Bug 1340710 - Part 4: Fix nsIPrincipal::GetOrigin()'s handling of non-strict file:// URI origin policy; r=bholley

This commit is contained in:
Ehsan Akhgari 2017-02-24 12:11:41 -05:00
parent f3dc163eaf
commit 57d1fd125b
2 changed files with 20 additions and 0 deletions

View File

@ -138,6 +138,14 @@ nsPrincipal::GetOriginInternal(nsACString& aOrigin)
return NS_ERROR_FAILURE;
}
if (!nsScriptSecurityManager::GetStrictFileOriginPolicy() &&
NS_URIIsLocalFile(origin)) {
// If strict file origin policy is not in effect, all local files are
// considered to be same-origin, so return a known dummy origin here.
aOrigin.AssignLiteral("file://UNIVERSAL_FILE_URI_ORIGIN");
return NS_OK;
}
nsAutoCString hostPort;
// chrome: URLs don't have a meaningful origin, so make

View File

@ -286,4 +286,16 @@ function run_test() {
do_check_eq(ChromeUtils.originAttributesToSuffix(mod), t[3]);
});
var fileURI = makeURI('file:///foo/bar').QueryInterface(Ci.nsIFileURL);
var fileTests = [
[true, fileURI.spec],
[false, "file://UNIVERSAL_FILE_URI_ORIGIN"],
];
fileTests.forEach(t => {
Services.prefs.setBoolPref("security.fileuri.strict_origin_policy", t[0]);
var filePrin = ssm.createCodebasePrincipal(fileURI, {});
do_check_eq(filePrin.origin, t[1]);
});
Services.prefs.clearUserPref("security.fileuri.strict_origin_policy");
}