Bug 1600051 - Refactor GetURI usage in ReferrerInfo.cpp r=ckerschb

***

Differential Revision: https://phabricator.services.mozilla.com/D55120

--HG--
extra : moz-landing-system : lando

caps/BasePrincipal.cpp

@@ -416,6 +416,24 @@ BasePrincipal::IsThirdPartyPrincipal(nsIPrincipal* aPrin, bool* aRes) {
   return aPrin->IsThirdPartyURI(prinURI, aRes);
 }
 
+NS_IMETHODIMP
+BasePrincipal::IsSameOrigin(nsIURI* aURI, bool aIsPrivateWin, bool* aRes) {
+  *aRes = false;
+  nsCOMPtr<nsIURI> prinURI;
+  nsresult rv = GetURI(getter_AddRefs(prinURI));
+  if (NS_FAILED(rv) || !prinURI) {
+    return NS_OK;
+  }
+  nsIScriptSecurityManager* ssm = nsContentUtils::GetSecurityManager();
+  if (!ssm) {
+    return NS_ERROR_UNEXPECTED;
+    ;
+  }
+  *aRes =
+      NS_SUCCEEDED(ssm->CheckSameOriginURI(prinURI, aURI, aRes, aIsPrivateWin));
+  return NS_OK;
+}
+
 NS_IMETHODIMP
 BasePrincipal::GetIsNullPrincipal(bool* aResult) {
   *aResult = Kind() == eNullPrincipal;

caps/BasePrincipal.h

@@ -134,6 +134,8 @@ class BasePrincipal : public nsJSPrincipals {
   NS_IMETHOD IsThirdPartyURI(nsIURI* uri, bool* aRes) override;
   NS_IMETHOD IsThirdPartyPrincipal(nsIPrincipal* uri, bool* aRes) override;
   NS_IMETHOD GetIsOriginPotentiallyTrustworthy(bool* aResult) override;
+  NS_IMETHOD IsSameOrigin(nsIURI* aURI, bool aIsPrivateWin,
+                          bool* aRes) override;
 
   nsresult ToJSON(nsACString& aJSON);
   static already_AddRefed<BasePrincipal> FromJSON(const nsACString& aJSON);
@@ -259,10 +261,10 @@ class BasePrincipal : public nsJSPrincipals {
 
   // KeyValT holds a principal subtype-specific key value and the associated
   // parsed value after JSON parsing.
-  template<typename SerializedKey>
-  struct KeyValT
-  {
-    static_assert(sizeof(SerializedKey) == 1, "SerializedKey should be a uint8_t");
+  template <typename SerializedKey>
+  struct KeyValT {
+    static_assert(sizeof(SerializedKey) == 1,
+                  "SerializedKey should be a uint8_t");
     SerializedKey key;
     bool valueWasSerialized;
     nsCString value;

caps/nsIPrincipal.idl

@@ -237,6 +237,12 @@ interface nsIPrincipal : nsISerializable
     */
     bool IsURIInPrefList(in string pref);
 
+    /*
+    * Uses NS_Security Compare to determine if the
+    * other URI is same-origin as the uri of the Principal
+    */
+    bool IsSameOrigin(in nsIURI otherURI, in bool aIsPrivateWin);
+
     /**
      * Implementation of
      * https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy

dom/security/ReferrerInfo.cpp

@@ -473,17 +473,14 @@ nsresult ReferrerInfo::HandleUserReferrerSendingPolicy(nsIHttpChannel* aChannel,
 bool ReferrerInfo::IsCrossOriginRequest(nsIHttpChannel* aChannel) {
   nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
 
-  nsCOMPtr<nsIURI> triggeringURI;
-  loadInfo->TriggeringPrincipal()->GetURI(getter_AddRefs(triggeringURI));
-
-  if (!triggeringURI) {
+  if (!loadInfo->TriggeringPrincipal()->GetIsContentPrincipal()) {
     LOG(("no triggering URI via loadInfo, assuming load is cross-origin"));
     return true;
   }
 
   if (LOG_ENABLED()) {
     nsAutoCString triggeringURISpec;
-    triggeringURI->GetAsciiSpec(triggeringURISpec);
+    loadInfo->TriggeringPrincipal()->GetAsciiSpec(triggeringURISpec);
     LOG(("triggeringURI=%s\n", triggeringURISpec.get()));
   }
 
@@ -493,11 +490,14 @@ bool ReferrerInfo::IsCrossOriginRequest(nsIHttpChannel* aChannel) {
     return true;
   }
 
-  nsIScriptSecurityManager* ssm = nsContentUtils::GetSecurityManager();
   bool isPrivateWin = loadInfo->GetOriginAttributes().mPrivateBrowsingId > 0;
-
-  rv = ssm->CheckSameOriginURI(triggeringURI, uri, false, isPrivateWin);
-  return (NS_FAILED(rv));
+  bool isSameOrigin = false;
+  rv = loadInfo->TriggeringPrincipal()->IsSameOrigin(uri, isPrivateWin,
+                                                     &isSameOrigin);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return true;
+  }
+  return !isSameOrigin;
 }
 
 ReferrerInfo::TrimmingPolicy ReferrerInfo::ComputeTrimmingPolicy(