mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-08 10:44:56 +00:00
Bug 1083422 - Add triggering Principal to nsILoadInfo - update callsites (r=bz,sicking)
This commit is contained in:
parent
1b25c3732d
commit
d5cbc137e2
@ -10264,23 +10264,23 @@ nsDocShell::DoURILoad(nsIURI * aURI,
|
|||||||
}
|
}
|
||||||
|
|
||||||
bool isSandBoxed = mSandboxFlags & SANDBOXED_ORIGIN;
|
bool isSandBoxed = mSandboxFlags & SANDBOXED_ORIGIN;
|
||||||
// only inherit if we have a requestingPrincipal
|
// only inherit if we have a triggeringPrincipal
|
||||||
bool inherit = false;
|
bool inherit = false;
|
||||||
|
|
||||||
nsCOMPtr<nsIPrincipal> requestingPrincipal = do_QueryInterface(aOwner);
|
nsCOMPtr<nsIPrincipal> triggeringPrincipal = do_QueryInterface(aOwner);
|
||||||
if (requestingPrincipal) {
|
if (triggeringPrincipal) {
|
||||||
inherit = nsContentUtils::ChannelShouldInheritPrincipal(requestingPrincipal,
|
inherit = nsContentUtils::ChannelShouldInheritPrincipal(triggeringPrincipal,
|
||||||
aURI,
|
aURI,
|
||||||
true, // aInheritForAboutBlank
|
true, // aInheritForAboutBlank
|
||||||
isSrcdoc);
|
isSrcdoc);
|
||||||
}
|
}
|
||||||
else if (!requestingPrincipal && aReferrerURI) {
|
else if (!triggeringPrincipal && aReferrerURI) {
|
||||||
rv = CreatePrincipalFromReferrer(aReferrerURI,
|
rv = CreatePrincipalFromReferrer(aReferrerURI,
|
||||||
getter_AddRefs(requestingPrincipal));
|
getter_AddRefs(triggeringPrincipal));
|
||||||
NS_ENSURE_SUCCESS(rv, rv);
|
NS_ENSURE_SUCCESS(rv, rv);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
requestingPrincipal = nsContentUtils::GetSystemPrincipal();
|
triggeringPrincipal = nsContentUtils::GetSystemPrincipal();
|
||||||
}
|
}
|
||||||
|
|
||||||
nsSecurityFlags securityFlags = nsILoadInfo::SEC_NORMAL;
|
nsSecurityFlags securityFlags = nsILoadInfo::SEC_NORMAL;
|
||||||
@ -10293,11 +10293,13 @@ nsDocShell::DoURILoad(nsIURI * aURI,
|
|||||||
|
|
||||||
if (!isSrcdoc) {
|
if (!isSrcdoc) {
|
||||||
nsCOMPtr<nsILoadInfo> loadInfo =
|
nsCOMPtr<nsILoadInfo> loadInfo =
|
||||||
new mozilla::LoadInfo(requestingPrincipal,
|
new LoadInfo(requestingNode ?
|
||||||
requestingNode,
|
requestingNode->NodePrincipal() : triggeringPrincipal.get(),
|
||||||
securityFlags,
|
triggeringPrincipal,
|
||||||
aContentPolicyType,
|
requestingNode,
|
||||||
aBaseURI);
|
securityFlags,
|
||||||
|
aContentPolicyType,
|
||||||
|
aBaseURI);
|
||||||
rv = NS_NewChannelInternal(getter_AddRefs(channel),
|
rv = NS_NewChannelInternal(getter_AddRefs(channel),
|
||||||
aURI,
|
aURI,
|
||||||
loadInfo,
|
loadInfo,
|
||||||
@ -10335,7 +10337,9 @@ nsDocShell::DoURILoad(nsIURI * aURI,
|
|||||||
rv = vsh->NewSrcdocChannel(aURI, aSrcdoc, getter_AddRefs(channel));
|
rv = vsh->NewSrcdocChannel(aURI, aSrcdoc, getter_AddRefs(channel));
|
||||||
NS_ENSURE_SUCCESS(rv, rv);
|
NS_ENSURE_SUCCESS(rv, rv);
|
||||||
nsCOMPtr<nsILoadInfo> loadInfo =
|
nsCOMPtr<nsILoadInfo> loadInfo =
|
||||||
new LoadInfo(requestingPrincipal,
|
new LoadInfo(requestingNode ?
