KotJohansson/UXP
1
0
Fork 0
mirror of https://github.com/roytam1/UXP.git synced 2026-05-26 14:54:25 +00:00
Code Issues Projects Releases Wiki Activity

Issue #2402 - Sanitize the nsIPrincipal used to register a service worker to ensure CSP is not persisted. https://bugzilla.mozilla.org/show_bug.cgi?id=1337543

Browse Source
This commit is contained in:
Brian Smith
2024-01-04 23:48:43 -06:00
committed by roytam1
parent 1e0851158e
commit bfa8ea9368
2 changed files with 36 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
dom/workers/ServiceWorkerManager.cpp
+31 -2
View File
@@ -3154,10 +3154,12 @@ already_AddRefed<ServiceWorkerRegistrationInfo>
ServiceWorkerManager::CreateNewRegistration(const nsCString& aScope,
nsIPrincipal* aPrincipal)
{
nsresult rv;
#ifdef DEBUG
AssertIsOnMainThread();
nsCOMPtr<nsIURI> scopeURI;
nsresult rv = NS_NewURI(getter_AddRefs(scopeURI), aScope, nullptr, nullptr);
rv = NS_NewURI(getter_AddRefs(scopeURI), aScope, nullptr, nullptr);
MOZ_ASSERT(NS_SUCCEEDED(rv));
RefPtr<ServiceWorkerRegistrationInfo> tmp =
@@ -3165,8 +3167,35 @@ ServiceWorkerManager::CreateNewRegistration(const nsCString& aScope,
MOZ_ASSERT(!tmp);
#endif
// The environment that registers the document may have some CSP applied
// to its principal. This should not be inherited by the registration
// itself or the worker it creates. To avoid confusion in callsites
// downstream we strip the CSP from the principal now.
//
// Unfortunately there is no API to clone a principal without its CSP. To
// achieve the same thing we serialize to the IPC PrincipalInfo type and
// back to an nsIPrincipal.
PrincipalInfo principalInfo;
rv = PrincipalToPrincipalInfo(aPrincipal, &principalInfo);
if (NS_WARN_IF(NS_FAILED(rv))) {
return nullptr;
}
nsCOMPtr<nsIPrincipal> cleanPrincipal =
PrincipalInfoToPrincipal(principalInfo, &rv);
if (NS_WARN_IF(NS_FAILED(rv))) {
return nullptr;
}
// Verify that we do not have any CSP set on our principal "clone".
#if defined(DEBUG) || !defined(RELEASE_OR_BETA)
nsCOMPtr<nsIContentSecurityPolicy> csp;
MOZ_ALWAYS_SUCCEEDS(cleanPrincipal->GetCsp(getter_AddRefs(csp)));
MOZ_DIAGNOSTIC_ASSERT(!csp);
#endif
RefPtr<ServiceWorkerRegistrationInfo> registration =
new ServiceWorkerRegistrationInfo(aScope, aPrincipal);
new ServiceWorkerRegistrationInfo(aScope, cleanPrincipal);
// From now on ownership of registration is with
// mServiceWorkerRegistrationInfos.
AddScopeAndRegistration(aScope, registration);
dom/workers/ServiceWorkerRegisterJob.cpp
+5
View File
@@ -52,6 +52,11 @@ ServiceWorkerRegisterJob::AsyncExecute()
}
} else {
registration = swm->CreateNewRegistration(mScope, mPrincipal);
if (!registration) {
FailUpdateJob(NS_ERROR_DOM_ABORT_ERR);
return;
}
}
SetRegistration(registration);