mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-23 12:51:06 +00:00
Backed out changeset 230299b03e10 (bug 1905843) for causing build bustages @ nsContentSecurityManager.cpp CLOSED TREE
This commit is contained in:
parent
1eb87c8a93
commit
5ac4c52a7e
@ -81,6 +81,8 @@ class nsScriptSecurityManager final : public nsIScriptSecurityManager {
|
||||
bool aFromPrivateWindow,
|
||||
uint64_t aInnerWindowID = 0);
|
||||
|
||||
static uint32_t HashPrincipalByOrigin(nsIPrincipal* aPrincipal);
|
||||
|
||||
static bool GetStrictFileOriginPolicy() { return sStrictFileOriginPolicy; }
|
||||
|
||||
void DeactivateDomainPolicy();
|
||||
|
@ -1427,9 +1427,6 @@ nsresult nsContentSecurityManager::doContentSecurityCheck(
|
||||
rv = CheckAllowLoadByTriggeringRemoteType(aChannel);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
rv = CheckForIncoherentResultPrincipal(aChannel);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
// if dealing with a redirected channel then we have already installed
|
||||
// streamlistener and redirect proxies and so we are done.
|
||||
if (loadInfo->GetInitialSecurityCheckDone()) {
|
||||
@ -1712,66 +1709,3 @@ nsContentSecurityManager::PerformSecurityCheck(
|
||||
inAndOutListener.forget(outStreamListener);
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
nsresult nsContentSecurityManager::CheckForIncoherentResultPrincipal(
|
||||
nsIChannel* aChannel) {
|
||||
nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
|
||||
ExtContentPolicyType contentPolicyType =
|
||||
loadInfo->GetExternalContentPolicyType();
|
||||
if (contentPolicyType != ExtContentPolicyType::TYPE_DOCUMENT &&
|
||||
contentPolicyType != ExtContentPolicyType::TYPE_SUBDOCUMENT &&
|
||||
contentPolicyType != ExtContentPolicyType::TYPE_OBJECT) {
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIPrincipal> resultOrPrecursor;
|
||||
nsresult rv = nsScriptSecurityManager::GetScriptSecurityManager()
|
||||
->GetChannelResultPrincipalIfNotSandboxed(
|
||||
aChannel, getter_AddRefs(resultOrPrecursor));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
NS_ENSURE_STATE(resultOrPrecursor);
|
||||
|
||||
if (nsCOMPtr<nsIPrincipal> precursor =
|
||||
resultOrPrecursor->GetPrecursorPrincipal()) {
|
||||
resultOrPrecursor = precursor;
|
||||
}
|
||||
|
||||
if (!resultOrPrecursor->GetIsContentPrincipal()) {
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
nsAutoCString resultSiteOriginNoSuffix;
|
||||
rv = resultOrPrecursor->GetSiteOriginNoSuffix(resultSiteOriginNoSuffix);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
nsCOMPtr<nsIURI> resultSiteOriginURI;
|
||||
NS_NewURI(getter_AddRefs(resultSiteOriginURI), resultSiteOriginNoSuffix);
|
||||
NS_ENSURE_STATE(resultSiteOriginURI);
|
||||
|
||||
nsCOMPtr<nsIURI> channelURI;
|
||||
aChannel->GetURI(getter_AddRefs(channelURI));
|
||||
NS_ENSURE_STATE(channelURI);
|
||||
|
||||
nsCOMPtr<nsIPrincipal> channelUriPrincipal =
|
||||
BasePrincipal::CreateContentPrincipal(channelURI, {});
|
||||
NS_ENSURE_STATE(channelUriPrincipal);
|
||||
|
||||
nsAutoCString channelUriSiteOrigin;
|
||||
rv = channelUriPrincipal->GetSiteOriginNoSuffix(channelUriSiteOrigin);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
nsCOMPtr<nsIURI> channelSiteOriginURI;
|
||||
NS_NewURI(getter_AddRefs(channelSiteOriginURI), channelUriSiteOrigin);
|
||||
NS_ENSURE_STATE(channelSiteOriginURI);
|
||||
|
||||
if (nsScriptSecurityManager::IsHttpOrHttpsAndCrossOrigin(
|
||||
resultSiteOriginURI, channelSiteOriginURI) ||
|
||||
(!net::SchemeIsHTTP(resultSiteOriginURI) &&
|
||||
!net::SchemeIsHTTPS(resultSiteOriginURI) &&
|
||||
(net::SchemeIsHTTP(channelSiteOriginURI) ||
|
||||
net::SchemeIsHTTPS(channelSiteOriginURI)))) {
|
||||
return NS_ERROR_CONTENT_BLOCKED;
|
||||
}
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
@ -87,7 +87,6 @@ class nsContentSecurityManager : public nsIContentSecurityManager,
|
||||
static nsresult CheckAllowLoadInPrivilegedAboutContext(nsIChannel* aChannel);
|
||||
static nsresult CheckChannelHasProtocolSecurityFlag(nsIChannel* aChannel);
|
||||
static bool CrossOriginEmbedderPolicyAllowsCredentials(nsIChannel* aChannel);
|
||||
static nsresult CheckForIncoherentResultPrincipal(nsIChannel* aChannel);
|
||||
|
||||
virtual ~nsContentSecurityManager() = default;
|
||||
};
|
||||
|
Loading…
Reference in New Issue
Block a user