mirror of
https://github.com/roytam1/palemoon27.git
synced 2026-05-26 14:30:27 +00:00
roytam1
672546346d
- Bug 1261720 (part 1) - Separate js::ClassExtension from js::Class. r=jorendorff,bz. (6368952442)
- Bug 1261720 (part 2) - Move ClassExtension::isWrappedNative into js::Class::flags. r=jorendorff. (554fe695c2)
- Bug 1261723 (part 1) - Rename js::Class::ops as oOps. r=efaust. (e9dace574c)
- Bug 1261723 (part 2) - Separate class ops from js::Class. code=njn,h4writer. r=efaust,bz. (54bc06aec6)
- Bug 1263865 - Check the return value of GetSelfHostedFunction in ArraySpeciesCreate. r=efaust (cc6e1c0e50)
- Bug 1248948 - Don't pass non-SavedFrame objects to SavedFrame JSAPI functions; r=tromey r=evilpie (8c753c3c89)
- Bug 1260475 - Add an option to disable GC slices triggered by painting. r=terrence a=kwierso (df86be5e34)
- Bug 1263803 - Change AllocateArrayBuffer to receive byteLength instead of nelements. r=lth (751e333ff0)
- Bug 1264941 - Use byteLength of source typedArray in CloneArrayBuffer. r=lth (0095fce3aa)
- Bug 1263879 - Check the return value of AtomizeString in str_replace_string_raw. r=h4writer (31e1470bc3)
- Bug 1258453 - Compact arenas containing strings r=terrence (f6b4029d79)
- Bug 1245649: Turn on linebreak-style. r=Gijs (0bf309cb9d)
- Bug 1245649: Turn on no-irregular-whitespace and no-mixed-spaces-and-tabs. r=jaws (c6faaf67fd)
- Bug 1258095 - patch 1/3 - OSFileSystem should have the root == the directory root, r=smaug (8cf74899f4)
- Bug 1258095 - patch 2/3 - Implement Directory::GetPath() correctly, r=smaug (776f503c98)
- Bug 1258095 - patch 3/3 - Directory tasks should use FallibleArray, r=smaug (b4888c92b9)
- Bug 1258221 - patch 1 - File::CreateFromFile only for main-thread, r=smaug (c106b37cb4)
- Bug 1258056 - Propagate the window opener full page zoom across the IPC layer; r=smaug (511386589f)
- Bug 1248772 - Trigger a OS window focus in ServiceWorkerClients::OpenWindow. r=ehsan (feb322b9f0)
- Bug 1259707 - Fix confusion between desktop and CSS pixels when session-restore is constraining window to the available screen space. r=emk (def9cc918b)
- Bug 1222617 - Filter out service worker messages that happened before a page load;r=bkelly (c1c72c9bef)
- Bug 1232029 - Set some prefs that some tests rely on explicitly; r=bkelly (fed34543e8)
- Bug 1250266 - Always send a TTL in the Push mochitests. r=benbangert (43c7bde7b8)
- Bug 1244816 - Create PushService mock for mochitests backed by a mock web socket. r=kitcambridge (92270cbae5)
- Bug 1257395: Update comments for GCHashTable and GCPolicy. DONTBUILD r=terrence (fee0311ea0)
- Bug 1263772 - Use WeakCache wrapper to sweep BaseShape table; r=jonco (a0e015667c)
- Bug 1263777 - Use WeakCache to sweep the InitialShapeTable; r=jonco (84d1591585)
- Bug 1132502 (part 1) - Abort if compartmentStats is null during memory reporting. r=jandem. (bd144192b1)
- Bug 1132502 (part 2) - Don't call AddClassInfo() for BaseShapes. r=jandem. (10881fe48c)
- Bug 1259490 - Update the DtoA cache after compacting GC; r=jandem (6e3139501c)
- Bug 1257903 - Fix spurious GC hazard on a CLOSED TREE r=me (ce2935d8b2)
- Bug 1259042 - Re-introduce a version of ZoneCellIter for use under GC r=terrence (d1e4ca6e30)
- Bug 1259180 - Compact arenas containing scripts r=terrence (365d22ab00)
- Bug 1258407 - Limit GC heap growth parameters r=sfink (1c9ffb0e3f)
- Bug 1263966 - Compact arenas containing lazy scripts r=terrence (e22c571c37)
- Bug 1266107 - Update type descriptors first when compacting r=terrence (4c2ca98bb3)
- Bug 1266105 - Only purge runtime tables once per slice when compacting r=terrence (74e2977241)
- Bug 1263769 - Sweep WeakCaches in parallel; r=sfink (54b077b37b)
- Bug 1266107 - Track all existing typed object descriptor objects r=terrence (bc60425bf6)
