullptr)
{
NS_ASSERTION(aRequestingPrincipal, "Can not create channel without a requesting Principal!");
nsCOMPtr<nsILoadInfo> loadInfo =
new mozilla::LoadInfo(aRequestingPrincipal, aTriggeringPrincipal,
aRequestingNode, aSecurityFlags, aContentPolicyType);
if (!loadInfo) {
return NS_ERROR_UNEXPECTED;
}
return NS_NewChannelInternal(outChannel,
aUri,
loadInfo,
aLoadGroup,
aCallbacks,
aLoadFlags,
aIoService);
MOZ_ASSERT(aLoadInfo, "Can not create a channel without a loadInfo");
nsresult rv = NS_NewChannelInternal(outChannel,
aUri,
aLoadInfo->LoadingNode(),
aLoadInfo->LoadingPrincipal(),
aLoadInfo->TriggeringPrincipal(),
aLoadInfo->GetSecurityFlags(),
aLoadInfo->GetContentPolicyType(),
aLoadInfo->BaseURI(),
aLoadGroup,
aCallbacks,
aLoadFlags,
aIoService);
NS_ENSURE_SUCCESS(rv, rv);
return NS_OK;
}
inline nsresult /*NS_NewChannelWithNodeAndTriggeringPrincipal */
@ -297,6 +317,7 @@ NS_NewChannelWithTriggeringPrincipal(nsIChannel** outChannel,
aTriggeringPrincipal,
aSecurityFlags,
aContentPolicyType,
nullptr, // aBaseURI
aLoadGroup,
aCallbacks,
aLoadFlags,
@ -323,6 +344,7 @@ NS_NewChannelWithTriggeringPrincipal(nsIChannel** outChannel,
aTriggeringPrincipal,
aSecurityFlags,
aContentPolicyType,
nullptr, // aBaseURI
aLoadGroup,
aCallbacks,
aLoadFlags,
@ -348,6 +370,7 @@ NS_NewChannel(nsIChannel** outChannel,
nullptr, // aTriggeringPrincipal
aSecurityFlags,
aContentPolicyType,
nullptr, // aBaseURI
aLoadGroup,
aCallbacks,
aLoadFlags,
@ -372,6 +395,7 @@ NS_NewChannel(nsIChannel** outChannel,
nullptr, // aTriggeringPrincipal
aSecurityFlags,
aContentPolicyType,
nullptr, // aBaseURI
aLoadGroup,
aCallbacks,
aLoadFlags,
@ -406,6 +430,7 @@ NS_OpenURIInternal(nsIInputStream** outStream,
aTriggeringPrincipal,
aSecurityFlags,
aContentPolicyType,
nullptr, // aBaseURI
aLoadGroup,
aCallbacks,
aLoadFlags,
@ -962,6 +987,7 @@ NS_NewStreamLoaderInternal(nsIStreamLoader** outStream,
nullptr, // aTriggeringPrincipal
aSecurityFlags,
aContentPolicyType,
nullptr, // aBaseURI
aLoadGroup,
aCallbacks,
aLoadFlags);