|
||||||
|
requestingNode->NodePrincipal() : triggeringPrincipal.get(),
|
||||||
|
triggeringPrincipal,
|
||||||
requestingNode,
|
requestingNode,
|
||||||
securityFlags,
|
securityFlags,
|
||||||
aContentPolicyType,
|
aContentPolicyType,
|
||||||
@ -10348,7 +10352,9 @@ nsDocShell::DoURILoad(nsIURI * aURI,
|
|||||||
aSrcdoc,
|
aSrcdoc,
|
||||||
NS_LITERAL_CSTRING("text/html"),
|
NS_LITERAL_CSTRING("text/html"),
|
||||||
requestingNode,
|
requestingNode,
|
||||||
requestingPrincipal,
|
requestingNode ?
|
||||||
|
requestingNode->NodePrincipal() : triggeringPrincipal.get(),
|
||||||
|
triggeringPrincipal,
|
||||||
securityFlags,
|
securityFlags,
|
||||||
aContentPolicyType,
|
aContentPolicyType,
|
||||||
true,
|
true,
|
||||||
|
@ -1470,7 +1470,9 @@ WebSocketImpl::InitializeConnection()
|
|||||||
mOriginDocument = nullptr;
|
mOriginDocument = nullptr;
|
||||||
|
|
||||||
nsCOMPtr<nsILoadInfo> loadInfo =
|
nsCOMPtr<nsILoadInfo> loadInfo =
|
||||||
new LoadInfo(mPrincipal,
|
new LoadInfo(doc ?
|
||||||
|
doc->NodePrincipal() : mPrincipal.get(),
|
||||||
|
mPrincipal,
|
||||||
doc,
|
doc,
|
||||||
nsILoadInfo::SEC_NORMAL,
|
nsILoadInfo::SEC_NORMAL,
|
||||||
nsIContentPolicy::TYPE_WEBSOCKET);
|
nsIContentPolicy::TYPE_WEBSOCKET);
|
||||||
|
@ -1127,15 +1127,14 @@ NS_StartCORSPreflight(nsIChannel* aRequestChannel,
|
|||||||
loadFlags);
|
loadFlags);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
rv = NS_NewChannelInternal(getter_AddRefs(preflightChannel),
|
rv = NS_NewChannel(getter_AddRefs(preflightChannel),
|
||||||
uri,
|
uri,
|
||||||
nullptr, // aRequestingNode,
|
nsContentUtils::GetSystemPrincipal(),
|
||||||
nsContentUtils::GetSystemPrincipal(),
|
nsILoadInfo::SEC_NORMAL,
|
||||||
nsILoadInfo::SEC_NORMAL,
|
nsIContentPolicy::TYPE_OTHER,
|
||||||
nsIContentPolicy::TYPE_OTHER,
|
loadGroup,
|
||||||
loadGroup,
|
nullptr, // aCallbacks
|
||||||
nullptr, // aCallbacks
|
loadFlags);
|
||||||
loadFlags);
|
|
||||||
}
|
}
|
||||||
NS_ENSURE_SUCCESS(rv, rv);
|
NS_ENSURE_SUCCESS(rv, rv);
|
||||||
|
|
||||||
|
@ -3070,23 +3070,35 @@ nsresult nsPluginHost::NewPluginURLStream(const nsString& aURL,
|
|||||||
if (NS_FAILED(rv))
|
if (NS_FAILED(rv))
|
||||||
return rv;
|
return rv;
|
||||||
|
|
||||||
if (!principal) {
|
|
||||||
principal = do_CreateInstance("@mozilla.org/nullprincipal;1", &rv);
|
|
||||||
NS_ENSURE_SUCCESS(rv, rv);
|
|
||||||
}
|
|
||||||
// @arg loadgroup:
|
// @arg loadgroup:
|
||||||
// do not add this internal plugin's channel on the
|
// do not add this internal plugin's channel on the
|
||||||
// load group otherwise this channel could be canceled
|
// load group otherwise this channel could be canceled
|
||||||
// form |nsDocShell::OnLinkClickSync| bug 166613
|
// form |nsDocShell::OnLinkClickSync| bug 166613
|
||||||
nsCOMPtr<nsIChannel> channel;
|
nsCOMPtr<nsIChannel> channel;
|
||||||
rv = NS_NewChannelInternal(getter_AddRefs(channel),
|
nsCOMPtr<nsINode> requestingNode(do_QueryInterface(element));
|
||||||
url,
|
if (requestingNode) {
|
||||||
doc,
|
rv = NS_NewChannel(getter_AddRefs(channel),
|
||||||
principal,
|
url,
|
||||||
nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL,
|
requestingNode,
|
||||||
nsIContentPolicy::TYPE_OBJECT_SUBREQUEST,
|
nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL,
|
||||||
nullptr, // aLoadGroup
|
nsIContentPolicy::TYPE_OBJECT_SUBREQUEST,
|
||||||
listenerPeer);
|
nullptr, // aLoadGroup
|
||||||
|
listenerPeer);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
// in this else branch we really don't know where the load is coming
|
||||||
|
// from and in fact should use something better than just using
|
||||||
|
// a nullPrincipal as the loadingPrincipal.
