mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-16 23:05:42 +00:00
Bug 1715167 - Part 3: Track precursor origins for URI_INHERITS_SECURITY_CONTEXT responses, r=ckerschb,ngogge
If a URI has the URI_INHERITS_SECURITY_CONTEXT flag it will not be given a content principal by CreateContentPrincipal. This patch changes the algorithm for creating result principals for network requests such that the null principal created in this situation has a precursor principal tracked on it. Depends on D119689 Differential Revision: https://phabricator.services.mozilla.com/D119690
This commit is contained in:
parent
0f45db2f10
commit
6ef5d5d817
@ -384,6 +384,24 @@ nsScriptSecurityManager::GetChannelURIPrincipal(nsIChannel* aChannel,
|
||||
// its loadingPrincipal.
|
||||
OriginAttributes attrs = loadInfo->GetOriginAttributes();
|
||||
|
||||
// If the URI is supposed to inherit the security context of whoever loads it,
|
||||
// we shouldn't make a content principal for it, so instead return a null
|
||||
// principal.
|
||||
bool inheritsPrincipal = false;
|
||||
rv = NS_URIChainHasFlags(uri,
|
||||
nsIProtocolHandler::URI_INHERITS_SECURITY_CONTEXT,
|
||||
&inheritsPrincipal);
|
||||
if (NS_FAILED(rv) || inheritsPrincipal) {
|
||||
// Find a precursor principal to credit for the load. This won't impact
|
||||
// security checks, but makes tracking the source of related loads easier.
|
||||
nsCOMPtr<nsIPrincipal> precursorPrincipal =
|
||||
loadInfo->FindPrincipalToInherit(aChannel);
|
||||
nsCOMPtr<nsIURI> nullPrincipalURI =
|
||||
NullPrincipal::CreateURI(precursorPrincipal);
|
||||
*aPrincipal = NullPrincipal::Create(attrs, nullPrincipalURI).take();
|
||||
return *aPrincipal ? NS_OK : NS_ERROR_FAILURE;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIPrincipal> prin =
|
||||
BasePrincipal::CreateContentPrincipal(uri, attrs);
|
||||
prin.forget(aPrincipal);
|
||||
|
Loading…
Reference in New Issue
Block a user