Bug 1583700 - Pass the loading context of the cspToInherit when deserializing LoadInfo, since this isn't necessarily the same as the loading context of the LoadInfo. r=ckerschb

Depends on D47358 Differential Revision: https://phabricator.services.mozilla.com/D47406 --HG-- extra : moz-landing-system : lando
2024-10-08 10:44:56 +00:00 · 2019-10-22 01:03:10 +00:00 · 2019-10-22 01:03:10 +00:00 · 2d5171571e
commit 2d5171571e
parent 0976ef23a1
4 changed files with 44 additions and 23 deletions
--- a/ipc/glue/BackgroundUtils.cpp
+++ b/ipc/glue/BackgroundUtils.cpp
@ -598,13 +598,15 @@ nsresult LoadInfoToLoadInfoArgs(nsILoadInfo* aLoadInfo,
 nsresult LoadInfoArgsToLoadInfo(
    const Maybe<LoadInfoArgs>& aOptionalLoadInfoArgs,
    nsILoadInfo** outLoadInfo) {
-  return LoadInfoArgsToLoadInfo(aOptionalLoadInfoArgs, nullptr, outLoadInfo);
+  return LoadInfoArgsToLoadInfo(aOptionalLoadInfoArgs, nullptr, nullptr,
+                                outLoadInfo);
 }
 nsresult LoadInfoArgsToLoadInfo(
    const Maybe<LoadInfoArgs>& aOptionalLoadInfoArgs, nsINode* aLoadingContext,
-    nsILoadInfo** outLoadInfo) {
+    nsINode* aCspToInheritLoadingContext, nsILoadInfo** outLoadInfo) {
  RefPtr<LoadInfo> loadInfo;
  nsresult rv = LoadInfoArgsToLoadInfo(aOptionalLoadInfoArgs, aLoadingContext,
+                                       aCspToInheritLoadingContext,
                                       getter_AddRefs(loadInfo));
  NS_ENSURE_SUCCESS(rv, rv);

@ -614,11 +616,12 @@ nsresult LoadInfoArgsToLoadInfo(

 nsresult LoadInfoArgsToLoadInfo(
    const Maybe<LoadInfoArgs>& aOptionalLoadInfoArgs, LoadInfo** outLoadInfo) {
-  return LoadInfoArgsToLoadInfo(aOptionalLoadInfoArgs, nullptr, outLoadInfo);
+  return LoadInfoArgsToLoadInfo(aOptionalLoadInfoArgs, nullptr, nullptr,
+                                outLoadInfo);
 }
 nsresult LoadInfoArgsToLoadInfo(
    const Maybe<LoadInfoArgs>& aOptionalLoadInfoArgs, nsINode* aLoadingContext,
-    LoadInfo** outLoadInfo) {
+    nsINode* aCspToInheritLoadingContext, LoadInfo** outLoadInfo) {
  if (aOptionalLoadInfoArgs.isNothing()) {
    *outLoadInfo = nullptr;
    return NS_OK;
@ -739,7 +742,7 @@ nsresult LoadInfoArgsToLoadInfo(
  Maybe<mozilla::ipc::CSPInfo> cspToInheritInfo =
      loadInfoArgs.cspToInheritInfo();
  if (cspToInheritInfo.isSome()) {
-    nsCOMPtr<Document> doc = do_QueryInterface(aLoadingContext);
+    nsCOMPtr<Document> doc = do_QueryInterface(aCspToInheritLoadingContext);
    cspToInherit = CSPInfoToCSP(cspToInheritInfo.ref(), doc);
  }

--- a/ipc/glue/BackgroundUtils.h
+++ b/ipc/glue/BackgroundUtils.h
@ -136,13 +136,15 @@ nsresult LoadInfoArgsToLoadInfo(
    nsILoadInfo** outLoadInfo);
 nsresult LoadInfoArgsToLoadInfo(
    const Maybe<mozilla::net::LoadInfoArgs>& aOptionalLoadInfoArgs,
-    nsINode* aLoadingContext, nsILoadInfo** outLoadInfo);
+    nsINode* aLoadingContext, nsINode* aCspToInheritLoadingContext,
+    nsILoadInfo** outLoadInfo);
 nsresult LoadInfoArgsToLoadInfo(
    const Maybe<net::LoadInfoArgs>& aOptionalLoadInfoArgs,
    mozilla::net::LoadInfo** outLoadInfo);
 nsresult LoadInfoArgsToLoadInfo(
    const Maybe<net::LoadInfoArgs>& aOptionalLoadInfoArgs,
-    nsINode* aLoadingContext, mozilla::net::LoadInfo** outLoadInfo);
+    nsINode* aLoadingContext, nsINode* aCspToInheritLoadingContext,
+    mozilla::net::LoadInfo** outLoadInfo);