- Bug 1260198 - Clear per-zone string cache after compacting r=terrence (c3002b8021)
- Bug 1259306 - Trace ShapeTables r=terrence (15abb48a33)
- Bug 1262203 - Skip shape table tracing where possible r=terrence (8a1ec15053)
- Bug 1164432 - Update test_try_registering_offline_disabled.html to use mock push server. r=kitcambridge (6d52de1a17)
- Bug 1263857 - Initialize the slots of the match result object before creating properties in generateRegExpMatcherStub. r=h4writer (802af47b3a)
- Bug 1263549 - Fix inlined RegExpPrototypeOptimizable and RegExpInstanceOptimizable. r=h4writer (5565bca590)
- Bug 1264998 - CodeGeneratorShared::assignBailoutId: Properly handle allocation errors. r=h4writer (258cbfc0b6)
- Bug 1257408 - Fix VS2015 C4312 warnings in js/src. r=nbp (d52a4d1fe7)
- Bug 1220466 - Don't build event region display items for pseudo stacking contexts, unless they are also an AGR. r=mstange (9f9a2c7eba)
- Bug 1220466 - Avoid doing unnecessary layer building work for inactive layers. r=mstange (372097e6df)
- Bug 1239151. Increase skia font cache size to 10mb on non-android platforms. r=lsalzman (8a2029da40)
- Bug 1255068 - Do not allow empty transaction transform changes if the scroll position has changed since the last paint. r=kats, r=mattwoodrow (f4a42e10c8)
- Bug 1255068 - Add a check for null scrollid. r=kats (3ddbb78fd3)
- Bug 1258910 - IonMonkey: MIPS: Implement float-point conditional move instructions. r=huangwenjun06 (b53499103b)
- Bug 1258910 - OdinMonkey: MIPS64: Implement AsmSelectI64. r=bbouvier (a36cfffa1d)
- Bug 1258910 - OdinMonkey: MIPS: Implement AsmSelect. r=bbouvier (e458724bc1)
- Bug 1254500 - IonMonkey: MIPS: Implement ma_ctz. r=arai (c8bfd7a6c9)
- Bug 1254500 - IonMonkey: MIPS: Implement CodeGeneratorMIPSShared::visitCtzI. r=arai (b65dad7d1b)
- Bug 1254500 - IonMonkey: MIPS: Implement CodeGeneratorMIPSShared::visitPopcntI. r=arai (58c00b603e)
- Bug 1258105 - Port object length stubs to CacheIR. r=efaust (ed0ec07678)
- Bug 1258301 - Use TraceNullableEdge for CacheIR pointers. r=jonco (3342ef24b4)
- Bug 1258327 - Part 1: Move ToAddress from CodeGeneratorMIPSShared to CodeGeneratorShared. r=hev (59e7494f02)
- Bug 1258327 - Part 2: Remove Operand variant from bailoutCmp32. r=nbp (c4609af383)
- Bug 1258327 - Part 3: Remove Operand variant from branch32 except x86-shared. r=nbp (dca4bc7577)
- Bug 1258327 - Part 4: Remove ToOperand call from arm CodeGenerator. r=jandem (395d7a004f)
- Bug 1258327 - Part 5: Remove dummy ToOperand definition from arm64 CodeGenerator. r=jandem (bc447cb6aa)
- Bug 1258327 - Part 6: Remove ToOperand call from mips-shared and mips64 CodeGenerator. r=hev (d01b028148)
- Bug 1258327 - Part 7: Move ToOperand from CodeGeneratorShared to CodeGeneratorX86Shared. r=nbp (71449d7c62)
- Bug 1248412 - Prevent immediate bailout from innermost for-of loops. r=h4writer (616897a580)
- Bug 1261326 - Fix a bogus assert. r=bhackett (ff715a7954)
- Bug 1260371 - Rearrange RelocationOverlay so that magic field does not overlay inline string chars r=terrence (f88fbb8927)
- Bug 1262203 - Do GC relocation writes in order; r=sfink (b82a25dd15)
- Bug 1247909 - Move MFunctionEnvironment after the entry resume points operands. r=h4writer (29d8d1c2df)
- Bug 1259925 - Port ModuleNamespace getprop stub to CacheIR. r=efaust (b31980bdc3)
- Bug 1232903 - Skip Security checks if triggeringPrincipal is SystemPrincipal (r=sicking) (b4c97b7ad0)
- Bug 1257650 - Skip Security checks if triggeringPrincipal is SystemPrincipal only for subresource loads. r=sicking (68df3ecbec)
- Bug 1264561 - Fix ClassOps::call and ClassOps::construct address calculation in visitIsCallable and visitIsConstructor. r=efaust (172037857b)
- Bug 1264823 - Add pre-barrier to the elements of mapIterationResultPair. r=jandem (b2e451c371)