|
||||||
|
principal = do_CreateInstance("@mozilla.org/nullprincipal;1", &rv);
|
||||||
|
NS_ENSURE_SUCCESS(rv, rv);
|
||||||
|
rv = NS_NewChannel(getter_AddRefs(channel),
|
||||||
|
url,
|
||||||
|
principal,
|
||||||
|
nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL,
|
||||||
|
nsIContentPolicy::TYPE_OBJECT_SUBREQUEST,
|
||||||
|
nullptr, // aLoadGroup
|
||||||
|
listenerPeer);
|
||||||
|
}
|
||||||
|
|
||||||
if (NS_FAILED(rv))
|
if (NS_FAILED(rv))
|
||||||
return rv;
|
return rv;
|
||||||
|
@ -4,6 +4,7 @@
|
|||||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
||||||
|
|
||||||
#include "nsPluginStreamListenerPeer.h"
|
#include "nsPluginStreamListenerPeer.h"
|
||||||
|
#include "nsIDOMElement.h"
|
||||||
#include "nsIStreamConverterService.h"
|
#include "nsIStreamConverterService.h"
|
||||||
#include "nsIHttpChannel.h"
|
#include "nsIHttpChannel.h"
|
||||||
#include "nsIHttpChannelInternal.h"
|
#include "nsIHttpChannelInternal.h"
|
||||||
@ -640,8 +641,11 @@ nsPluginStreamListenerPeer::RequestRead(NPByteRange* rangeList)
|
|||||||
nsresult rv = NS_OK;
|
nsresult rv = NS_OK;
|
||||||
|
|
||||||
nsRefPtr<nsPluginInstanceOwner> owner = mPluginInstance->GetOwner();
|
nsRefPtr<nsPluginInstanceOwner> owner = mPluginInstance->GetOwner();
|
||||||
|
nsCOMPtr<nsIDOMElement> element;
|
||||||
nsCOMPtr<nsIDocument> doc;
|
nsCOMPtr<nsIDocument> doc;
|
||||||
if (owner) {
|
if (owner) {
|
||||||
|
rv = owner->GetDOMElement(getter_AddRefs(element));
|
||||||
|
NS_ENSURE_SUCCESS(rv, rv);
|
||||||
rv = owner->GetDocument(getter_AddRefs(doc));
|
rv = owner->GetDocument(getter_AddRefs(doc));
|
||||||
NS_ENSURE_SUCCESS(rv, rv);
|
NS_ENSURE_SUCCESS(rv, rv);
|
||||||
}
|
}
|
||||||
@ -649,21 +653,32 @@ nsPluginStreamListenerPeer::RequestRead(NPByteRange* rangeList)
|
|||||||
nsCOMPtr<nsIInterfaceRequestor> callbacks = do_QueryReferent(mWeakPtrChannelCallbacks);
|
nsCOMPtr<nsIInterfaceRequestor> callbacks = do_QueryReferent(mWeakPtrChannelCallbacks);
|
||||||
nsCOMPtr<nsILoadGroup> loadGroup = do_QueryReferent(mWeakPtrChannelLoadGroup);
|
nsCOMPtr<nsILoadGroup> loadGroup = do_QueryReferent(mWeakPtrChannelLoadGroup);
|
||||||
|
|
||||||
nsCOMPtr<nsIPrincipal> principal = doc ? doc->NodePrincipal() : nullptr;
|
|
||||||
if (!principal) {
|
|
||||||
principal = do_CreateInstance("@mozilla.org/nullprincipal;1", &rv);
|
|
||||||
NS_ENSURE_SUCCESS(rv, rv);
|
|
||||||
}
|
|
||||||
|
|
||||||
nsCOMPtr<nsIChannel> channel;
|
nsCOMPtr<nsIChannel> channel;
|
||||||
rv = NS_NewChannelInternal(getter_AddRefs(channel),
|
nsCOMPtr<nsINode> requestingNode(do_QueryInterface(element));
|
||||||
mURL,
|
if (requestingNode) {
|
||||||
doc,
|
rv = NS_NewChannel(getter_AddRefs(channel),
|
||||||
principal,
|
mURL,
|
||||||
nsILoadInfo::SEC_NORMAL,
|
requestingNode,
|
||||||
nsIContentPolicy::TYPE_OTHER,
|
nsILoadInfo::SEC_NORMAL,
|
||||||
loadGroup,
|
nsIContentPolicy::TYPE_OTHER,
|
||||||
callbacks);
|
loadGroup,
|
||||||
|
callbacks);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
// in this else branch we really don't know where the load is coming
|
||||||
|
// from and in fact should use something better than just using
|
||||||
|
// a nullPrincipal as the loadingPrincipal.
