mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-09 19:35:51 +00:00
Backed out changeset b3d1e9847a7a (bug 725490) for mochitest failures in dom/base/test/test_x-frame-options.html r=backout on a CLOSED TREE
This commit is contained in:
parent
0471643394
commit
513ba7660d
@ -78,11 +78,6 @@ FramingChecker::CheckOneFrameOptionsPolicy(nsIHttpChannel* aHttpChannel,
|
||||
MOZ_CRASH();
|
||||
}
|
||||
|
||||
// If the X-Frame-Options value is SAMEORIGIN, then the top frame in the
|
||||
// parent chain must be from the same origin as this document.
|
||||
bool checkSameOrigin = aPolicy.LowerCaseEqualsLiteral("sameorigin");
|
||||
nsCOMPtr<nsIURI> topUri;
|
||||
|
||||
// Traverse up the parent chain and stop when we see a docshell whose
|
||||
// parent has a system principal, or a docshell corresponding to
|
||||
// <iframe mozbrowser>.
|
||||
@ -97,17 +92,6 @@ FramingChecker::CheckOneFrameOptionsPolicy(nsIHttpChannel* aHttpChannel,
|
||||
bool system = false;
|
||||
topDoc = parentDocShellItem->GetDocument();
|
||||
if (topDoc) {
|
||||
if (checkSameOrigin) {
|
||||
topDoc->NodePrincipal()->GetURI(getter_AddRefs(topUri));
|
||||
rv = ssm->CheckSameOriginURI(uri, topUri, true);
|
||||
|
||||
// one of the ancestors is not same origin as this document
|
||||
if (NS_FAILED(rv)) {
|
||||
ReportXFOViolation(curDocShellItem, uri, eSAMEORIGIN);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
if (NS_SUCCEEDED(
|
||||
ssm->IsSystemPrincipal(topDoc->NodePrincipal(), &system)) &&
|
||||
system) {
|
||||
@ -135,8 +119,19 @@ FramingChecker::CheckOneFrameOptionsPolicy(nsIHttpChannel* aHttpChannel,
|
||||
}
|
||||
|
||||
topDoc = curDocShellItem->GetDocument();
|
||||
nsCOMPtr<nsIURI> topUri;
|
||||
topDoc->NodePrincipal()->GetURI(getter_AddRefs(topUri));
|
||||
|
||||
// If the X-Frame-Options value is SAMEORIGIN, then the top frame in the
|
||||
// parent chain must be from the same origin as this document.
|
||||
if (aPolicy.LowerCaseEqualsLiteral("sameorigin")) {
|
||||
rv = ssm->CheckSameOriginURI(uri, topUri, true);
|
||||
if (NS_FAILED(rv)) {
|
||||
ReportXFOViolation(curDocShellItem, uri, eSAMEORIGIN);
|
||||
return false; /* wasn't same-origin */
|
||||
}
|
||||
}
|
||||
|
||||
// If the X-Frame-Options value is "allow-from [uri]", then the top
|
||||
// frame in the parent chain must be from that origin
|
||||
if (isAllowFrom) {
|
||||
|
@ -3,3 +3,6 @@
|
||||
[`XFO: SAMEORIGIN` blocks cross-origin framing.]
|
||||
expected: FAIL
|
||||
|
||||
[`XFO: SAMEORIGIN` blocks same-origin nested in cross-origin framing.]
|
||||
expected: FAIL
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user