Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-19 08:15:31 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1620441 - Refactor nsHttpChannel.cpp r=ckerschb

Browse Source 
Differential Revision: https://phabricator.services.mozilla.com/D65625

--HG--
extra : moz-landing-system : lando
This commit is contained in:
Sebastian Streich 2020-03-09 22:15:20 +00:00
parent cde7e014c2
commit b99da058ec
1 changed files with 11 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
netwerk/protocol/http/nsHttpChannel.cpp
View File

@ -1612,20 +1612,18 @@ nsresult EnsureMIMEOfScript(nsHttpChannel* aChannel, nsIURI* aURI,
break;
}
nsCOMPtr<nsIURI> requestURI;
aLoadInfo->LoadingPrincipal()->GetURI(getter_AddRefs(requestURI));
nsIScriptSecurityManager* ssm = nsContentUtils::GetSecurityManager();
bool isPrivateWin = aLoadInfo->GetOriginAttributes().mPrivateBrowsingId > 0;
nsresult rv = ssm->CheckSameOriginURI(requestURI, aURI, false, isPrivateWin);
if (NS_SUCCEEDED(rv)) {
bool isSameOrigin = false;
aLoadInfo->LoadingPrincipal()->IsSameOrigin(aURI, isPrivateWin,
&isSameOrigin);
if (isSameOrigin) {
// same origin
AccumulateCategorical(
Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_3::same_origin);
} else {
bool cors = false;
nsAutoCString corsOrigin;
rv = aResponseHead->GetHeader(
nsresult rv = aResponseHead->GetHeader(
nsHttp::ResolveAtom("Access-Control-Allow-Origin"), corsOrigin);
if (NS_SUCCEEDED(rv)) {
if (corsOrigin.Equals("*")) {
@ -1636,9 +1634,10 @@ nsresult EnsureMIMEOfScript(nsHttpChannel* aChannel, nsIURI* aURI,
if (NS_SUCCEEDED(rv)) {
bool isPrivateWin =
aLoadInfo->GetOriginAttributes().mPrivateBrowsingId > 0;
rv = ssm->CheckSameOriginURI(requestURI, corsOriginURI, false,
isPrivateWin);
if (NS_SUCCEEDED(rv)) {
bool isSameOrigin = false;
aLoadInfo->LoadingPrincipal()->IsSameOrigin(
corsOriginURI, isPrivateWin, &isSameOrigin);
if (isSameOrigin) {
cors = true;
}
}
@ -7732,9 +7731,9 @@ nsresult nsHttpChannel::ProcessCrossOriginResourcePolicyHeader() {
return NS_ERROR_DOM_CORP_FAILED;
}
nsCOMPtr<nsIURI> documentURI = mLoadInfo->LoadingPrincipal()->GetURI();
nsCOMPtr<nsIURI> resourceURI = channelOrigin->GetURI();
if (!documentURI->SchemeIs("https") && resourceURI->SchemeIs("https")) {
if (!mLoadInfo->LoadingPrincipal()->SchemeIs("https") &&
resourceURI->SchemeIs("https")) {
return NS_ERROR_DOM_CORP_FAILED;
}