|
||||||
|
nsCOMPtr<nsIPrincipal> principal =
|
||||||
|
do_CreateInstance("@mozilla.org/nullprincipal;1", &rv);
|
||||||
|
NS_ENSURE_SUCCESS(rv, rv);
|
||||||
|
rv = NS_NewChannel(getter_AddRefs(channel),
|
||||||
|
mURL,
|
||||||
|
principal,
|
||||||
|
nsILoadInfo::SEC_NORMAL,
|
||||||
|
nsIContentPolicy::TYPE_OTHER,
|
||||||
|
loadGroup,
|
||||||
|
callbacks);
|
||||||
|
}
|
||||||
|
|
||||||
if (NS_FAILED(rv))
|
if (NS_FAILED(rv))
|
||||||
return rv;
|
return rv;
|
||||||
|
@ -1073,18 +1073,27 @@ nsXBLService::FetchBindingDocument(nsIContent* aBoundElement, nsIDocument* aBoun
|
|||||||
// FetchBindingDocument(). LoadInfo will end up with no principal or node in those cases,
|
// FetchBindingDocument(). LoadInfo will end up with no principal or node in those cases,
|
||||||
// so we use systemPrincipal. This achieves the same result of bypassing security checks,
|
// so we use systemPrincipal. This achieves the same result of bypassing security checks,
|
||||||
// but it gives the wrong information to potential future consumers of loadInfo.
|
// but it gives the wrong information to potential future consumers of loadInfo.
|
||||||
nsCOMPtr<nsIPrincipal> requestingPrincipal = aOriginPrincipal ? aOriginPrincipal
|
|
||||||
: nsContentUtils::GetSystemPrincipal();
|
|
||||||
nsCOMPtr<nsIChannel> channel;
|
nsCOMPtr<nsIChannel> channel;
|
||||||
// Note that we are calling NS_NewChannelInternal here with both a node and a principal.
|
|
||||||
// This is because the principal and node could be different.
