Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2025-02-26 20:30:41 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1533877 - Frame navigations should check their parent's Cross-Origin policy r=nika

Browse Source 
Differential Revision: https://phabricator.services.mozilla.com/D32972

--HG--
extra : moz-landing-system : lando
This commit is contained in:
Valentin Gosu 2019-06-04 12:24:56 +00:00
parent 75e7f43f76
commit 2c2ccd2797
4 changed files with 10 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docshell/base/BrowsingContext.cpp
View File

@ -116,11 +116,13 @@ already_AddRefed<BrowsingContext> BrowsingContext::Create(
// using transactions to set them, as we haven't been attached yet.
context->mName = aName;
context->mOpenerId = aOpener ? aOpener->Id() : 0;
context->mCrossOriginPolicy = nsILoadInfo::CROSS_ORIGIN_POLICY_NULL;
context->mInheritedCrossOriginPolicy = nsILoadInfo::CROSS_ORIGIN_POLICY_NULL;
BrowsingContext* inherit = aParent ? aParent : aOpener;
if (inherit) {
context->mOpenerPolicy = inherit->mOpenerPolicy;
context->mCrossOriginPolicy = inherit->mCrossOriginPolicy;
context->mInheritedCrossOriginPolicy = inherit->mCrossOriginPolicy;
}
Register(context);

1
docshell/base/BrowsingContextFieldList.h
View File

@ -17,6 +17,7 @@
MOZ_BC_FIELD_RACY(Name, nsString)
MOZ_BC_FIELD_RACY(Closed, bool)
MOZ_BC_FIELD(CrossOriginPolicy, nsILoadInfo::CrossOriginPolicy)
MOZ_BC_FIELD(InheritedCrossOriginPolicy, nsILoadInfo::CrossOriginPolicy)
MOZ_BC_FIELD(OpenerPolicy, nsILoadInfo::CrossOriginOpenerPolicy)
// The current opener for this BrowsingContext. This is a weak reference, and

3
netwerk/protocol/http/nsHttpChannel.cpp
View File

@ -7517,7 +7517,8 @@ nsresult nsHttpChannel::ProcessCrossOriginHeader() {
return NS_OK;
}
nsILoadInfo::CrossOriginPolicy documentPolicy = ctx->GetCrossOriginPolicy();
nsILoadInfo::CrossOriginPolicy documentPolicy =
ctx->GetInheritedCrossOriginPolicy();
nsILoadInfo::CrossOriginPolicy resultPolicy =
nsILoadInfo::CROSS_ORIGIN_POLICY_NULL;
rv = GetResponseCrossOriginPolicy(&resultPolicy);

8
testing/web-platform/tests/html/cross-origin/null.tentative.html
View File

@ -23,13 +23,13 @@ async_test(t => {
});
t.step_timeout(() => {
assert_equals(firstNavOk, true, "The initial load should work");
assert_equals(frame.contentDocument, null, "Navigation to null policy should fail");
assert_not_equals(frame.contentDocument, null, "Navigation to null policy should fail");
t.done();
}, 500);
frame.src = "resources/navigate_anonymous.sub.html?to=/common/blank.html";
document.body.append(frame);
assert_equals(frame.contentDocument.body.localName, "body");
}, "Top-level with null policy: navigating a frame from use-credentials policy to a null policy should fail.");
}, "Top-level with null policy: parent policy should apply to frame navigation from use-credentials policy to a null. Should succeed.");
async_test(t => {
const frame = document.createElement("iframe");
@ -40,13 +40,13 @@ async_test(t => {
});
t.step_timeout(() => {
assert_equals(firstNavOk, true, "The initial load should work");
assert_equals(frame.contentDocument, null, "Navigation to null policy should fail");
assert_not_equals(frame.contentDocument, null, "Navigation to null policy should fail");
t.done();
}, 500);
frame.src = "resources/navigate_anonymous.sub.html?to=/common/blank.html";
document.body.append(frame);
assert_equals(frame.contentDocument.body.localName, "body");
}, "Top-level with null policy: navigating a frame from anonymous policy to a null policy should fail.");
}, "Top-level with null policy: parent policy should apply to frame navigation from anonymous policy to a null. Should succeed.");
async_test(t => {
let w = window.open(`resources/navigate_null.sub.html?to=navigate_anonymous.sub.html`, "window_name");