diff --git a/docshell/base/nsDocShell.cpp b/docshell/base/nsDocShell.cpp index b01916c47131..7d1e18c22c6c 100644 --- a/docshell/base/nsDocShell.cpp +++ b/docshell/base/nsDocShell.cpp @@ -10264,23 +10264,23 @@ nsDocShell::DoURILoad(nsIURI * aURI, } bool isSandBoxed = mSandboxFlags & SANDBOXED_ORIGIN; - // only inherit if we have a requestingPrincipal + // only inherit if we have a triggeringPrincipal bool inherit = false; - nsCOMPtr requestingPrincipal = do_QueryInterface(aOwner); - if (requestingPrincipal) { - inherit = nsContentUtils::ChannelShouldInheritPrincipal(requestingPrincipal, + nsCOMPtr triggeringPrincipal = do_QueryInterface(aOwner); + if (triggeringPrincipal) { + inherit = nsContentUtils::ChannelShouldInheritPrincipal(triggeringPrincipal, aURI, true, // aInheritForAboutBlank isSrcdoc); } - else if (!requestingPrincipal && aReferrerURI) { + else if (!triggeringPrincipal && aReferrerURI) { rv = CreatePrincipalFromReferrer(aReferrerURI, - getter_AddRefs(requestingPrincipal)); + getter_AddRefs(triggeringPrincipal)); NS_ENSURE_SUCCESS(rv, rv); } else { - requestingPrincipal = nsContentUtils::GetSystemPrincipal(); + triggeringPrincipal = nsContentUtils::GetSystemPrincipal(); } nsSecurityFlags securityFlags = nsILoadInfo::SEC_NORMAL; @@ -10293,11 +10293,13 @@ nsDocShell::DoURILoad(nsIURI * aURI, if (!isSrcdoc) { nsCOMPtr loadInfo = - new mozilla::LoadInfo(requestingPrincipal, - requestingNode, - securityFlags, - aContentPolicyType, - aBaseURI); + new LoadInfo(requestingNode ? + requestingNode->NodePrincipal() : triggeringPrincipal.get(), + triggeringPrincipal, + requestingNode, + securityFlags, + aContentPolicyType, + aBaseURI); rv = NS_NewChannelInternal(getter_AddRefs(channel), aURI, loadInfo, @@ -10335,7 +10337,9 @@ nsDocShell::DoURILoad(nsIURI * aURI, rv = vsh->NewSrcdocChannel(aURI, aSrcdoc, getter_AddRefs(channel)); NS_ENSURE_SUCCESS(rv, rv); nsCOMPtr loadInfo = - new LoadInfo(requestingPrincipal, + new LoadInfo(requestingNode ? + requestingNode->NodePrincipal() : triggeringPrincipal.get(), + triggeringPrincipal, requestingNode, securityFlags, aContentPolicyType, @@ -10348,7 +10352,9 @@ nsDocShell::DoURILoad(nsIURI * aURI, aSrcdoc, NS_LITERAL_CSTRING("text/html"), requestingNode, - requestingPrincipal, + requestingNode ? + requestingNode->NodePrincipal() : triggeringPrincipal.get(), + triggeringPrincipal, securityFlags, aContentPolicyType, true, diff --git a/dom/base/WebSocket.cpp b/dom/base/WebSocket.cpp index 93dbbc9d202b..9adf9d99e2d5 100644 --- a/dom/base/WebSocket.cpp +++ b/dom/base/WebSocket.cpp @@ -1470,7 +1470,9 @@ WebSocketImpl::InitializeConnection() mOriginDocument = nullptr; nsCOMPtr loadInfo = - new LoadInfo(mPrincipal, + new LoadInfo(doc ? + doc->NodePrincipal() : mPrincipal.get(), + mPrincipal, doc, nsILoadInfo::SEC_NORMAL, nsIContentPolicy::TYPE_WEBSOCKET); diff --git a/dom/base/nsCrossSiteListenerProxy.cpp b/dom/base/nsCrossSiteListenerProxy.cpp index 582b6336c82d..f2a49eafd590 100644 --- a/dom/base/nsCrossSiteListenerProxy.cpp +++ b/dom/base/nsCrossSiteListenerProxy.cpp @@ -1127,15 +1127,14 @@ NS_StartCORSPreflight(nsIChannel* aRequestChannel, loadFlags); } else { - rv = NS_NewChannelInternal(getter_AddRefs(preflightChannel), - uri, - nullptr, // aRequestingNode, - nsContentUtils::GetSystemPrincipal(), - nsILoadInfo::SEC_NORMAL, - nsIContentPolicy::TYPE_OTHER, - loadGroup, - nullptr, // aCallbacks - loadFlags); + rv = NS_NewChannel(getter_AddRefs(preflightChannel), + uri, + nsContentUtils::GetSystemPrincipal(), + nsILoadInfo::SEC_NORMAL, + nsIContentPolicy::TYPE_OTHER, + loadGroup, + nullptr, // aCallbacks + loadFlags); } NS_ENSURE_SUCCESS(rv, rv); diff --git a/dom/plugins/base/nsPluginHost.cpp b/dom/plugins/base/nsPluginHost.cpp index 02e9a0df667e..7c3d3392d6f2 100644 --- a/dom/plugins/base/nsPluginHost.cpp +++ b/dom/plugins/base/nsPluginHost.cpp @@ -3070,23 +3070,35 @@ nsresult nsPluginHost::NewPluginURLStream(const nsString& aURL, if (NS_FAILED(rv)) return rv; - if (!principal) { - principal = do_CreateInstance("@mozilla.org/nullprincipal;1", &rv); - NS_ENSURE_SUCCESS(rv, rv); - } // @arg loadgroup: // do not add this internal plugin's channel on the // load group otherwise this channel could be canceled // form |nsDocShell::OnLinkClickSync| bug 166613 nsCOMPtr channel; - rv = NS_NewChannelInternal(getter_AddRefs(channel), - url, - doc, - principal, - nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL, - nsIContentPolicy::TYPE_OBJECT_SUBREQUEST, - nullptr, // aLoadGroup - listenerPeer); + nsCOMPtr requestingNode(do_QueryInterface(element)); + if (requestingNode) { + rv = NS_NewChannel(getter_AddRefs(channel), + url, + requestingNode, + nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL, + nsIContentPolicy::TYPE_OBJECT_SUBREQUEST, + nullptr, // aLoadGroup + listenerPeer); + } + else { + // in this else branch we really don't know where the load is coming + // from and in fact should use something better than just using + // a nullPrincipal as the loadingPrincipal. + principal = do_CreateInstance("@mozilla.org/nullprincipal;1", &rv); + NS_ENSURE_SUCCESS(rv, rv); + rv = NS_NewChannel(getter_AddRefs(channel), + url, + principal, + nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL, + nsIContentPolicy::TYPE_OBJECT_SUBREQUEST, + nullptr, // aLoadGroup + listenerPeer); + } if (NS_FAILED(rv)) return rv; diff --git a/dom/plugins/base/nsPluginStreamListenerPeer.cpp b/dom/plugins/base/nsPluginStreamListenerPeer.cpp index ab00a1d97216..3a72b31744a8 100644 --- a/dom/plugins/base/nsPluginStreamListenerPeer.cpp +++ b/dom/plugins/base/nsPluginStreamListenerPeer.cpp @@ -4,6 +4,7 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ #include "nsPluginStreamListenerPeer.h" +#include "nsIDOMElement.h" #include "nsIStreamConverterService.h" #include "nsIHttpChannel.h" #include "nsIHttpChannelInternal.h" @@ -640,8 +641,11 @@ nsPluginStreamListenerPeer::RequestRead(NPByteRange* rangeList) nsresult rv = NS_OK; nsRefPtr owner = mPluginInstance->GetOwner(); + nsCOMPtr element; nsCOMPtr doc; if (owner) { + rv = owner->GetDOMElement(getter_AddRefs(element)); + NS_ENSURE_SUCCESS(rv, rv); rv = owner->GetDocument(getter_AddRefs(doc)); NS_ENSURE_SUCCESS(rv, rv); } @@ -649,21 +653,32 @@ nsPluginStreamListenerPeer::RequestRead(NPByteRange* rangeList) nsCOMPtr callbacks = do_QueryReferent(mWeakPtrChannelCallbacks); nsCOMPtr loadGroup = do_QueryReferent(mWeakPtrChannelLoadGroup); - nsCOMPtr principal = doc ? doc->NodePrincipal() : nullptr; - if (!principal) { - principal = do_CreateInstance("@mozilla.org/nullprincipal;1", &rv); - NS_ENSURE_SUCCESS(rv, rv); - } - nsCOMPtr channel; - rv = NS_NewChannelInternal(getter_AddRefs(channel), - mURL, - doc, - principal, - nsILoadInfo::SEC_NORMAL, - nsIContentPolicy::TYPE_OTHER, - loadGroup, - callbacks); + nsCOMPtr requestingNode(do_QueryInterface(element)); + if (requestingNode) { + rv = NS_NewChannel(getter_AddRefs(channel), + mURL, + requestingNode, + nsILoadInfo::SEC_NORMAL, + nsIContentPolicy::TYPE_OTHER, + loadGroup, + callbacks); + } + else { + // in this else branch we really don't know where the load is coming + // from and in fact should use something better than just using + // a nullPrincipal as the loadingPrincipal. + nsCOMPtr principal = + do_CreateInstance("@mozilla.org/nullprincipal;1", &rv); + NS_ENSURE_SUCCESS(rv, rv); + rv = NS_NewChannel(getter_AddRefs(channel), + mURL, + principal, + nsILoadInfo::SEC_NORMAL, + nsIContentPolicy::TYPE_OTHER, + loadGroup, + callbacks); + } if (NS_FAILED(rv)) return rv; diff --git a/dom/xbl/nsXBLService.cpp b/dom/xbl/nsXBLService.cpp index 8eb316dff324..4c42f84b7183 100644 --- a/dom/xbl/nsXBLService.cpp +++ b/dom/xbl/nsXBLService.cpp @@ -1073,18 +1073,27 @@ nsXBLService::FetchBindingDocument(nsIContent* aBoundElement, nsIDocument* aBoun // FetchBindingDocument(). LoadInfo will end up with no principal or node in those cases, // so we use systemPrincipal. This achieves the same result of bypassing security checks, // but it gives the wrong information to potential future consumers of loadInfo. - nsCOMPtr requestingPrincipal = aOriginPrincipal ? aOriginPrincipal - : nsContentUtils::GetSystemPrincipal(); nsCOMPtr channel; - // Note that we are calling NS_NewChannelInternal here with both a node and a principal. - // This is because the principal and node could be different. - rv = NS_NewChannelInternal(getter_AddRefs(channel), - aDocumentURI, - aBoundDocument, - requestingPrincipal, - nsILoadInfo::SEC_NORMAL, - nsIContentPolicy::TYPE_OTHER, - loadGroup); + + if (aOriginPrincipal) { + // if there is an originPrincipal we should also have aBoundDocument + NS_ASSERTION(aBoundDocument, "can not create a channel without aBoundDocument"); + rv = NS_NewChannelWithTriggeringPrincipal(getter_AddRefs(channel), + aDocumentURI, + aBoundDocument, + aOriginPrincipal, + nsILoadInfo::SEC_NORMAL, + nsIContentPolicy::TYPE_OTHER, + loadGroup); + } + else { + rv = NS_NewChannel(getter_AddRefs(channel), + aDocumentURI, + nsContentUtils::GetSystemPrincipal(), + nsILoadInfo::SEC_NORMAL, + nsIContentPolicy::TYPE_OTHER, + loadGroup); + } NS_ENSURE_SUCCESS(rv, rv); diff --git a/image/src/imgLoader.cpp b/image/src/imgLoader.cpp index 338a00201362..8966beb3d119 100644 --- a/image/src/imgLoader.cpp +++ b/image/src/imgLoader.cpp @@ -663,18 +663,18 @@ static nsresult NewImageChannel(nsIChannel **aResult, // aLoadFlags |= nsIChannel::LOAD_CLASSIFY_URI; - nsCOMPtr requestingPrincipal = aLoadingPrincipal; + nsCOMPtr triggeringPrincipal = aLoadingPrincipal; bool isSandBoxed = false; // only inherit if we have a principal bool inherit = false; - if (requestingPrincipal) { - inherit = nsContentUtils::ChannelShouldInheritPrincipal(requestingPrincipal, + if (triggeringPrincipal) { + inherit = nsContentUtils::ChannelShouldInheritPrincipal(triggeringPrincipal, aURI, false, // aInheritForAboutBlank false); // aForceInherit } else { - requestingPrincipal = nsContentUtils::GetSystemPrincipal(); + triggeringPrincipal = nsContentUtils::GetSystemPrincipal(); } nsCOMPtr requestingNode = do_QueryInterface(aRequestingContext); nsSecurityFlags securityFlags = nsILoadInfo::SEC_NORMAL; @@ -682,19 +682,36 @@ static nsresult NewImageChannel(nsIChannel **aResult, securityFlags |= nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL; } - // Note we are calling NS_NewChannelInternal() here with a node and a principal. - // This is for things like background images that are specified by user - // stylesheets, where the document is being styled, but the principal is that - // of the user stylesheet. - rv = NS_NewChannelInternal(aResult, - aURI, - requestingNode, - requestingPrincipal, - securityFlags, - aPolicyType, - nullptr, // loadGroup - callbacks, - aLoadFlags); + // Note we are calling NS_NewChannelWithTriggeringPrincipal() here with a node + // and a principal. This is for things like background images that are specified + // by user stylesheets, where the document is being styled, but the principal + // is that of the user stylesheet. + if (requestingNode) { + rv = NS_NewChannelWithTriggeringPrincipal(aResult, + aURI, + requestingNode, + triggeringPrincipal, + securityFlags, + nsIContentPolicy::TYPE_IMAGE, + nullptr, // loadGroup + callbacks, + aLoadFlags); + } + else { + // either we are loading something inside a document, in which case + // we should always have a requestingNode, or we are loading something + // outside a document, in which case the triggeringPrincipal + // should always be the systemPrincipal. + MOZ_ASSERT(nsContentUtils::IsSystemPrincipal(triggeringPrincipal)); + rv = NS_NewChannel(aResult, + aURI, + triggeringPrincipal, + securityFlags, + nsIContentPolicy::TYPE_IMAGE, + nullptr, // loadGroup + callbacks, + aLoadFlags); + } if (NS_FAILED(rv)) return rv; diff --git a/layout/style/FontFaceSet.cpp b/layout/style/FontFaceSet.cpp index 98b1b94f257f..7aae1f469e03 100644 --- a/layout/style/FontFaceSet.cpp +++ b/layout/style/FontFaceSet.cpp @@ -389,17 +389,17 @@ FontFaceSet::StartLoad(gfxUserFontEntry* aUserFontEntry, nsCOMPtr loadGroup(ps->GetDocument()->GetDocumentLoadGroup()); nsCOMPtr channel; - // Note we are calling NS_NewChannelInternal() with both a node and a - // principal. This is because the document where the font is being loaded - // might have a different origin from the principal of the stylesheet - // that initiated the font load. - rv = NS_NewChannelInternal(getter_AddRefs(channel), - aFontFaceSrc->mURI, - ps->GetDocument(), - aUserFontEntry->GetPrincipal(), - nsILoadInfo::SEC_NORMAL, - nsIContentPolicy::TYPE_FONT, - loadGroup); + // Note we are calling NS_NewChannelWithTriggeringPrincipal() with both a + // node and a principal. This is because the document where the font is + // being loaded might have a different origin from the principal of the + // stylesheet that initiated the font load. + rv = NS_NewChannelWithTriggeringPrincipal(getter_AddRefs(channel), + aFontFaceSrc->mURI, + ps->GetDocument(), + aUserFontEntry->GetPrincipal(), + nsILoadInfo::SEC_NORMAL, + nsIContentPolicy::TYPE_FONT, + loadGroup); NS_ENSURE_SUCCESS(rv, rv); @@ -1185,16 +1185,16 @@ FontFaceSet::SyncLoadFontData(gfxUserFontEntry* aFontToLoad, if (!ps) { return NS_ERROR_FAILURE; } - // Note we are calling NS_NewChannelInternal() with both a node and a - // principal. This is because the document where the font is being loaded - // might have a different origin from the principal of the stylesheet - // that initiated the font load. - rv = NS_NewChannelInternal(getter_AddRefs(channel), - aFontFaceSrc->mURI, - ps->GetDocument(), - aFontToLoad->GetPrincipal(), - nsILoadInfo::SEC_NORMAL, - nsIContentPolicy::TYPE_FONT); + // Note we are calling NS_NewChannelWithTriggeringPrincipal() with both a + // node and a principal. This is because the document where the font is + // being loaded might have a different origin from the principal of the + // stylesheet that initiated the font load. + rv = NS_NewChannelWithTriggeringPrincipal(getter_AddRefs(channel), + aFontFaceSrc->mURI, + ps->GetDocument(), + aFontToLoad->GetPrincipal(), + nsILoadInfo::SEC_NORMAL, + nsIContentPolicy::TYPE_FONT); NS_ENSURE_SUCCESS(rv, rv); diff --git a/layout/style/Loader.cpp b/layout/style/Loader.cpp index c0773ebc3555..04c7c9cabaec 100644 --- a/layout/style/Loader.cpp +++ b/layout/style/Loader.cpp @@ -1424,8 +1424,8 @@ Loader::LoadSheet(SheetLoadData* aLoadData, StyleSheetState aSheetState) } bool inherit = false; - nsIPrincipal* requestingPrincipal = aLoadData->mLoaderPrincipal; - if (requestingPrincipal) { + nsIPrincipal* triggeringPrincipal = aLoadData->mLoaderPrincipal; + if (triggeringPrincipal) { rv = NS_URIChainHasFlags(aLoadData->mURI, nsIProtocolHandler::URI_INHERITS_SECURITY_CONTEXT, &inherit); @@ -1436,7 +1436,7 @@ Loader::LoadSheet(SheetLoadData* aLoadData, StyleSheetState aSheetState) CheckMayLoad(aLoadData->mURI, false, false)))); } else { - requestingPrincipal = nsContentUtils::GetSystemPrincipal(); + triggeringPrincipal = nsContentUtils::GetSystemPrincipal(); } if (aLoadData->mSyncLoad) { @@ -1469,17 +1469,36 @@ Loader::LoadSheet(SheetLoadData* aLoadData, StyleSheetState aSheetState) // principal. This is because of a case where the node is the document // being styled and the principal is the stylesheet (perhaps from a // different origin) that is applying the styles. - rv = NS_OpenURIInternal(getter_AddRefs(stream), - aLoadData->mURI, - aLoadData->mRequestingNode, - requestingPrincipal, - nsILoadInfo::SEC_NORMAL, - nsIContentPolicy::TYPE_OTHER, - nullptr, // aLoadGroup - nullptr, // aCallbacks - nsIRequest::LOAD_NORMAL, - nullptr, // aIoService - getter_AddRefs(channel)); + if (aLoadData->mRequestingNode) { + rv = NS_OpenURIWithTriggeringPrincipal(getter_AddRefs(stream), + aLoadData->mURI, + aLoadData->mRequestingNode, + triggeringPrincipal, + nsILoadInfo::SEC_NORMAL, + nsIContentPolicy::TYPE_OTHER, + nullptr, // aLoadGroup + nullptr, // aCallbacks + nsIRequest::LOAD_NORMAL, + nullptr, // aIoService + getter_AddRefs(channel)); + } + else { + // either we are loading something inside a document, in which case + // we should always have a requestingNode, or we are loading something + // outside a document, in which case the triggeringPrincipal + // should always be the