Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-12-02 01:48:05 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1615259 - Refactor GetUri in WorkerLoadInfo.cpp r=ckerschb

Browse Source 
Differential Revision: https://phabricator.services.mozilla.com/D62737

--HG--
extra : moz-landing-system : lando
This commit is contained in:
Sebastian Streich 2020-02-26 13:52:01 +00:00
parent 43803c34ee
commit d694e543b1
4 changed files with 28 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
caps/BasePrincipal.cpp
View File

@ -485,6 +485,17 @@ BasePrincipal::IsSameOrigin(nsIURI* aURI, bool aIsPrivateWin, bool* aRes) {
ssm->CheckSameOriginURI(prinURI, aURI, false, aIsPrivateWin));
return NS_OK;
}
NS_IMETHODIMP
BasePrincipal::AllowsRelaxStrictFileOriginPolicy(nsIURI* aURI, bool* aRes) {
*aRes = false;
nsCOMPtr<nsIURI> prinURI;
nsresult rv = GetURI(getter_AddRefs(prinURI));
if (NS_FAILED(rv) || !prinURI) {
return NS_OK;
}
*aRes = NS_RelaxStrictFileOriginPolicy(aURI, prinURI);
return NS_OK;
}
NS_IMETHODIMP
BasePrincipal::GetPrefLightCacheKey(nsIURI* aURI, bool aWithCredentials,

2
caps/BasePrincipal.h
View File

@ -146,7 +146,7 @@ class BasePrincipal : public nsJSPrincipals {
NS_IMETHOD GetPrefLightCacheKey(nsIURI* aURI, bool aWithCredentials,
nsACString& _retval) override;
NS_IMETHOD GetAsciiHost(nsACString& aAsciiHost) override;
NS_IMETHOD AllowsRelaxStrictFileOriginPolicy(nsIURI* aURI, bool* aRes);
nsresult ToJSON(nsACString& aJSON);
static already_AddRefed<BasePrincipal> FromJSON(const nsACString& aJSON);
// Method populates a passed Json::Value with serializable fields

6
caps/nsIPrincipal.idl
View File

@ -286,6 +286,12 @@ interface nsIPrincipal : nsISerializable
*/
bool isSameOrigin(in nsIURI otherURI, in bool aIsPrivateWin);
/*
* Checks if the Principal is allowed to load the Provided file:// URI
* using NS_RelaxStrictFileOriginPolicy
*/
bool allowsRelaxStrictFileOriginPolicy(in nsIURI aURI);
/*
* Generates a Cache-Key for the Cors-Preflight Cache

17
dom/workers/WorkerLoadInfo.cpp
View File

@ -324,21 +324,24 @@ bool WorkerLoadInfo::PrincipalURIMatchesScriptURL() {
return true;
}
nsCOMPtr<nsIURI> principalURI;
rv = mPrincipal->GetURI(getter_AddRefs(principalURI));
NS_ENSURE_SUCCESS(rv, false);
NS_ENSURE_TRUE(principalURI, false);
bool isSameOrigin = false;
rv = mPrincipal->IsSameOrigin(mBaseURI, false, &isSameOrigin);
if (nsScriptSecurityManager::SecurityCompareURIs(mBaseURI, principalURI)) {
if (NS_SUCCEEDED(rv) && isSameOrigin) {
return true;
}
// If strict file origin policy is in effect, local files will always fail
// SecurityCompareURIs unless they are identical. Explicitly check file origin
// IsSameOrigin unless they are identical. Explicitly check file origin
// policy, in that case.
bool allowsRelaxedOriginPolicy = false;
rv = mPrincipal->AllowsRelaxStrictFileOriginPolicy(
mBaseURI, &allowsRelaxedOriginPolicy);
if (nsScriptSecurityManager::GetStrictFileOriginPolicy() &&
NS_URIIsLocalFile(mBaseURI) &&
NS_RelaxStrictFileOriginPolicy(mBaseURI, principalURI)) {
(NS_SUCCEEDED(rv) && allowsRelaxedOriginPolicy)) {
return true;
}