mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-08 02:14:43 +00:00
Bug 1031658 - [CSP] Fix userpass removal in PermitsAncestry() and properly handle PermitsAncestry() failures. (r=bz)
This commit is contained in:
parent
72193be0b0
commit
35050325e5
@ -971,13 +971,9 @@ nsCSPContext::AsyncReportViolation(nsISupports* aBlockedContentSource,
|
||||
* In order to determine the URI of the parent document (one causing the load
|
||||
* of this protected document), this function obtains the docShellTreeItem,
|
||||
* then walks up the hierarchy until it finds a privileged (chrome) tree item.
|
||||
* Getting the parent's URI looks like this in pseudocode:
|
||||
* Getting the a tree item's URI looks like this in pseudocode:
|
||||
*
|
||||
* nsIDocShell->QI(nsIInterfaceRequestor)
|
||||
* ->GI(nsIDocShellTreeItem)
|
||||
* ->QI(nsIInterfaceRequestor)
|
||||
* ->GI(nsIWebNavigation)
|
||||
* ->GetCurrentURI();
|
||||
* nsIDocShellTreeItem->GetDocument()->GetDocumentURI();
|
||||
*
|
||||
* aDocShell is the docShell for the protected document.
|
||||
*/
|
||||
@ -999,21 +995,18 @@ nsCSPContext::PermitsAncestry(nsIDocShell* aDocShell, bool* outPermitsAncestry)
|
||||
nsCOMPtr<nsIInterfaceRequestor> ir(do_QueryInterface(aDocShell));
|
||||
nsCOMPtr<nsIDocShellTreeItem> treeItem(do_GetInterface(ir));
|
||||
nsCOMPtr<nsIDocShellTreeItem> parentTreeItem;
|
||||
nsCOMPtr<nsIWebNavigation> webNav;
|
||||
nsCOMPtr<nsIURI> currentURI;
|
||||
nsCOMPtr<nsIURI> uriClone;
|
||||
|
||||
// iterate through each docShell parent item
|
||||
while (NS_SUCCEEDED(treeItem->GetParent(getter_AddRefs(parentTreeItem))) &&
|
||||
parentTreeItem != nullptr) {
|
||||
ir = do_QueryInterface(parentTreeItem);
|
||||
NS_ASSERTION(ir, "Could not QI docShellTreeItem to nsIInterfaceRequestor");
|
||||
|
||||
webNav = do_GetInterface(ir);
|
||||
NS_ENSURE_TRUE(webNav, NS_ERROR_FAILURE);
|
||||
nsIDocument* doc = parentTreeItem->GetDocument();
|
||||
NS_ASSERTION(doc, "Could not get nsIDocument from nsIDocShellTreeItem in nsCSPContext::PermitsAncestry");
|
||||
NS_ENSURE_TRUE(doc, NS_ERROR_FAILURE);
|
||||
|
||||
rv = webNav->GetCurrentURI(getter_AddRefs(currentURI));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
currentURI = doc->GetDocumentURI();
|
||||
|
||||
if (currentURI) {
|
||||
// stop when reaching chrome
|
||||
@ -1025,8 +1018,11 @@ nsCSPContext::PermitsAncestry(nsIDocShell* aDocShell, bool* outPermitsAncestry)
|
||||
// delete the userpass from the URI.
|
||||
rv = currentURI->CloneIgnoringRef(getter_AddRefs(uriClone));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
rv = uriClone->SetUserPass(EmptyCString());
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
// We don't care if this succeeds, just want to delete a userpass if
|
||||
// there was one.
|
||||
uriClone->SetUserPass(EmptyCString());
|
||||
|
||||
#ifdef PR_LOGGING
|
||||
{
|
||||
nsAutoCString spec;
|
||||
|
@ -2826,9 +2826,8 @@ nsDocument::InitCSP(nsIChannel* aChannel)
|
||||
|
||||
// PermitsAncestry sends violation reports when necessary
|
||||
rv = csp->PermitsAncestry(docShell, &safeAncestry);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
if (!safeAncestry) {
|
||||
if (NS_FAILED(rv) || !safeAncestry) {
|
||||
#ifdef PR_LOGGING
|
||||
PR_LOG(gCspPRLog, PR_LOG_DEBUG,
|
||||
("CSP doesn't like frame's ancestry, not loading."));
|
||||
|
Loading…
Reference in New Issue
Block a user