- Bug 1263609: SharedStubs - Allow JSOP_POW in ion codegen ON CLOSED TREE, r=bbouvier (16bb4ca9af)
- Bug 1265159 - IonMonkey: Throw error when popping from an empty array in MArrayPopShift, r=jandem (e3a1b08614)
- Bug 1259392 - nail down isLockFree(4) for good. r=jolesen (72fa558eec)
- Bug 1244252 - Don't check object group generation when generating code to create unboxed objects off thread, r=terrence. (4191175759)
- Bug 1254578 - Fix OOM case when rematerializing frames. (r=jandem) (a213756a2b)
- Bug 1263139 - Apply ToString to non-standard flags argument of String.prototype.{match,search,replace}. r=till (91c8f6f592)
- Bug 1257810 - ReleaseAcquire should be adequate for a counter; r=sfink (e394a21b3d)
- Bug 1251833 - Part 4: Remove some unneeded qualification from GCRuntime and friends. r=terrence (e77de1a3ac)
- Bug 1260371 - Forward another pointer during TypedObject tracing to fix bustage r=me (24636e9463)
- Bug 1266107 - Simplify typed object tracing now type descriptors are traced first r=terrence (6872be4bfa)
- Bug 1248658 - Remove make targets for running mochitests; r=ted (b09a44e0ee)
- Bug 1251325 - Remove make targets for running xpcshell tests; r=ted.mielczarek (951e38d57a)
- Bug 1239808 - Rename test_packages.json to include package basename as prefix. r=chmanchester,jlund (a3af182b40)
- Bug 1240149 - Build system changes necessary to run linux artifact builds in automation. r=glandium (5195150922)
- Bug 992983 - Followup to make BUILD_GTEST consistent with the gtest makefile ifdef. r=chmanchester (a7041d3109)
- Bug 1197716 - On Android, include fonts in test profile; r=jmaher (324e5cd018)
- Bug 1252809 - Followup Bug 1239808 to handle spaces in MOZ_TEST_PACKAGES_FILE. r=jlund (e8e01ab651)
- Bug 1228674 - Handle filenames with spaces in 'define package_archive'. r=gps (198814ad26)
- Bug 1136841 - Fix rungtests.py to check for crashes in the correct directory. r=ahal (3d2f9d409b)
- Bug 1055224 - Run gtest output through a stack fixer. r=ahal (03f3267aff)
- Bug 1252931 - Add support for generic OBJDIR_FILES and OBJDIR_PP_FILES; r=gps (f58bf46f42)
- Bug 1259806 - Remove toolkit/components/ctypes/tests/Makefile.in; r=ted (f6e9d21bc5)
- Bug 1242051 - Extract support files processing from the emitter. r=gps (3587f9a995)
- Bug 1193264 - Add support for saving and reusing try strings in mach try, r=chmanchester (09618f6792)
- Bug 1204120 - Allow passing talos arguments to |mach try|, r=chmanchester (c8d1764539)
- Bug 1209188 - Add a mode to mach test to run impacted tests according to moz.build dependency info. r=ahal (034c4d665e)
- Bug 1233506 - Only accept positional arguments to mach try that are directories. r=jgraham (db96194381)
- Bug 1257659 - Fix |mach try| on Windows by normalizing before comparing paths. r=mshal (07847f0f5c)
- Bug 1184405 - Use file metadata from files changed in the current branch in mach try when no other arguments are present. r=jgraham (c3f4afe229)
- Bug 1209701 - Don't require platforms as input to |./mach try| if set in the environment. r=jgraham (e7220da349)
- Bug 1210068 - Fix a problem saving mach try expressions with a space in the try syntax, r=chmanchester (c6e3a3c7ce)
- Bug 1210481 - Fix interaction between saved try strings and platform environment variable in mach try, r=chmanchester (542ec46b3c)
- Bug 1203686 - Add git support to mach try's ability to find files changes on the current branch. r=jgraham (b52b34cada)
- Bug 1216950 - Add --list to |mach try| to display saved try strings, r=chmanchester (f640502eef)
- Bug 1219082 - Fix reference to "resolver_func" in mach try. r=jgraham (a03dee3471)
- Bug 1230596 - Allow running talos on specific platforms through mach try. r=jgraham (c5a265f1cb)
