mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-21 01:05:45 +00:00
27c96362b9
There are several ways that expanded principals can be used as triggering principals for requests. While that works fine for security checks, it also sometimes causes them to be inherited, and used as result principals in contexts where expanded principals aren't allowed. This patch changes our inheritance behavior so that expanded principals are downgraded to the most appropriate constituent principal when they would otherwise be inherited. The logic for choosing the most appropriate principal is a bit suspect, and may eventually need to be changed to always select the last whitelist principal, but I chose it to preserve the current principal downgrade behavior used by XMLHttpRequest for the time being. MozReview-Commit-ID: 9fvAKr2e2fa --HG-- extra : rebase_source : c30df1b3851c11fed5a1d6a7fb158cec14933182
65 lines
2.4 KiB
C++
65 lines
2.4 KiB
C++
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
#ifndef ExpandedPrincipal_h
|
|
#define ExpandedPrincipal_h
|
|
|
|
#include "nsCOMPtr.h"
|
|
#include "nsJSPrincipals.h"
|
|
#include "nsTArray.h"
|
|
#include "nsNetUtil.h"
|
|
#include "mozilla/BasePrincipal.h"
|
|
|
|
class ExpandedPrincipal : public nsIExpandedPrincipal
|
|
, public mozilla::BasePrincipal
|
|
{
|
|
public:
|
|
static already_AddRefed<ExpandedPrincipal>
|
|
Create(nsTArray<nsCOMPtr<nsIPrincipal>>& aWhiteList,
|
|
const mozilla::OriginAttributes& aAttrs);
|
|
|
|
static PrincipalKind Kind() { return eExpandedPrincipal; }
|
|
|
|
NS_DECL_NSIEXPANDEDPRINCIPAL
|
|
NS_DECL_NSISERIALIZABLE
|
|
|
|
NS_IMETHOD_(MozExternalRefCountType) AddRef() override { return nsJSPrincipals::AddRef(); };
|
|
NS_IMETHOD_(MozExternalRefCountType) Release() override { return nsJSPrincipals::Release(); };
|
|
NS_IMETHOD QueryInterface(REFNSIID aIID, void** aInstancePtr) override;
|
|
NS_IMETHOD GetHashValue(uint32_t* aHashValue) override;
|
|
NS_IMETHOD GetURI(nsIURI** aURI) override;
|
|
NS_IMETHOD GetDomain(nsIURI** aDomain) override;
|
|
NS_IMETHOD SetDomain(nsIURI* aDomain) override;
|
|
NS_IMETHOD GetBaseDomain(nsACString& aBaseDomain) override;
|
|
NS_IMETHOD GetAddonId(nsAString& aAddonId) override;
|
|
virtual bool AddonHasPermission(const nsAtom* aPerm) override;
|
|
virtual nsresult GetScriptLocation(nsACString &aStr) override;
|
|
|
|
// Returns the principal to inherit when this principal requests the given
|
|
// URL. See BasePrincipal::PrincipalToInherit.
|
|
nsIPrincipal* PrincipalToInherit(nsIURI* aRequestedURI = nullptr,
|
|
bool aAllowIfInheritsPrincipal = true);
|
|
|
|
protected:
|
|
explicit ExpandedPrincipal(nsTArray<nsCOMPtr<nsIPrincipal>> &aWhiteList);
|
|
|
|
virtual ~ExpandedPrincipal();
|
|
|
|
bool SubsumesInternal(nsIPrincipal* aOther,
|
|
DocumentDomainConsideration aConsideration) override;
|
|
|
|
bool MayLoadInternal(nsIURI* aURI) override;
|
|
|
|
private:
|
|
nsTArray< nsCOMPtr<nsIPrincipal> > mPrincipals;
|
|
};
|
|
|
|
#define NS_EXPANDEDPRINCIPAL_CONTRACTID "@mozilla.org/expandedprincipal;1"
|
|
#define NS_EXPANDEDPRINCIPAL_CID \
|
|
{ 0xe8ee88b0, 0x5571, 0x4086, \
|
|
{ 0xa4, 0x5b, 0x39, 0xa7, 0x16, 0x90, 0x6b, 0xdb } }
|
|
|
|
#endif // ExpandedPrincipal_h
|