Backed out changeset 230299b03e10 (bug 1905843) for causing build bustages @ nsContentSecurityManager.cpp CLOSED TREE

This commit is contained in:
Sandor Molnar 2024-09-17 16:40:05 +03:00
parent 1eb87c8a93
commit 5ac4c52a7e
3 changed files with 2 additions and 67 deletions

View File

@ -81,6 +81,8 @@ class nsScriptSecurityManager final : public nsIScriptSecurityManager {
bool aFromPrivateWindow,
uint64_t aInnerWindowID = 0);
static uint32_t HashPrincipalByOrigin(nsIPrincipal* aPrincipal);
static bool GetStrictFileOriginPolicy() { return sStrictFileOriginPolicy; }
void DeactivateDomainPolicy();

View File

@ -1427,9 +1427,6 @@ nsresult nsContentSecurityManager::doContentSecurityCheck(
rv = CheckAllowLoadByTriggeringRemoteType(aChannel);
NS_ENSURE_SUCCESS(rv, rv);
rv = CheckForIncoherentResultPrincipal(aChannel);
NS_ENSURE_SUCCESS(rv, rv);
// if dealing with a redirected channel then we have already installed
// streamlistener and redirect proxies and so we are done.
if (loadInfo->GetInitialSecurityCheckDone()) {
@ -1712,66 +1709,3 @@ nsContentSecurityManager::PerformSecurityCheck(
inAndOutListener.forget(outStreamListener);
return NS_OK;
}
nsresult nsContentSecurityManager::CheckForIncoherentResultPrincipal(
nsIChannel* aChannel) {
nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
ExtContentPolicyType contentPolicyType =
loadInfo->GetExternalContentPolicyType();
if (contentPolicyType != ExtContentPolicyType::TYPE_DOCUMENT &&
contentPolicyType != ExtContentPolicyType::TYPE_SUBDOCUMENT &&
contentPolicyType != ExtContentPolicyType::TYPE_OBJECT) {
return NS_OK;
}
nsCOMPtr<nsIPrincipal> resultOrPrecursor;
nsresult rv = nsScriptSecurityManager::GetScriptSecurityManager()
->GetChannelResultPrincipalIfNotSandboxed(
aChannel, getter_AddRefs(resultOrPrecursor));
NS_ENSURE_SUCCESS(rv, rv);
NS_ENSURE_STATE(resultOrPrecursor);
if (nsCOMPtr<nsIPrincipal> precursor =
resultOrPrecursor->GetPrecursorPrincipal()) {
resultOrPrecursor = precursor;
}
if (!resultOrPrecursor->GetIsContentPrincipal()) {
return NS_OK;
}
nsAutoCString resultSiteOriginNoSuffix;
rv = resultOrPrecursor->GetSiteOriginNoSuffix(resultSiteOriginNoSuffix);
NS_ENSURE_SUCCESS(rv, rv);
nsCOMPtr<nsIURI> resultSiteOriginURI;
NS_NewURI(getter_AddRefs(resultSiteOriginURI), resultSiteOriginNoSuffix);
NS_ENSURE_STATE(resultSiteOriginURI);
nsCOMPtr<nsIURI> channelURI;
aChannel->GetURI(getter_AddRefs(channelURI));
NS_ENSURE_STATE(channelURI);
nsCOMPtr<nsIPrincipal> channelUriPrincipal =
BasePrincipal::CreateContentPrincipal(channelURI, {});
NS_ENSURE_STATE(channelUriPrincipal);
nsAutoCString channelUriSiteOrigin;
rv = channelUriPrincipal->GetSiteOriginNoSuffix(channelUriSiteOrigin);
NS_ENSURE_SUCCESS(rv, rv);
nsCOMPtr<nsIURI> channelSiteOriginURI;
NS_NewURI(getter_AddRefs(channelSiteOriginURI), channelUriSiteOrigin);
NS_ENSURE_STATE(channelSiteOriginURI);
if (nsScriptSecurityManager::IsHttpOrHttpsAndCrossOrigin(
resultSiteOriginURI, channelSiteOriginURI) ||
(!net::SchemeIsHTTP(resultSiteOriginURI) &&
!net::SchemeIsHTTPS(resultSiteOriginURI) &&
(net::SchemeIsHTTP(channelSiteOriginURI) ||
net::SchemeIsHTTPS(channelSiteOriginURI)))) {
return NS_ERROR_CONTENT_BLOCKED;
}
return NS_OK;
}

View File

@ -87,7 +87,6 @@ class nsContentSecurityManager : public nsIContentSecurityManager,
static nsresult CheckAllowLoadInPrivilegedAboutContext(nsIChannel* aChannel);
static nsresult CheckChannelHasProtocolSecurityFlag(nsIChannel* aChannel);
static bool CrossOriginEmbedderPolicyAllowsCredentials(nsIChannel* aChannel);
static nsresult CheckForIncoherentResultPrincipal(nsIChannel* aChannel);
virtual ~nsContentSecurityManager() = default;
};