 /**
 * Fills ParentLoadInfoForwarderArgs with properties we want to carry to child
--- a/netwerk/base/LoadInfo.h
+++ b/netwerk/base/LoadInfo.h
@ -39,9 +39,10 @@ class LoadInfo;

 namespace ipc {
 // we have to forward declare that function so we can use it as a friend.
-nsresult LoadInfoArgsToLoadInfo(const Maybe<net::LoadInfoArgs>& aLoadInfoArgs,
-                                nsINode* aLoadingContext,
-                                net::LoadInfo** outLoadInfo);
+nsresult LoadInfoArgsToLoadInfo(
+    const Maybe<mozilla::net::LoadInfoArgs>& aLoadInfoArgs,
+    nsINode* aLoadingContext, nsINode* aCspToInheritLoadingContext,
+    net::LoadInfo** outLoadInfo);
 }  // namespace ipc

 namespace net {
@ -166,7 +167,8 @@ class LoadInfo final : public nsILoadInfo {

  friend nsresult mozilla::ipc::LoadInfoArgsToLoadInfo(
      const Maybe<mozilla::net::LoadInfoArgs>& aLoadInfoArgs,
-      nsINode* aLoadingContext, net::LoadInfo** outLoadInfo);
+      nsINode* aLoadingContext, nsINode* aCspToInheritLoadingContext,
+      net::LoadInfo** outLoadInfo);

  ~LoadInfo() = default;

--- a/netwerk/ipc/DocumentChannelChild.cpp
+++ b/netwerk/ipc/DocumentChannelChild.cpp
@ -22,6 +22,7 @@
 #include "nsQueryObject.h"
 #include "nsSerializationHelper.h"
 #include "nsStringStream.h"
+#include "mozilla/dom/nsCSPContext.h"

 using namespace mozilla::dom;
 using namespace mozilla::ipc;
@ -258,23 +259,28 @@ IPCResult DocumentChannelChild::RecvRedirectToRealChannel(
  RefPtr<dom::Document> loadingDocument;
  mLoadInfo->GetLoadingDocument(getter_AddRefs(loadingDocument));

-  nsCOMPtr<nsILoadInfo> loadInfo;
-  nsresult rv = LoadInfoArgsToLoadInfo(aLoadInfo, loadingDocument,
-                                       getter_AddRefs(loadInfo));
-  if (NS_FAILED(rv)) {
-    MOZ_DIAGNOSTIC_ASSERT(false, "LoadInfoArgsToLoadInfo failed");
-    return IPC_OK();
+  RefPtr<dom::Document> cspToInheritLoadingDocument;
+  nsCOMPtr<nsIContentSecurityPolicy> policy = mLoadInfo->GetCspToInherit();
+  if (policy) {
+    nsWeakPtr ctx =
+        static_cast<nsCSPContext*>(policy.get())->GetLoadingContext();
+    cspToInheritLoadingDocument = do_QueryReferent(ctx);
  }
+  nsCOMPtr<nsILoadInfo> loadInfo;
+  MOZ_ALWAYS_SUCCEEDS(LoadInfoArgsToLoadInfo(aLoadInfo, loadingDocument,
+                                             cspToInheritLoadingDocument,
+                                             getter_AddRefs(loadInfo)));

  mRedirects = std::move(aRedirects);
  mRedirectResolver = std::move(aResolve);

  nsCOMPtr<nsIChannel> newChannel;
-  rv = NS_NewChannelInternal(getter_AddRefs(newChannel), aURI, loadInfo,
-                             nullptr,     // PerformanceStorage
-                             mLoadGroup,  // aLoadGroup
-                             nullptr,     // aCallbacks
-                             aNewLoadFlags);
+  nsresult rv =
+      NS_NewChannelInternal(getter_AddRefs(newChannel), aURI, loadInfo,
+                            nullptr,     // PerformanceStorage
+                            mLoadGroup,  // aLoadGroup
+                            nullptr,     // aCallbacks
+                            aNewLoadFlags);

  RefPtr<HttpChannelChild> httpChild = do_QueryObject(newChannel);
  RefPtr<nsIChildChannel> childChannel = do_QueryObject(newChannel);
@ -408,8 +414,16 @@ IPCResult DocumentChannelChild::RecvConfirmRedirect(
  // This just checks CSP thus far, hopefully there's not much else needed.
  RefPtr<dom::Document> loadingDocument;
  mLoadInfo->GetLoadingDocument(getter_AddRefs(loadingDocument));
+  RefPtr<dom::Document> cspToInheritLoadingDocument;
+  nsCOMPtr<nsIContentSecurityPolicy> policy = mLoadInfo->GetCspToInherit();
+  if (policy) {
+    nsWeakPtr ctx =
+        static_cast<nsCSPContext*>(policy.get())->GetLoadingContext();
+    cspToInheritLoadingDocument = do_QueryReferent(ctx);
+  }
  nsCOMPtr<nsILoadInfo> loadInfo;
  MOZ_ALWAYS_SUCCEEDS(LoadInfoArgsToLoadInfo(Some(aLoadInfo), loadingDocument,
+                                             cspToInheritLoadingDocument,
                                             getter_AddRefs(loadInfo)));

  nsCOMPtr<nsIURI> originalUri;
@ -421,7 +435,7 @@ IPCResult DocumentChannelChild::RecvConfirmRedirect(
  }

  Maybe<nsresult> cancelCode;
-  rv = CSPService::ConsultCSPForRedirect(originalUri, aNewUri, loadInfo,
+  rv = CSPService::ConsultCSPForRedirect(originalUri, aNewUri, mLoadInfo,
                                         cancelCode);
  aResolve(Tuple<const nsresult&, const Maybe<nsresult>&>(rv, cancelCode));
  return IPC_OK();