|
if (aOriginPrincipal) {
|
||||||
rv = NS_NewChannelInternal(getter_AddRefs(channel),
|
// if there is an originPrincipal we should also have aBoundDocument
|
||||||
aDocumentURI,
|
NS_ASSERTION(aBoundDocument, "can not create a channel without aBoundDocument");
|
||||||
aBoundDocument,
|
rv = NS_NewChannelWithTriggeringPrincipal(getter_AddRefs(channel),
|
||||||
requestingPrincipal,
|
aDocumentURI,
|
||||||
nsILoadInfo::SEC_NORMAL,
|
aBoundDocument,
|
||||||
nsIContentPolicy::TYPE_OTHER,
|
aOriginPrincipal,
|
||||||
loadGroup);
|
nsILoadInfo::SEC_NORMAL,
|
||||||
|
nsIContentPolicy::TYPE_OTHER,
|
||||||
|
loadGroup);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
rv = NS_NewChannel(getter_AddRefs(channel),
|
||||||
|
aDocumentURI,
|
||||||
|
nsContentUtils::GetSystemPrincipal(),
|
||||||
|
nsILoadInfo::SEC_NORMAL,
|
||||||
|
nsIContentPolicy::TYPE_OTHER,
|
||||||
|
loadGroup);
|
||||||
|
}
|
||||||
|
|
||||||
NS_ENSURE_SUCCESS(rv, rv);
|
NS_ENSURE_SUCCESS(rv, rv);
|
||||||
|
|
||||||
|
@ -663,18 +663,18 @@ static nsresult NewImageChannel(nsIChannel **aResult,
|
|||||||
//
|
//
|
||||||
aLoadFlags |= nsIChannel::LOAD_CLASSIFY_URI;
|
aLoadFlags |= nsIChannel::LOAD_CLASSIFY_URI;
|
||||||
|
|
||||||
nsCOMPtr<nsIPrincipal> requestingPrincipal = aLoadingPrincipal;
|
nsCOMPtr<nsIPrincipal> triggeringPrincipal = aLoadingPrincipal;
|
||||||
bool isSandBoxed = false;
|
bool isSandBoxed = false;
|
||||||
// only inherit if we have a principal
|
// only inherit if we have a principal
|
||||||
bool inherit = false;
|
bool inherit = false;
|
||||||
if (requestingPrincipal) {
|
if (triggeringPrincipal) {
|
||||||
inherit = nsContentUtils::ChannelShouldInheritPrincipal(requestingPrincipal,
|
inherit = nsContentUtils::ChannelShouldInheritPrincipal(triggeringPrincipal,
|
||||||
aURI,
|
aURI,
|
||||||
false, // aInheritForAboutBlank
|
false, // aInheritForAboutBlank
|
||||||
false); // aForceInherit
|
false); // aForceInherit
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
requestingPrincipal = nsContentUtils::GetSystemPrincipal();
|
triggeringPrincipal = nsContentUtils::GetSystemPrincipal();
|
||||||
}
|
}
|
||||||
nsCOMPtr<nsINode> requestingNode = do_QueryInterface(aRequestingContext);
|
nsCOMPtr<nsINode> requestingNode = do_QueryInterface(aRequestingContext);
|
||||||
nsSecurityFlags securityFlags = nsILoadInfo::SEC_NORMAL;
|
nsSecurityFlags securityFlags = nsILoadInfo::SEC_NORMAL;
|
||||||
@ -682,19 +682,36 @@ static nsresult NewImageChannel(nsIChannel **aResult,
|
|||||||
securityFlags |= nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL;
|
securityFlags |= nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Note we are calling NS_NewChannelInternal() here with a node and a principal.
|
// Note we are calling NS_NewChannelWithTriggeringPrincipal() here with a node
|
||||||
// This is for things like background images that are specified by user
|
// and a principal. This is for things like background images that are specified
|
||||||
// stylesheets, where the document is being styled, but the principal is that
|
// by user stylesheets, where the document is being styled, but the principal
|
||||||
// of the user stylesheet.
|
// is that of the user stylesheet.
|
||||||
rv = NS_NewChannelInternal(aResult,
|
if (requestingNode) {
|
||||||
aURI,
|
rv = NS_NewChannelWithTriggeringPrincipal(aResult,
|
||||||
requestingNode,
|
aURI,
|
||||||
requestingPrincipal,
|
requestingNode,
|
||||||
securityFlags,
|
triggeringPrincipal,
|
||||||
aPolicyType,
|
securityFlags,
|
||||||
nullptr, // loadGroup
|
nsIContentPolicy::TYPE_IMAGE,
|
||||||
callbacks,
|
nullptr, // loadGroup
|
||||||
aLoadFlags);
|
callbacks,
|
||||||
|
aLoadFlags);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
// either we are loading something inside a document, in which case
|
||||||
|
// we should always have a requestingNode, or we are loading something
|
||||||
|
// outside a document, in which case the triggeringPrincipal
|
||||||
|
// should always be the systemPrincipal.