- Bug 1236382 - Add commonly used arguments to mach try, remove the extra arguments functionality. r=jgraham (3a5e8284dd)
- Bug 1163797 - Removing CommandArguments decorators from marionette-test mach command and making it use argparse from test harness. r=ahal (be09eb3249)
- Bug 1205687 - Add Mn test flavour and include tests in build manifests; r=jgraham (c787e6b415)
- Bug 1231806 - Fix continuation line under-indented for visual indent. r=ted (def9b1e5b1)
- Bug 1240767 - Handle incorrect test paths in 'mach robocop'; r=jmaher (eb2fc10a75)
- Bug 1242051 - Install test files to the objdir lazily rather than with each invocation of mach. r=gps (1aec3a08fa)
- Bug 969925 - Remove fennec_ids.txt from the build system. r=gbrown (68f3f6a36d)
- Bug 1260998 - Add support for HOST_CPPFLAGS for consistency. r=nalexander (9fe0ddee7e)
- Bug 1262569 - Do not print individual source targets being built; r=ted (4c868fbfba)
- Bug 1163224 - add build system support for multiple Rust crates; r=glandium (94f04fe5bb)
- Bug 1259381 - Don't add --with-ccache in mozconfigs doing --disable-compile-environment or --enable-artifact-builds. r=chmanchester (0e7341ca83)
- Bug 1158019 - Tests exercising the proposed behavior. r=gps (b6cbf89f77)
- Bug 1264697 - Change the format of all-tests.json to reduce redundant data. r=gps (5b9251717d)
- Bug 1197543 - Add --extra-mozinfo-json option in mochitest to filter tests for a given mozinfo file. r=ahal (1f5ffa32f7)
- Bug 1162226 - Fix mach mochitest regression on b2g desktop builds, r=chmanchester (b798d10069)
- Bug 1225903 - Drop support for b2g desktop in mochitest, r=jgriffin (db6fbacb62)
- Bug 1241907 - Grant runtime permissions before running browser tests; r=jmaher (a42195470c)
- Bug 1231806 - Fix abnormal blank lines quantity. r=ted (8265cfb312)
- Bug 1231806 - Useless import. r=ted (60a65cb9ee)
- Bug 1246719 - mach mochitest --valgrind: use comma as separator for --valgrind-args. r=james@hoppipolla.co.uk. (31ec40f673)
- Bug 1226291 - Add SpecialPowers API for importing a jsm into the main process. r=jmaher (74da83f9dd)
- Bug 1228060 - Allow resource://testing-common references in Android mochitests; r=jmaher (cf0b3ad998)
- Bug 1237465 - Work around Android 5.1+ permission restrictions by changing pushed directory permissions to rwx, r=gbrown. (d192121c32)
- Bug 1185969 - [mozdevice] Allow to use android preview releases. r=bc (17872e16e3)
- Bug 1168407 - Pre: Move roboextender under mobile/android/tests. (cec5c20aa1)
- Bug 1142734: Stop using Timer.jsm to avoid replacing the browser window setTimout and clearTimeout functions. r=jsantell (f2fb06a88a)
- Bug 1231784 - Install specialpowers and mochikit extensions at runtime via AddonManager.loadTemporaryAddon(), r=jgriffin (c010bc80bf)
- Bug 1247639 - Fix uncaught exception when running |mach mochitest| on Android, r=gbrown (d79f251595)
- Bug 1229348 - Add a "valgrind-plain" suite to all_mochitest_suites. r=cmanchester. (50a5bb3e41)
- Bug 1256984 - Indicate whether tests ran in e10s mode in the mochitest-* summary; r=mconley (3205aa53bf)
- Bug 1254059 - init MochitestBase.nsprLogs, r=jmaher (377d5cd836)
- Bug 1248711 - Make Mochitest NSPR upload work with --run-by-dir, r=jmaher (853a0c068f)
- Bug 1248565 - Make test infra use MOZ_LOG_FILE and MOZ_LOG_MODULES. r=jmaher (deaf345d0c)
- Bug 1190975 - Do not dump device info and logcat when running mochitest via mach; r=jmaher (87d33c7c87)
- Bug 1252582 - Remove graph server output from talos, only post perfherder_data. r=wlach (c7f9e34663)
- Bug 1253736 - when running talos in --develop mode, run addons from source, not the signed ones. r=wlach (ad07c75fc8)
- Bug 1182072 - deal with the graphics window that shows up on startup, r=jmaher (236161adfb)
