mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-25 13:51:41 +00:00
bug 394390: Don't report bogus warnings to the error console when using cross-site xmlhttprequest. Patch by Surya Ismail <suryaismail@gmail.com>, r/sr=sicking
This commit is contained in:
parent
f741f925e7
commit
4c1a3910ac
@ -284,9 +284,12 @@ interface nsIScriptSecurityManager : nsIXPCSecurityManager
|
||||
/**
|
||||
* Returns OK if aSourceURI and target have the same "origin"
|
||||
* (scheme, host, and port).
|
||||
* ReportError flag suppresses error reports for functions that
|
||||
* don't need reporting.
|
||||
*/
|
||||
void checkSameOriginURI(in nsIURI aSourceURI,
|
||||
in nsIURI aTargetURI);
|
||||
in nsIURI aTargetURI,
|
||||
in boolean reportError);
|
||||
|
||||
/**
|
||||
* Returns OK if aSourcePrincipal and aTargetPrincipal
|
||||
|
@ -676,12 +676,15 @@ nsScriptSecurityManager::CheckSameOrigin(JSContext* cx,
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsScriptSecurityManager::CheckSameOriginURI(nsIURI* aSourceURI,
|
||||
nsIURI* aTargetURI)
|
||||
nsIURI* aTargetURI,
|
||||
PRBool reportError)
|
||||
{
|
||||
if (!SecurityCompareURIs(aSourceURI, aTargetURI))
|
||||
{
|
||||
ReportError(nsnull, NS_LITERAL_STRING("CheckSameOriginError"),
|
||||
if (reportError) {
|
||||
ReportError(nsnull, NS_LITERAL_STRING("CheckSameOriginError"),
|
||||
aSourceURI, aTargetURI);
|
||||
}
|
||||
return NS_ERROR_DOM_BAD_URI;
|
||||
}
|
||||
return NS_OK;
|
||||
|
@ -3643,7 +3643,7 @@ nsContentUtils::CheckSecurityBeforeLoad(nsIURI* aURIToLoad,
|
||||
nsCOMPtr<nsIURI> loadingURI;
|
||||
rv = aLoadingPrincipal->GetURI(getter_AddRefs(loadingURI));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
return sSecurityManager->CheckSameOriginURI(loadingURI, aURIToLoad);
|
||||
return sSecurityManager->CheckSameOriginURI(loadingURI, aURIToLoad, PR_TRUE);
|
||||
}
|
||||
|
||||
/* static */
|
||||
|
@ -134,7 +134,7 @@ nsCrossSiteListenerProxy::OnStartRequest(nsIRequest* aRequest,
|
||||
nsCOMPtr<nsIURI> finalURI;
|
||||
channel->GetURI(getter_AddRefs(finalURI));
|
||||
rv = nsContentUtils::GetSecurityManager()->
|
||||
CheckSameOriginURI(mRequestingURI, finalURI);
|
||||
CheckSameOriginURI(mRequestingURI, finalURI, PR_FALSE);
|
||||
if (NS_SUCCEEDED(rv)) {
|
||||
mAcceptState = eAccept;
|
||||
return ForwardRequest(PR_FALSE);
|
||||
|
@ -194,7 +194,7 @@ nsSyncLoader::LoadDocument(nsIChannel* aChannel,
|
||||
nsIScriptSecurityManager::STANDARD);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
rv = securityManager->CheckSameOriginURI(aLoaderURI, docURI);
|
||||
rv = securityManager->CheckSameOriginURI(aLoaderURI, docURI, PR_TRUE);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
}
|
||||
|
||||
@ -378,7 +378,7 @@ nsSyncLoader::OnChannelRedirect(nsIChannel *aOldChannel,
|
||||
nsIScriptSecurityManager *securityManager =
|
||||
nsContentUtils::GetSecurityManager();
|
||||
|
||||
rv = securityManager->CheckSameOriginURI(oldURI, newURI);
|