|
||||||
|
MOZ_ASSERT(nsContentUtils::IsSystemPrincipal(triggeringPrincipal));
|
||||||
|
rv = NS_NewChannel(aResult,
|
||||||
|
aURI,
|
||||||
|
triggeringPrincipal,
|
||||||
|
securityFlags,
|
||||||
|
nsIContentPolicy::TYPE_IMAGE,
|
||||||
|
nullptr, // loadGroup
|
||||||
|
callbacks,
|
||||||
|
aLoadFlags);
|
||||||
|
}
|
||||||
|
|
||||||
if (NS_FAILED(rv))
|
if (NS_FAILED(rv))
|
||||||
return rv;
|
return rv;
|
||||||
|
@ -389,17 +389,17 @@ FontFaceSet::StartLoad(gfxUserFontEntry* aUserFontEntry,
|
|||||||
nsCOMPtr<nsILoadGroup> loadGroup(ps->GetDocument()->GetDocumentLoadGroup());
|
nsCOMPtr<nsILoadGroup> loadGroup(ps->GetDocument()->GetDocumentLoadGroup());
|
||||||
|
|
||||||
nsCOMPtr<nsIChannel> channel;
|
nsCOMPtr<nsIChannel> channel;
|
||||||
// Note we are calling NS_NewChannelInternal() with both a node and a
|
// Note we are calling NS_NewChannelWithTriggeringPrincipal() with both a
|
||||||
// principal. This is because the document where the font is being loaded
|
// node and a principal. This is because the document where the font is
|
||||||
// might have a different origin from the principal of the stylesheet
|
// being loaded might have a different origin from the principal of the
|
||||||
// that initiated the font load.
|
// stylesheet that initiated the font load.
|
||||||
rv = NS_NewChannelInternal(getter_AddRefs(channel),
|
rv = NS_NewChannelWithTriggeringPrincipal(getter_AddRefs(channel),
|
||||||
aFontFaceSrc->mURI,
|
aFontFaceSrc->mURI,
|
||||||
ps->GetDocument(),
|
ps->GetDocument(),
|
||||||
aUserFontEntry->GetPrincipal(),
|
aUserFontEntry->GetPrincipal(),
|
||||||
nsILoadInfo::SEC_NORMAL,
|
nsILoadInfo::SEC_NORMAL,
|
||||||
nsIContentPolicy::TYPE_FONT,
|
nsIContentPolicy::TYPE_FONT,
|
||||||
loadGroup);
|
loadGroup);
|
||||||
|
|
||||||
NS_ENSURE_SUCCESS(rv, rv);
|
NS_ENSURE_SUCCESS(rv, rv);
|
||||||
|
|
||||||
@ -1185,16 +1185,16 @@ FontFaceSet::SyncLoadFontData(gfxUserFontEntry* aFontToLoad,
|
|||||||
if (!ps) {
|
if (!ps) {
|
||||||
return NS_ERROR_FAILURE;
|
return NS_ERROR_FAILURE;
|
||||||
}
|
}
|
||||||
// Note we are calling NS_NewChannelInternal() with both a node and a
|
// Note we are calling NS_NewChannelWithTriggeringPrincipal() with both a
|
||||||
// principal. This is because the document where the font is being loaded
|
// node and a principal. This is because the document where the font is
|
||||||
// might have a different origin from the principal of the stylesheet
|
// being loaded might have a different origin from the principal of the
|
||||||
// that initiated the font load.
|
// stylesheet that initiated the font load.
|
||||||
rv = NS_NewChannelInternal(getter_AddRefs(channel),
|
rv = NS_NewChannelWithTriggeringPrincipal(getter_AddRefs(channel),
|
||||||
aFontFaceSrc->mURI,
|
aFontFaceSrc->mURI,
|
||||||
ps->GetDocument(),
|
ps->GetDocument(),
|
||||||
aFontToLoad->GetPrincipal(),
|
aFontToLoad->GetPrincipal(),
|
||||||
nsILoadInfo::SEC_NORMAL,
|
nsILoadInfo::SEC_NORMAL,
|
||||||
nsIContentPolicy::TYPE_FONT);
|
nsIContentPolicy::TYPE_FONT);
|
||||||
|
|
||||||
NS_ENSURE_SUCCESS(rv, rv);
|
NS_ENSURE_SUCCESS(rv, rv);
|
||||||
|
|
||||||
|
@ -1424,8 +1424,8 @@ Loader::LoadSheet(SheetLoadData* aLoadData, StyleSheetState aSheetState)
|
|||||||
}
|
}
|
||||||
|
|
||||||
bool inherit = false;
|
bool inherit = false;
|
||||||
nsIPrincipal* requestingPrincipal = aLoadData->mLoaderPrincipal;
