Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-27 23:02:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1740420 - Improve sandbox error message when accessing storages. r=saschanaz

Browse Source 
Differential Revision: https://phabricator.services.mozilla.com/D150255
This commit is contained in:
Tom Schuster 2022-07-15 16:33:46 +00:00
parent a66815a252
commit 3400605cfd
2 changed files with 23 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
dom/base/Document.cpp
View File

@ -6462,7 +6462,7 @@ void Document::GetReferrer(nsAString& aReferrer) const {
CopyUTF8toUTF16(uri, aReferrer);
}
void Document::GetCookie(nsAString& aCookie, ErrorResult& rv) {
void Document::GetCookie(nsAString& aCookie, ErrorResult& aRv) {
aCookie.Truncate(); // clear current cookie in case service fails;
// no cookie isn't an error condition.
@ -6470,10 +6470,12 @@ void Document::GetCookie(nsAString& aCookie, ErrorResult& rv) {
return;
}
// If the document's sandboxed origin flag is set, access to read cookies
// If the document's sandboxed origin flag is set, then reading cookies
// is prohibited.
if (mSandboxFlags & SANDBOXED_ORIGIN) {
rv.Throw(NS_ERROR_DOM_SECURITY_ERR);
aRv.ThrowSecurityError(
"Forbidden in a sandboxed document without the 'allow-same-origin' "
"flag.");
return;
}
@ -6509,10 +6511,12 @@ void Document::SetCookie(const nsAString& aCookie, ErrorResult& aRv) {
return;
}
// If the document's sandboxed origin flag is set, access to write cookies
// If the document's sandboxed origin flag is set, then setting cookies
// is prohibited.
if (mSandboxFlags & SANDBOXED_ORIGIN) {
aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
aRv.ThrowSecurityError(
"Forbidden in a sandboxed document without the 'allow-same-origin' "
"flag.");
return;
}

17
dom/base/nsGlobalWindowInner.cpp
View File

@ -4829,15 +4829,17 @@ Storage* nsGlobalWindowInner::GetSessionStorage(ErrorResult& aError) {
}
}
// If the document has the sandboxed origin flag set
// don't allow access to sessionStorage.
if (!mDoc) {
aError.Throw(NS_ERROR_FAILURE);
return nullptr;
}
// If the document's sandboxed origin flag is set, then accessing
// sessionStorage is prohibited.
if (mDoc->GetSandboxFlags() & SANDBOXED_ORIGIN) {
aError.Throw(NS_ERROR_DOM_SECURITY_ERR);
aError.ThrowSecurityError(
"Forbidden in a sandboxed document without the 'allow-same-origin' "
"flag.");
return nullptr;
}
@ -4924,6 +4926,15 @@ Storage* nsGlobalWindowInner::GetLocalStorage(ErrorResult& aError) {
return nullptr;
}
// If the document's sandboxed origin flag is set, then accessing localStorage
// is prohibited.
if (mDoc && mDoc->GetSandboxFlags() & SANDBOXED_ORIGIN) {
aError.ThrowSecurityError(
"Forbidden in a sandboxed document without the 'allow-same-origin' "
"flag.");
return nullptr;
}
// LocalStorage needs to be exposed in every context except for sandboxes and
// NullPrincipals (data: URLs, for instance). But we need to keep data
// separate in some scenarios: private-browsing and partitioned trackers.