- Bug 1253148: [webext] Cleanup running extensions on test failure. r=billm (2a9b4d4247)
- Bug 1143091 - restarting tests with --keep-open is hard. r=ted (73672c05e6)
- Bug 1229598 - Add a mode to browser-chrome tests to summarize per-test code coverage. r=ahal (54b73cfd91)
- Bug 1259382 - Get a full path to the compiler wrapper. r=ted (e1c4b33e8f)
- Bug 1261263 - Remove test for libstdc++ headers conflict with clang 3.3. r=froydnj (3d213b6ee8)
- Bug 1261263 - Switch from -std=gnu++0x to -std=gnu++11. r=froydnj (d70f6b3dcd)
- Bug 1259382 - Remove support for Intel C/C++ compiler. r=ted (f7a5f63a0c)
- Bug 1258175 - Remove broken -Wunreachable-code-return and -Wunreachable-code-aggressive checks. r=glandium (127f8be2e2)
- Bug 1105556 - Don't call CheckLoadURIWithPrincipal() in DoCheckLoadURIChecks() for TYPE_DOCUMENT loads where we don't have a loadingPrincipal. Ensure SEC_COOKIES_SAME_ORIGIN isn't set for TYPE_DOCUMENT loads in CheckChannel(). r=ckerschb, sicking (fbebbf1017)
- Bug 1195172 - Use channel->ascynOpen2 layout/style/FontFaceSet.cpp (r=bz,cam) (3e943da95c)
- Bug 1250986 - Make Request.referrer a USVString; r=bzbarsky (6987ab9838)
- Bug 1250987 - Make RequestInit.body nullable; r=bzbarsky (2496ebea1f)
- Bug 1251448 - Add support for RequestInit.referrer; r=jdm (dcf1a668f8)
- Bug 1250985 - Part 1: Add a way to identify whether a WebIDL dictionary has any members present; r=bzbarsky (7ddd6e8043)
- Bug 1250985 - Part 2: Prevent copy constructing a Request object with navigate mode if a RequestInit member is present; r=bzbarsky (24c8c1ca56)
- Bug 1184550 - Move the check for bodyUsed before the check for a null body so subsequent fetches with the same Request fail. r=bkelly (60837c04eb)
- Bug 1251872 - Part 1: Implement Request.referrerPolicy; r=jdm (bd024c0614)
- bug 1252687 - make Migration's ctor constexpr r=bz (793d608bcd)
- Bug 1251872 - Part 2: Store the Request referrerPolicy in the DOM Cache; r=bkelly (e1511c07a6)
- Bug 1251229 P2 Add wpt test verifying FetchEvent.request.url does not include fragments. r=ehsan (1d74e2491e)
- Bug 1251229 P1 Strip fragment from request URL when creating FetchEvent. r=ehsan (5faddecc78)
- Bug 1120715 - Part 4: Add tests for Request.cache; r=bkelly (81537bd125)
- Bug 1237455 P1 Make file_CrossSiteXHR_server.sjs check headers on redirects. r=ehsan (597fdf223d)
- Bug 1237455 P2 Test headers on redirects in fetch mochitests. r=ehsan (2a19ac6a44)
- Bug 1237455 P3 Add a version of test_fetch_cors that reroutes through an empty service worker. r=ehsan (0550d5e115)
- Bug 1205288 - implement and test fetch spec changes for blob scheme with non-GET method. r=bkelly (bb519b1c71)
- Bug 1237455 P4 Create helper method to set fetch request headers. r=ehsan (20266aa708)
- Bug 1237455 P5 Set headers on fetch() redirects. r=ehsan (95dcfe7f71)
- Bug 1120715 - Part 5: Treat a default cache mode Request with a revalidation header as no-store; r=bkelly (4182fded21)
- fix! (c3097a682a)
- Bug 1204520 - Remove unused return value from FetchDriver::FailWithNetworkError. r=jdm (ddd84df514)
- Bug 1253054 - Stop warning if request has already failed. r=bkelly (52eb17afd2)
- Bug 1176824 - Intermittent browser_test_web_manifest.js. r=ckerschb (b8c1fc5757)
- Bug 1242051 - Add inter-directory test support file dependencies to ini manifests. r=gps (5d06d6b00c)
- Bug 1250048 - CSP manifest-src doesn't override default-src. r=ckerschb,bkelly,ehsan (3d77b91226)
- Bug 1262624 Move service worker wpt tests out of mozilla dir so they will be upstreamed. r=jgraham (cf1f010cd2)
- Bug 1263469 P1 Set FetchEvent.request.cache value correctly for non-fetch channels. r=mayhemer (0fac232769)
- Bug 1263469 P2 Validate FetchEvent.request.cache in refresh mochitest. r=ehsan (de0db7da84)