|
nsIPrincipal* triggeringPrincipal = aLoadData->mLoaderPrincipal;
|
||||||
if (requestingPrincipal) {
|
if (triggeringPrincipal) {
|
||||||
rv = NS_URIChainHasFlags(aLoadData->mURI,
|
rv = NS_URIChainHasFlags(aLoadData->mURI,
|
||||||
nsIProtocolHandler::URI_INHERITS_SECURITY_CONTEXT,
|
nsIProtocolHandler::URI_INHERITS_SECURITY_CONTEXT,
|
||||||
&inherit);
|
&inherit);
|
||||||
@ -1436,7 +1436,7 @@ Loader::LoadSheet(SheetLoadData* aLoadData, StyleSheetState aSheetState)
|
|||||||
CheckMayLoad(aLoadData->mURI, false, false))));
|
CheckMayLoad(aLoadData->mURI, false, false))));
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
requestingPrincipal = nsContentUtils::GetSystemPrincipal();
|
triggeringPrincipal = nsContentUtils::GetSystemPrincipal();
|
||||||
}
|
}
|
||||||
|
|
||||||
if (aLoadData->mSyncLoad) {
|
if (aLoadData->mSyncLoad) {
|
||||||
@ -1469,17 +1469,36 @@ Loader::LoadSheet(SheetLoadData* aLoadData, StyleSheetState aSheetState)
|
|||||||
// principal. This is because of a case where the node is the document
|
// principal. This is because of a case where the node is the document
|
||||||
// being styled and the principal is the stylesheet (perhaps from a
|
// being styled and the principal is the stylesheet (perhaps from a
|
||||||
// different origin) that is applying the styles.
|
// different origin) that is applying the styles.
|
||||||
rv = NS_OpenURIInternal(getter_AddRefs(stream),
|
if (aLoadData->mRequestingNode) {
|
||||||
aLoadData->mURI,
|
rv = NS_OpenURIWithTriggeringPrincipal(getter_AddRefs(stream),
|
||||||
aLoadData->mRequestingNode,
|
aLoadData->mURI,
|
||||||
requestingPrincipal,
|
aLoadData->mRequestingNode,
|
||||||
nsILoadInfo::SEC_NORMAL,
|
triggeringPrincipal,
|
||||||
nsIContentPolicy::TYPE_OTHER,
|
nsILoadInfo::SEC_NORMAL,
|
||||||
nullptr, // aLoadGroup
|
nsIContentPolicy::TYPE_OTHER,
|
||||||
nullptr, // aCallbacks
|
nullptr, // aLoadGroup
|
||||||
nsIRequest::LOAD_NORMAL,
|
nullptr, // aCallbacks
|
||||||
nullptr, // aIoService
|
nsIRequest::LOAD_NORMAL,
|
||||||
getter_AddRefs(channel));
|
nullptr, // aIoService
|
||||||
|
getter_AddRefs(channel));
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
// either we are loading something inside a document, in which case
|
||||||
|
// we should always have a requestingNode, or we are loading something
|
||||||
|
// outside a document, in which case the triggeringPrincipal
|
||||||
|
// should always be the systemPrincipal.
|
||||||
|
MOZ_ASSERT(nsContentUtils::IsSystemPrincipal(triggeringPrincipal));
|
||||||
|
rv = NS_OpenURI(getter_AddRefs(stream),
|
||||||
|
aLoadData->mURI,
|
||||||
|
triggeringPrincipal,
|
||||||
|
nsILoadInfo::SEC_NORMAL,
|
||||||
|
nsIContentPolicy::TYPE_OTHER,
|
||||||
|
nullptr, // aLoadGroup
|
||||||
|
nullptr, // aCallbacks
|
||||||
|
nsIRequest::LOAD_NORMAL,
|
||||||
|
nullptr, // aIoService
|
||||||
|
getter_AddRefs(channel));
|
||||||
|
}
|
||||||
|
|
||||||
if (NS_FAILED(rv)) {
|
if (NS_FAILED(rv)) {
|
||||||
LOG_ERROR((" Failed to open URI synchronously"));
|
LOG_ERROR((" Failed to open URI synchronously"));
|
||||||
@ -1560,20 +1579,38 @@ Loader::LoadSheet(SheetLoadData* aLoadData, StyleSheetState aSheetState)
|
|||||||
}
|
}
|
||||||
|
|
||||||
nsCOMPtr<nsIChannel> channel;
|
nsCOMPtr<nsIChannel> channel;
|
||||||
// Note we are calling NS_NewChannelInternal here with a node and a principal.
