mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-09 11:25:00 +00:00
Bug 553448 - nsScriptSecurityManager::ContentSecurityPolicyPermitsJSAction should return JS_TRUE when no subjectPrincipal exists. r=mrbkap sr=dveditz
--HG-- extra : rebase_source : c47d6d55063c115921ee89114c4439444883c37d
This commit is contained in:
parent
08c926ac63
commit
81a89a0871
@ -532,8 +532,13 @@ nsScriptSecurityManager::ContentSecurityPolicyPermitsJSAction(JSContext *cx)
|
||||
if (NS_FAILED(rv))
|
||||
return JS_FALSE; // Not just absence of principal, but failure.
|
||||
|
||||
if (!subjectPrincipal)
|
||||
return JS_FALSE;
|
||||
if (!subjectPrincipal) {
|
||||
// See bug 553448 for discussion of this case.
|
||||
NS_ASSERTION(!JS_GetSecurityCallbacks(cx)->findObjectPrincipals,
|
||||
"CSP: Should have been able to find subject principal. "
|
||||
"Reluctantly granting access.");
|
||||
return JS_TRUE;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIContentSecurityPolicy> csp;
|
||||
rv = subjectPrincipal->GetCsp(getter_AddRefs(csp));
|
||||
|
@ -1130,10 +1130,8 @@ js_CheckContentSecurityPolicy(JSContext *cx)
|
||||
|
||||
// if there are callbacks, make sure that the CSP callback is installed and
|
||||
// that it permits eval().
|
||||
if (callbacks) {
|
||||
return callbacks->contentSecurityPolicyAllows &&
|
||||
callbacks->contentSecurityPolicyAllows(cx);
|
||||
}
|
||||
if (callbacks && callbacks->contentSecurityPolicyAllows)
|
||||
return callbacks->contentSecurityPolicyAllows(cx);
|
||||
|
||||
return JS_TRUE;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user