- Bug 1263469 P3 Test FetchEvent.request.cache value on reload in wpt test. r=ehsan (8b4fc58d08)
- Bug 1263469 P4 Update test_eventsource_intercept.html to validate FetchEvent.request.cache. r=ehsan (81843666c0)
- Bug 1263469 P5 Add a wpt test case for EventSource. r=ehsan (a32cbbaf80)
- Bug 1265941 - Rename the ReferrerPolicy "origin-only" enum value to "origin"; r=jdm (1b1dfcebbc)t FetchEvent.request.cache value on reload in wpt test. r=ehsan (8b4fc58d08)
588 lines
20 KiB
C++
588 lines
20 KiB
C++
#include "nsContentSecurityManager.h"
|
|
#include "nsIChannel.h"
|
|
#include "nsIStreamListener.h"
|
|
#include "nsILoadInfo.h"
|
|
#include "nsContentUtils.h"
|
|
#include "nsCORSListenerProxy.h"
|
|
#include "nsIStreamListener.h"
|
|
|
|
#include "mozilla/dom/Element.h"
|
|
|
|
NS_IMPL_ISUPPORTS(nsContentSecurityManager,
|
|
nsIContentSecurityManager,
|
|
nsIChannelEventSink)
|
|
|
|
static nsresult
|
|
ValidateSecurityFlags(nsILoadInfo* aLoadInfo)
|
|
{
|
|
nsSecurityFlags securityMode = aLoadInfo->GetSecurityMode();
|
|
|
|
if (securityMode != nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS &&
|
|
securityMode != nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED &&
|
|
securityMode != nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS &&
|
|
securityMode != nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL &&
|
|
securityMode != nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS) {
|
|
MOZ_ASSERT(false, "need one securityflag from nsILoadInfo to perform security checks");
|
|
return NS_ERROR_FAILURE;
|
|
}
|
|
|
|
// all good, found the right security flags
|
|
return NS_OK;
|
|
}
|
|
|
|
static bool SchemeIs(nsIURI* aURI, const char* aScheme)
|
|
{
|
|
nsCOMPtr<nsIURI> baseURI = NS_GetInnermostURI(aURI);
|
|
NS_ENSURE_TRUE(baseURI, false);
|
|
|
|
bool isScheme = false;
|
|
return NS_SUCCEEDED(baseURI->SchemeIs(aScheme, &isScheme)) && isScheme;
|
|
}
|
|
|
|
static nsresult
|
|
DoCheckLoadURIChecks(nsIURI* aURI, nsILoadInfo* aLoadInfo)
|
|
{
|
|
// Bug 1228117: determine the correct security policy for DTD loads
|
|
if (aLoadInfo->GetExternalContentPolicyType() == nsIContentPolicy::TYPE_DTD) {
|
|
return NS_OK;
|
|
}
|
|
|
|
nsresult rv = NS_OK;
|
|
|
|
nsCOMPtr<nsIPrincipal> loadingPrincipal = aLoadInfo->LoadingPrincipal();
|
|
uint32_t flags = nsIScriptSecurityManager::STANDARD;
|
|
if (aLoadInfo->GetAllowChrome()) {
|
|
flags |= nsIScriptSecurityManager::ALLOW_CHROME;
|
|
}
|
|
|
|
// We don't have a loadingPrincipal for TYPE_DOCUMENT
|
|
if (aLoadInfo->GetExternalContentPolicyType() != nsIContentPolicy::TYPE_DOCUMENT) {
|
|
rv = nsContentUtils::GetSecurityManager()->
|
|
CheckLoadURIWithPrincipal(loadingPrincipal,
|
|
aURI,
|
|
flags);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
}
|
|
|
|
// If the loadingPrincipal and the triggeringPrincipal are different, then make
|
|
// sure the triggeringPrincipal is allowed to access that URI.
|
|
nsCOMPtr<nsIPrincipal> triggeringPrincipal = aLoadInfo->TriggeringPrincipal();
|
|
if (loadingPrincipal != triggeringPrincipal) {
|
|
rv = nsContentUtils::GetSecurityManager()->
|
|
CheckLoadURIWithPrincipal(triggeringPrincipal,
|
|
aURI,
|
|
flags);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
}
|
|
return NS_OK;
|
|
}
|
|
|
|
static bool
|
|
URIHasFlags(nsIURI* aURI, uint32_t aURIFlags)
|
|
{
|
|
bool hasFlags;
|
|
nsresult rv = NS_URIChainHasFlags(aURI, aURIFlags, &hasFlags);
|
|
NS_ENSURE_SUCCESS(rv, false);
|
|
|
|
return hasFlags;
|
|
}
|
|
|
|
static nsresult
|
|
DoSOPChecks(nsIURI* aURI, nsILoadInfo* aLoadInfo, nsIChannel* aChannel)
|
|
{
|
|
if (aLoadInfo->GetAllowChrome() &&
|
|
(URIHasFlags(aURI, nsIProtocolHandler::URI_IS_UI_RESOURCE) ||
|
|
SchemeIs(aURI, "moz-safe-about"))) {
|
|
// UI resources are allowed.
