mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-11 12:25:53 +00:00
Bug 1411646 prevent oauth redirect requests from happening, r=rpl
MozReview-Commit-ID: L8ekyXDeCbp --HG-- extra : rebase_source : 47b0e4a16c18cdc125d0af5d4749285f58f517e0
This commit is contained in:
parent
aedb2fa4c6
commit
4e6c5b003f
@ -63,26 +63,25 @@ const openOAuthWindow = (details, redirectURI) => {
|
||||
// If the user just closes the window we need to reject
|
||||
function unloadlistener() {
|
||||
window.removeEventListener("unload", unloadlistener);
|
||||
window.gBrowser.removeTabsProgressListener(wpl);
|
||||
window.gBrowser.removeProgressListener(wpl);
|
||||
reject({message: "User cancelled or denied access."});
|
||||
}
|
||||
|
||||
wpl = {
|
||||
onLocationChange(browser, webProgress, request, locationURI) {
|
||||
if (locationURI.spec.startsWith(redirectURI)) {
|
||||
resolve(locationURI.spec);
|
||||
onStateChange(progress, request, flags, status) {
|
||||
if (request instanceof Ci.nsIHttpChannel &&
|
||||
request.URI.spec.startsWith(redirectURI)) {
|
||||
request.cancel(Components.results.NS_BINDING_ABORTED);
|
||||
window.removeEventListener("unload", unloadlistener);
|
||||
window.gBrowser.removeTabsProgressListener(wpl);
|
||||
window.gBrowser.removeProgressListener(wpl);
|
||||
window.close();
|
||||
resolve(request.URI.spec);
|
||||
}
|
||||
},
|
||||
onProgressChange() {},
|
||||
onStatusChange() {},
|
||||
onSecurityChange() {},
|
||||
};
|
||||
|
||||
promiseDocumentLoaded(window.document).then(() => {
|
||||
window.gBrowser.addTabsProgressListener(wpl);
|
||||
window.gBrowser.addProgressListener(wpl);
|
||||
window.addEventListener("unload", unloadlistener);
|
||||
});
|
||||
});
|
||||
|
@ -144,6 +144,13 @@ function background_launchWebAuthFlow(interactive, path, redirect = true) {
|
||||
url = `${url}&no_redirect=1`;
|
||||
}
|
||||
|
||||
// Ensure we do not start the actual request for the redirect url.
|
||||
browser.webRequest.onBeforeRequest.addListener(details => {
|
||||
if (details.url.startsWith(expected_redirect)) {
|
||||
browser.test.fail("onBeforeRequest called for redirect url");
|
||||
}
|
||||
}, {urls: ["https://35b64b676900f491c00e7f618d43f7040e88422e.example.com/*"]});
|
||||
|
||||
browser.identity.launchWebAuthFlow({interactive, url}).then((redirectURL) => {
|
||||
browser.test.assertTrue(redirectURL.startsWith(redirect_uri), `correct redirect url ${redirectURL}`);
|
||||
if (redirect) {
|
||||
@ -172,8 +179,9 @@ add_task(async function test_autoRedirect() {
|
||||
},
|
||||
},
|
||||
"permissions": [
|
||||
"webRequest",
|
||||
"identity",
|
||||
"https://example.com/",
|
||||
"https://*.example.com/*",
|
||||
],
|
||||
},
|
||||
background: `(${background_launchWebAuthFlow})(false, "redirect_auto.sjs")`,
|
||||
@ -194,8 +202,9 @@ add_task(async function test_noRedirect() {
|
||||
},
|
||||
},
|
||||
"permissions": [
|
||||
"webRequest",
|
||||
"identity",
|
||||
"https://example.com/",
|
||||
"https://*.example.com/*",
|
||||
],
|
||||
},
|
||||
background: `(${background_launchWebAuthFlow})(false, "redirect_auto.sjs", false)`,
|
||||
@ -219,8 +228,9 @@ add_task(async function test_interaction() {
|
||||
},
|
||||
},
|
||||
"permissions": [
|
||||
"webRequest",
|
||||
"identity",
|
||||
"https://example.com/",
|
||||
"https://*.example.com/*",
|
||||
],
|
||||
},
|
||||
background: `(${background_launchWebAuthFlow})(true, "oauth.html")`,
|
||||
|
Loading…
Reference in New Issue
Block a user