||||
rv = securityManager->CheckSameOriginURI(oldURI, newURI, PR_TRUE);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
mChannel = aNewChannel;
|
||||
|
@ -1150,7 +1150,8 @@ IsSameOrigin(nsIPrincipal* aPrincipal, nsIChannel* aChannel)
|
||||
rv = aChannel->GetURI(getter_AddRefs(channelURI));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
rv = nsContentUtils::GetSecurityManager()->CheckSameOriginURI(codebase, channelURI);
|
||||
rv = nsContentUtils::GetSecurityManager()->
|
||||
CheckSameOriginURI(codebase, channelURI, PR_FALSE);
|
||||
return NS_SUCCEEDED(rv);
|
||||
}
|
||||
|
||||
|
@ -1111,7 +1111,7 @@ nsSameOriginChecker::OnChannelRedirect(nsIChannel *aOldChannel,
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
return nsContentUtils::GetSecurityManager()->
|
||||
CheckSameOriginURI(oldURI, newURI);
|
||||
CheckSameOriginURI(oldURI, newURI, PR_TRUE);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
|
@ -756,7 +756,7 @@ nsXMLContentSink::ProcessStyleLink(nsIContent* aElement,
|
||||
nsIScriptSecurityManager::ALLOW_CHROME);
|
||||
NS_ENSURE_SUCCESS(rv, NS_OK);
|
||||
|
||||
rv = secMan->CheckSameOriginURI(mDocumentURI, url);
|
||||
rv = secMan->CheckSameOriginURI(mDocumentURI, url, PR_TRUE);
|
||||
NS_ENSURE_SUCCESS(rv, NS_OK);
|
||||
|
||||
// Do content policy check
|
||||
|
@ -393,7 +393,7 @@ txStylesheetSink::OnChannelRedirect(nsIChannel *aOldChannel,
|
||||
rv = aNewChannel->GetURI(getter_AddRefs(newURI)); // The new URI
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
return secMan->CheckSameOriginURI(oldURI, newURI);
|
||||
return secMan->CheckSameOriginURI(oldURI, newURI, PR_TRUE);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
|
@ -2608,7 +2608,7 @@ nsXULDocument::LoadOverlayInternal(nsIURI* aURI, PRBool aIsDynamic,
|
||||
PRBool overlayIsChrome = IsChromeURI(aURI);
|
||||
if (!IsChromeURI(mDocumentURI) && !overlayIsChrome) {
|
||||
// Make sure we're allowed to load this overlay.
|
||||
rv = secMan->CheckSameOriginURI(mDocumentURI, aURI);
|
||||
rv = secMan->CheckSameOriginURI(mDocumentURI, aURI, PR_TRUE);
|
||||
if (NS_FAILED(rv)) {
|
||||
*aFailureFromContent = PR_TRUE;
|
||||
return rv;
|
||||
|
@ -427,7 +427,7 @@ NS_ScriptErrorReporter(JSContext *cx,
|
||||
// URIs. See bug 387476.
|
||||
sameOrigin =
|
||||
NS_SUCCEEDED(sSecurityManager->
|
||||
CheckSameOriginURI(errorURI, codebase));
|
||||
CheckSameOriginURI(errorURI, codebase, PR_TRUE));
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1161,7 +1161,8 @@ FullTrustSecMan::CheckSameOrigin(JSContext * aJSContext, nsIURI *aTargetURI)
|
||||
|
||||
/* void checkSameOriginURI (in nsIURI aSourceURI, in nsIURI aTargetURI); */
|
||||
NS_IMETHODIMP
|
||||
FullTrustSecMan::CheckSameOriginURI(nsIURI *aSourceURI, nsIURI *aTargetURI)
|
||||
FullTrustSecMan::CheckSameOriginURI(nsIURI *aSourceURI, nsIURI *aTargetURI,
|
||||
PRBool reportError)
|
||||
{
|
||||
return NS_OK;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user