|
|
return DoCheckLoadURIChecks(aURI, aLoadInfo);
|
|
}
|
|
|
|
NS_ENSURE_FALSE(NS_HasBeenCrossOrigin(aChannel, true),
|
|
NS_ERROR_DOM_BAD_URI);
|
|
|
|
return NS_OK;
|
|
}
|
|
|
|
static nsresult
|
|
DoCORSChecks(nsIChannel* aChannel, nsILoadInfo* aLoadInfo,
|
|
nsCOMPtr<nsIStreamListener>& aInAndOutListener)
|
|
{
|
|
MOZ_RELEASE_ASSERT(aInAndOutListener, "can not perform CORS checks without a listener");
|
|
|
|
// No need to set up CORS if TriggeringPrincipal is the SystemPrincipal.
|
|
// For example, allow user stylesheets to load XBL from external files
|
|
// without requiring CORS.
|
|
if (nsContentUtils::IsSystemPrincipal(aLoadInfo->TriggeringPrincipal())) {
|
|
return NS_OK;
|
|
}
|
|
|
|
nsIPrincipal* loadingPrincipal = aLoadInfo->LoadingPrincipal();
|
|
RefPtr<nsCORSListenerProxy> corsListener =
|
|
new nsCORSListenerProxy(aInAndOutListener,
|
|
loadingPrincipal,
|
|
aLoadInfo->GetCookiePolicy() ==
|
|
nsILoadInfo::SEC_COOKIES_INCLUDE);
|
|
// XXX: @arg: DataURIHandling::Allow
|
|
// lets use DataURIHandling::Allow for now and then decide on callsite basis. see also:
|
|
// http://mxr.mozilla.org/mozilla-central/source/dom/security/nsCORSListenerProxy.h#33
|
|
nsresult rv = corsListener->Init(aChannel, DataURIHandling::Allow);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
aInAndOutListener = corsListener;
|
|
return NS_OK;
|
|
}
|
|
|
|
static nsresult
|
|
DoContentSecurityChecks(nsIURI* aURI, nsILoadInfo* aLoadInfo)
|
|
{
|
|
nsContentPolicyType contentPolicyType =
|
|
aLoadInfo->GetExternalContentPolicyType();
|
|
nsContentPolicyType internalContentPolicyType =
|
|
aLoadInfo->InternalContentPolicyType();
|
|
nsCString mimeTypeGuess;
|
|
nsCOMPtr<nsINode> requestingContext = nullptr;
|
|
|
|
switch(contentPolicyType) {
|
|
case nsIContentPolicy::TYPE_OTHER: {
|
|
mimeTypeGuess = EmptyCString();
|
|
requestingContext = aLoadInfo->LoadingNode();
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_SCRIPT: {
|
|
mimeTypeGuess = NS_LITERAL_CSTRING("application/javascript");
|
|
requestingContext = aLoadInfo->LoadingNode();
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_IMAGE: {
|
|
MOZ_ASSERT(false, "contentPolicyType not supported yet");
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_STYLESHEET: {
|
|
mimeTypeGuess = NS_LITERAL_CSTRING("text/css");
|
|
requestingContext = aLoadInfo->LoadingNode();
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_OBJECT:
|
|
case nsIContentPolicy::TYPE_DOCUMENT: {
|
|
MOZ_ASSERT(false, "contentPolicyType not supported yet");
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_SUBDOCUMENT: {
|
|
mimeTypeGuess = NS_LITERAL_CSTRING("text/html");
|
|
requestingContext = aLoadInfo->LoadingNode();
|
|
MOZ_ASSERT(!requestingContext ||
|
|
requestingContext->NodeType() == nsIDOMNode::DOCUMENT_NODE,
|
|
"type_subdocument requires requestingContext of type Document");
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_REFRESH: {
|
|
MOZ_ASSERT(false, "contentPolicyType not supported yet");
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_XBL: {
|
|
mimeTypeGuess = EmptyCString();
|
|
requestingContext = aLoadInfo->LoadingNode();
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_PING: {
|
|
mimeTypeGuess = EmptyCString();
|
|
requestingContext = aLoadInfo->LoadingNode();
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_XMLHTTPREQUEST: {
|
|
// alias nsIContentPolicy::TYPE_DATAREQUEST:
|
|
requestingContext = aLoadInfo->LoadingNode();
|
|
MOZ_ASSERT(!requestingContext ||
|
|
requestingContext->NodeType() == nsIDOMNode::DOCUMENT_NODE,
|
|
"type_xml requires requestingContext of type Document");
|
|
|
|
// We're checking for the external TYPE_XMLHTTPREQUEST here in case
|
|
// an addon creates a request with that type.
