Bug 543696: Remove unused nsIScriptSecurityManager::CheckConnect. r/sr=mrbkap

This commit is contained in:
Jonas Sicking 2010-02-02 02:29:15 -08:00
parent 906cd553fc
commit 893023f46a
5 changed files with 22 additions and 95 deletions

View File

@ -41,7 +41,7 @@
interface nsIURI;
interface nsIChannel;
[scriptable, uuid(c0dbfd5e-b7ae-4c18-8674-82492f35d715)]
[scriptable, uuid(50eda256-4dd2-4c7c-baed-96983910af9f)]
interface nsIScriptSecurityManager : nsIXPCSecurityManager
{
///////////////// Security Checks //////////////////
@ -54,14 +54,6 @@ interface nsIScriptSecurityManager : nsIXPCSecurityManager
in JSVal aProperty,
in PRUint32 aAction);
/**
* Checks whether the running script is allowed to connect to aTargetURI
*/
[noscript] void checkConnect(in JSContextPtr aJSContext,
in nsIURI aTargetURI,
in string aClassName,
in string aProperty);
/**
* Check that the script currently running in context "cx" can load "uri".
*

View File

@ -410,8 +410,7 @@ public:
static nsresult
CheckSameOriginPrincipal(nsIPrincipal* aSubject,
nsIPrincipal* aObject,
PRBool aIsCheckConnect);
nsIPrincipal* aObject);
static PRUint32
HashPrincipalByOrigin(nsIPrincipal* aPrincipal);
@ -458,8 +457,7 @@ private:
nsresult
CheckSameOriginDOMProp(nsIPrincipal* aSubject,
nsIPrincipal* aObject,
PRUint32 aAction,
PRBool aIsCheckConnect);
PRUint32 aAction);
nsresult
LookupPolicy(nsIPrincipal* principal,

View File

@ -363,8 +363,7 @@ nsPrincipal::Equals(nsIPrincipal *aOther, PRBool *aResult)
// Codebases are equal if they have the same origin.
*aResult =
NS_SUCCEEDED(nsScriptSecurityManager::CheckSameOriginPrincipal(this,
aOther,
PR_FALSE));
aOther));
return NS_OK;
}