|
// Note we are calling NS_NewChannelWithTriggeringPrincipal here with a node
|
||||||
// This is because of a case where the node is the document being styled and
|
// and a principal. This is because of a case where the node is the document
|
||||||
// the principal is the stylesheet (perhaps from a different origin) that is
|
// being styled and the principal is the stylesheet (perhaps from a different
|
||||||
// applying the styles.
|
// origin) that is applying the styles.
|
||||||
rv = NS_NewChannelInternal(getter_AddRefs(channel),
|
if (aLoadData->mRequestingNode) {
|
||||||
aLoadData->mURI,
|
rv = NS_NewChannelWithTriggeringPrincipal(getter_AddRefs(channel),
|
||||||
aLoadData->mRequestingNode,
|
aLoadData->mURI,
|
||||||
requestingPrincipal,
|
aLoadData->mRequestingNode,
|
||||||
securityFlags,
|
triggeringPrincipal,
|
||||||
nsIContentPolicy::TYPE_STYLESHEET,
|
securityFlags,
|
||||||
loadGroup,
|
nsIContentPolicy::TYPE_STYLESHEET,
|
||||||
nullptr, // aCallbacks
|
loadGroup,
|
||||||
nsIChannel::LOAD_NORMAL |
|
nullptr, // aCallbacks
|
||||||
nsIChannel::LOAD_CLASSIFY_URI);
|
nsIChannel::LOAD_NORMAL |
|
||||||
|
nsIChannel::LOAD_CLASSIFY_URI);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
// either we are loading something inside a document, in which case
|
||||||
|
// we should always have a requestingNode, or we are loading something
|
||||||
|
// outside a document, in which case the triggeringPrincipal
|
||||||
|
// should always be the systemPrincipal.
|
||||||
|
MOZ_ASSERT(nsContentUtils::IsSystemPrincipal(triggeringPrincipal));
|
||||||
|
rv = NS_NewChannel(getter_AddRefs(channel),
|
||||||
|
aLoadData->mURI,
|
||||||
|
triggeringPrincipal,
|
||||||
|
securityFlags,
|
||||||
|
nsIContentPolicy::TYPE_STYLESHEET,
|
||||||
|
loadGroup,
|
||||||
|
nullptr, // aCallbacks
|
||||||
|
nsIChannel::LOAD_NORMAL |
|
||||||
|
nsIChannel::LOAD_CLASSIFY_URI);
|
||||||
|
}
|
||||||
|
|
||||||
if (NS_FAILED(rv)) {
|
if (NS_FAILED(rv)) {
|
||||||
#ifdef DEBUG
|
#ifdef DEBUG
|
||||||
|
@ -879,16 +879,15 @@ nsJARChannel::AsyncOpen(nsIStreamListener *listener, nsISupports *ctx)
|
|||||||
mLoadFlags & ~(LOAD_DOCUMENT_URI | LOAD_CALL_CONTENT_SNIFFERS));
|
mLoadFlags & ~(LOAD_DOCUMENT_URI | LOAD_CALL_CONTENT_SNIFFERS));
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
rv = NS_OpenURIInternal(mDownloader,
|
rv = NS_OpenURI(mDownloader,
|
||||||
nullptr, // aContext
|
nullptr, // aContext
|
||||||
mJarBaseURI,
|
mJarBaseURI,
|
||||||
nullptr, // aRequestingNode,
|
nsContentUtils::GetSystemPrincipal(),
|
||||||
nsContentUtils::GetSystemPrincipal(),
|
nsILoadInfo::SEC_NORMAL,
|
||||||
nsILoadInfo::SEC_NORMAL,
|
nsIContentPolicy::TYPE_OTHER,
|
||||||
nsIContentPolicy::TYPE_OTHER,
|
mLoadGroup,
|
||||||
mLoadGroup,
|
mCallbacks,
|
||||||
mCallbacks,
|
mLoadFlags & ~(LOAD_DOCUMENT_URI | LOAD_CALL_CONTENT_SNIFFERS));
|
||||||
mLoadFlags & ~(LOAD_DOCUMENT_URI | LOAD_CALL_CONTENT_SNIFFERS));
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else if (mOpeningRemote) {
|
} else if (mOpeningRemote) {
|
||||||
|
Loading…
Reference in New Issue
Block a user