diff --git a/caps/BasePrincipal.cpp b/caps/BasePrincipal.cpp index 81fe93299d27..ccbfdef2d41e 100644 --- a/caps/BasePrincipal.cpp +++ b/caps/BasePrincipal.cpp @@ -416,6 +416,24 @@ BasePrincipal::IsThirdPartyPrincipal(nsIPrincipal* aPrin, bool* aRes) { return aPrin->IsThirdPartyURI(prinURI, aRes); } +NS_IMETHODIMP +BasePrincipal::IsSameOrigin(nsIURI* aURI, bool aIsPrivateWin, bool* aRes) { + *aRes = false; + nsCOMPtr prinURI; + nsresult rv = GetURI(getter_AddRefs(prinURI)); + if (NS_FAILED(rv) || !prinURI) { + return NS_OK; + } + nsIScriptSecurityManager* ssm = nsContentUtils::GetSecurityManager(); + if (!ssm) { + return NS_ERROR_UNEXPECTED; + ; + } + *aRes = + NS_SUCCEEDED(ssm->CheckSameOriginURI(prinURI, aURI, aRes, aIsPrivateWin)); + return NS_OK; +} + NS_IMETHODIMP BasePrincipal::GetIsNullPrincipal(bool* aResult) { *aResult = Kind() == eNullPrincipal; diff --git a/caps/BasePrincipal.h b/caps/BasePrincipal.h index 0521500e8f75..4f88b06ace0c 100644 --- a/caps/BasePrincipal.h +++ b/caps/BasePrincipal.h @@ -134,6 +134,8 @@ class BasePrincipal : public nsJSPrincipals { NS_IMETHOD IsThirdPartyURI(nsIURI* uri, bool* aRes) override; NS_IMETHOD IsThirdPartyPrincipal(nsIPrincipal* uri, bool* aRes) override; NS_IMETHOD GetIsOriginPotentiallyTrustworthy(bool* aResult) override; + NS_IMETHOD IsSameOrigin(nsIURI* aURI, bool aIsPrivateWin, + bool* aRes) override; nsresult ToJSON(nsACString& aJSON); static already_AddRefed FromJSON(const nsACString& aJSON); @@ -259,10 +261,10 @@ class BasePrincipal : public nsJSPrincipals { // KeyValT holds a principal subtype-specific key value and the associated // parsed value after JSON parsing. - template - struct KeyValT - { - static_assert(sizeof(SerializedKey) == 1, "SerializedKey should be a uint8_t"); + template + struct KeyValT { + static_assert(sizeof(SerializedKey) == 1, + "SerializedKey should be a uint8_t"); SerializedKey key; bool valueWasSerialized; nsCString value; diff --git a/caps/nsIPrincipal.idl b/caps/nsIPrincipal.idl index 3d4ce3859e00..8a8dee223128 100644 --- a/caps/nsIPrincipal.idl +++ b/caps/nsIPrincipal.idl @@ -237,6 +237,12 @@ interface nsIPrincipal : nsISerializable */ bool IsURIInPrefList(in string pref); + /* + * Uses NS_Security Compare to determine if the + * other URI is same-origin as the uri of the Principal + */ + bool IsSameOrigin(in nsIURI otherURI, in bool aIsPrivateWin); + /** * Implementation of * https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy diff --git a/dom/security/ReferrerInfo.cpp b/dom/security/ReferrerInfo.cpp index 8208b7208d2f..a15be66f30c9 100644 --- a/dom/security/ReferrerInfo.cpp +++ b/dom/security/ReferrerInfo.cpp @@ -473,17 +473,14 @@ nsresult ReferrerInfo::HandleUserReferrerSendingPolicy(nsIHttpChannel* aChannel, bool ReferrerInfo::IsCrossOriginRequest(nsIHttpChannel* aChannel) { nsCOMPtr loadInfo = aChannel->LoadInfo(); - nsCOMPtr triggeringURI; - loadInfo->TriggeringPrincipal()->GetURI(getter_AddRefs(triggeringURI)); - - if (!triggeringURI) { + if (!loadInfo->TriggeringPrincipal()->GetIsContentPrincipal()) { LOG(("no triggering URI via loadInfo, assuming load is cross-origin")); return true; } if (LOG_ENABLED()) { nsAutoCString triggeringURISpec; - triggeringURI->GetAsciiSpec(triggeringURISpec); + loadInfo->TriggeringPrincipal()->GetAsciiSpec(triggeringURISpec); LOG(("triggeringURI=%s\n", triggeringURISpec.get())); } @@ -493,11 +490,14 @@ bool ReferrerInfo::IsCrossOriginRequest(nsIHttpChannel* aChannel) { return true; } - nsIScriptSecurityManager* ssm = nsContentUtils::GetSecurityManager(); bool isPrivateWin = loadInfo->GetOriginAttributes().mPrivateBrowsingId > 0; - - rv = ssm->CheckSameOriginURI(triggeringURI, uri, false, isPrivateWin); - return (NS_FAILED(rv)); + bool isSameOrigin = false; + rv = loadInfo->TriggeringPrincipal()->IsSameOrigin(uri, isPrivateWin, + &isSameOrigin); + if (NS_WARN_IF(NS_FAILED(rv))) { + return true; + } + return !isSameOrigin; } ReferrerInfo::TrimmingPolicy ReferrerInfo::ComputeTrimmingPolicy(