View File

@ -563,34 +563,6 @@ nsScriptSecurityManager::CheckPropertyAccess(JSContext* cx,
aClassName, aProperty, nsnull);
}
NS_IMETHODIMP
nsScriptSecurityManager::CheckConnect(JSContext* cx,
nsIURI* aTargetURI,
const char* aClassName,
const char* aPropertyName)
{
// Get a context if necessary
if (!cx)
{
cx = GetCurrentJSContext();
if (!cx)
return NS_OK; // No JS context, so allow the load
}
nsresult rv = CheckLoadURIFromScript(cx, aTargetURI);
if (NS_FAILED(rv)) return rv;
JSAutoRequest ar(cx);
JSString* propertyName = ::JS_InternString(cx, aPropertyName);
if (!propertyName)
return NS_ERROR_OUT_OF_MEMORY;
return CheckPropertyAccessImpl(nsIXPCSecurityManager::ACCESS_CALL_METHOD, nsnull,
cx, nsnull, nsnull, aTargetURI,
nsnull, aClassName, STRING_TO_JSVAL(propertyName), nsnull);
}
NS_IMETHODIMP
nsScriptSecurityManager::CheckSameOrigin(JSContext* cx,
nsIURI* aTargetURI)
@ -750,7 +722,7 @@ nsScriptSecurityManager::CheckPropertyAccessImpl(PRUint32 aAction,
}
if(NS_SUCCEEDED(rv))
rv = CheckSameOriginDOMProp(subjectPrincipal, objectPrincipal,
aAction, aTargetURI != nsnull);
aAction);
break;
}
default:
@ -943,8 +915,7 @@ nsScriptSecurityManager::CheckPropertyAccessImpl(PRUint32 aAction,
/* static */
nsresult
nsScriptSecurityManager::CheckSameOriginPrincipal(nsIPrincipal* aSubject,
nsIPrincipal* aObject,
PRBool aIsCheckConnect)
nsIPrincipal* aObject)
{
/*
** Get origin of subject and object and compare.
@ -952,36 +923,25 @@ nsScriptSecurityManager::CheckSameOriginPrincipal(nsIPrincipal* aSubject,
if (aSubject == aObject)
return NS_OK;
// These booleans are only used when !aIsCheckConnect. Default
// them to false, and change if that turns out wrong.
// Default to false, and change if that turns out wrong.
PRBool subjectSetDomain = PR_FALSE;
PRBool objectSetDomain = PR_FALSE;
nsCOMPtr<nsIURI> subjectURI;
nsCOMPtr<nsIURI> objectURI;
if (aIsCheckConnect)
{
// Don't use domain for CheckConnect calls, since that's called for
// data-only load checks like XMLHTTPRequest (bug 290100).
aSubject->GetDomain(getter_AddRefs(subjectURI));
if (!subjectURI) {
aSubject->GetURI(getter_AddRefs(subjectURI));
aObject->GetURI(getter_AddRefs(objectURI));
} else {
subjectSetDomain = PR_TRUE;
}
else
{
aSubject->GetDomain(getter_AddRefs(subjectURI));
if (!subjectURI) {
aSubject->GetURI(getter_AddRefs(subjectURI));
} else {
subjectSetDomain = PR_TRUE;
}
aObject->GetDomain(getter_AddRefs(objectURI));
if (!objectURI) {
aObject->GetURI(getter_AddRefs(objectURI));
} else {
objectSetDomain = PR_TRUE;
}
aObject->GetDomain(getter_AddRefs(objectURI));
if (!objectURI) {
aObject->GetURI(getter_AddRefs(objectURI));
} else {
objectSetDomain = PR_TRUE;
}
if (SecurityCompareURIs(subjectURI, objectURI))
@ -990,12 +950,6 @@ nsScriptSecurityManager::CheckSameOriginPrincipal(nsIPrincipal* aSubject,
// done so in order to be considered the same origin. This prevents
// DNS spoofing based on document.domain (154930)
// But this restriction does not apply to CheckConnect calls, since
// that's called for data-only load checks like XMLHTTPRequest where
// we ignore domain (bug 290100).
if (aIsCheckConnect)
return NS_OK;
// If both or neither explicitly set their domain, allow the access
if (subjectSetDomain == objectSetDomain)
return NS_OK;
@ -1009,7 +963,7 @@ nsScriptSecurityManager::CheckSameOriginPrincipal(nsIPrincipal* aSubject,
// It's important that
//
// CheckSameOriginPrincipal(A, B, PR_FALSE) == NS_OK
// CheckSameOriginPrincipal(A, B) == NS_OK
//
// imply
//
@ -1032,21 +986,13 @@ nsScriptSecurityManager::HashPrincipalByOrigin(nsIPrincipal* aPrincipal)
nsresult
nsScriptSecurityManager::CheckSameOriginDOMProp(nsIPrincipal* aSubject,
nsIPrincipal* aObject,
PRUint32 aAction,
PRBool aIsCheckConnect)
PRUint32 aAction)
{
nsresult rv;
if (aIsCheckConnect) {
// Don't do equality compares, just do a same-origin compare,
// since the object principal isn't a real principal, just a
// GetCodebasePrincipal() on whatever URI we started with.
rv = CheckSameOriginPrincipal(aSubject, aObject, aIsCheckConnect);
} else {
PRBool subsumes;
rv = aSubject->Subsumes(aObject, &subsumes);
if (NS_SUCCEEDED(rv) && !subsumes) {
rv = NS_ERROR_DOM_PROP_ACCESS_DENIED;
}
PRBool subsumes;
rv = aSubject->Subsumes(aObject, &subsumes);
if (NS_SUCCEEDED(rv) && !subsumes) {
rv = NS_ERROR_DOM_PROP_ACCESS_DENIED;
}
if (NS_SUCCEEDED(rv))

View File

@ -1310,14 +1310,6 @@ FullTrustSecMan::CheckPropertyAccess(JSContext * aJSContext,
return NS_OK;
}
/* [noscript] void checkConnect (in JSContextPtr aJSContext, in nsIURI aTargetURI, in string aClassName, in string aProperty); */
NS_IMETHODIMP
FullTrustSecMan::CheckConnect(JSContext * aJSContext, nsIURI *aTargetURI,
const char *aClassName, const char *aProperty)
{
return NS_OK;
}
/* [noscript] void checkLoadURIFromScript (in JSContextPtr cx, in nsIURI uri); */
NS_IMETHODIMP
FullTrustSecMan::CheckLoadURIFromScript(JSContext * cx, nsIURI *uri)