systemPrincipal. + MOZ_ASSERT(nsContentUtils::IsSystemPrincipal(triggeringPrincipal)); + rv = NS_OpenURI(getter_AddRefs(stream), + aLoadData->mURI, + triggeringPrincipal, + nsILoadInfo::SEC_NORMAL, + nsIContentPolicy::TYPE_OTHER, + nullptr, // aLoadGroup + nullptr, // aCallbacks + nsIRequest::LOAD_NORMAL, + nullptr, // aIoService + getter_AddRefs(channel)); + } if (NS_FAILED(rv)) { LOG_ERROR((" Failed to open URI synchronously")); @@ -1560,20 +1579,38 @@ Loader::LoadSheet(SheetLoadData* aLoadData, StyleSheetState aSheetState) } nsCOMPtr channel; - // Note we are calling NS_NewChannelInternal here with a node and a principal. - // This is because of a case where the node is the document being styled and - // the principal is the stylesheet (perhaps from a different origin) that is - // applying the styles. - rv = NS_NewChannelInternal(getter_AddRefs(channel), - aLoadData->mURI, - aLoadData->mRequestingNode, - requestingPrincipal, - securityFlags, - nsIContentPolicy::TYPE_STYLESHEET, - loadGroup, - nullptr, // aCallbacks - nsIChannel::LOAD_NORMAL | - nsIChannel::LOAD_CLASSIFY_URI); + // Note we are calling NS_NewChannelWithTriggeringPrincipal here with a node + // and a principal. This is because of a case where the node is the document + // being styled and the principal is the stylesheet (perhaps from a different + // origin) that is applying the styles. + if (aLoadData->mRequestingNode) { + rv = NS_NewChannelWithTriggeringPrincipal(getter_AddRefs(channel), + aLoadData->mURI, + aLoadData->mRequestingNode, + triggeringPrincipal, + securityFlags, + nsIContentPolicy::TYPE_STYLESHEET, + loadGroup, + nullptr, // aCallbacks + nsIChannel::LOAD_NORMAL | + nsIChannel::LOAD_CLASSIFY_URI); + } + else { + // either we are loading something inside a document, in which case + // we should always have a requestingNode, or we are loading something + // outside a document, in which case the triggeringPrincipal + // should always be the systemPrincipal. + MOZ_ASSERT(nsContentUtils::IsSystemPrincipal(triggeringPrincipal)); + rv = NS_NewChannel(getter_AddRefs(channel), + aLoadData->mURI, + triggeringPrincipal, + securityFlags, + nsIContentPolicy::TYPE_STYLESHEET, + loadGroup, + nullptr, // aCallbacks + nsIChannel::LOAD_NORMAL | + nsIChannel::LOAD_CLASSIFY_URI); + } if (NS_FAILED(rv)) { #ifdef DEBUG diff --git a/modules/libjar/nsJARChannel.cpp b/modules/libjar/nsJARChannel.cpp index c712544f2d5c..5f82a14e7db5 100644 --- a/modules/libjar/nsJARChannel.cpp +++ b/modules/libjar/nsJARChannel.cpp @@ -879,16 +879,15 @@ nsJARChannel::AsyncOpen(nsIStreamListener *listener, nsISupports *ctx) mLoadFlags & ~(LOAD_DOCUMENT_URI | LOAD_CALL_CONTENT_SNIFFERS)); } else { - rv = NS_OpenURIInternal(mDownloader, - nullptr, // aContext - mJarBaseURI, - nullptr, // aRequestingNode, - nsContentUtils::GetSystemPrincipal(), - nsILoadInfo::SEC_NORMAL, - nsIContentPolicy::TYPE_OTHER, - mLoadGroup, - mCallbacks, - mLoadFlags & ~(LOAD_DOCUMENT_URI | LOAD_CALL_CONTENT_SNIFFERS)); + rv = NS_OpenURI(mDownloader, + nullptr, // aContext + mJarBaseURI, + nsContentUtils::GetSystemPrincipal(), + nsILoadInfo::SEC_NORMAL, + nsIContentPolicy::TYPE_OTHER, + mLoadGroup, + mCallbacks, + mLoadFlags & ~(LOAD_DOCUMENT_URI | LOAD_CALL_CONTENT_SNIFFERS)); } } } else if (mOpeningRemote) {