|
|
if (internalContentPolicyType ==
|
|
nsIContentPolicy::TYPE_INTERNAL_XMLHTTPREQUEST ||
|
|
internalContentPolicyType ==
|
|
nsIContentPolicy::TYPE_XMLHTTPREQUEST) {
|
|
mimeTypeGuess = EmptyCString();
|
|
}
|
|
else {
|
|
MOZ_ASSERT(internalContentPolicyType ==
|
|
nsIContentPolicy::TYPE_INTERNAL_EVENTSOURCE,
|
|
"can not set mime type guess for unexpected internal type");
|
|
mimeTypeGuess = NS_LITERAL_CSTRING(TEXT_EVENT_STREAM);
|
|
}
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_OBJECT_SUBREQUEST: {
|
|
mimeTypeGuess = EmptyCString();
|
|
requestingContext = aLoadInfo->LoadingNode();
|
|
MOZ_ASSERT(!requestingContext ||
|
|
requestingContext->NodeType() == nsIDOMNode::ELEMENT_NODE,
|
|
"type_subrequest requires requestingContext of type Element");
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_DTD: {
|
|
mimeTypeGuess = EmptyCString();
|
|
requestingContext = aLoadInfo->LoadingNode();
|
|
MOZ_ASSERT(!requestingContext ||
|
|
requestingContext->NodeType() == nsIDOMNode::DOCUMENT_NODE,
|
|
"type_dtd requires requestingContext of type Document");
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_FONT: {
|
|
mimeTypeGuess = EmptyCString();
|
|
requestingContext = aLoadInfo->LoadingNode();
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_MEDIA: {
|
|
if (internalContentPolicyType == nsIContentPolicy::TYPE_INTERNAL_TRACK) {
|
|
mimeTypeGuess = NS_LITERAL_CSTRING("text/vtt");
|
|
}
|
|
else {
|
|
mimeTypeGuess = EmptyCString();
|
|
}
|
|
requestingContext = aLoadInfo->LoadingNode();
|
|
MOZ_ASSERT(!requestingContext ||
|
|
requestingContext->NodeType() == nsIDOMNode::ELEMENT_NODE,
|
|
"type_media requires requestingContext of type Element");
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_WEBSOCKET: {
|
|
MOZ_ASSERT(false, "contentPolicyType not supported yet");
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_CSP_REPORT: {
|
|
mimeTypeGuess = EmptyCString();
|
|
requestingContext = aLoadInfo->LoadingNode();
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_XSLT: {
|
|
mimeTypeGuess = NS_LITERAL_CSTRING("application/xml");
|
|
requestingContext = aLoadInfo->LoadingNode();
|
|
MOZ_ASSERT(!requestingContext ||
|
|
requestingContext->NodeType() == nsIDOMNode::DOCUMENT_NODE,
|
|
"type_xslt requires requestingContext of type Document");
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_BEACON: {
|
|
mimeTypeGuess = EmptyCString();
|
|
requestingContext = aLoadInfo->LoadingNode();
|
|
MOZ_ASSERT(!requestingContext ||
|
|
requestingContext->NodeType() == nsIDOMNode::DOCUMENT_NODE,
|
|
"type_beacon requires requestingContext of type Document");
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_FETCH: {
|
|
mimeTypeGuess = EmptyCString();
|
|
requestingContext = aLoadInfo->LoadingNode();
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_IMAGESET: {
|
|
MOZ_ASSERT(false, "contentPolicyType not supported yet");
|
|
break;
|
|
}
|
|
|
|
case nsIContentPolicy::TYPE_WEB_MANIFEST: {
|
|
mimeTypeGuess = NS_LITERAL_CSTRING("application/manifest+json");
|
|
requestingContext = aLoadInfo->LoadingNode();
|
|
break;
|
|
}
|
|
|
|
default:
|
|
// nsIContentPolicy::TYPE_INVALID
|
|
MOZ_ASSERT(false, "can not perform security check without a valid contentType");
|
|
}
|
|
|
|
int16_t shouldLoad = nsIContentPolicy::ACCEPT;
|
|
nsresult rv = NS_CheckContentLoadPolicy(internalContentPolicyType,
|
|
aURI,
|
|
aLoadInfo->LoadingPrincipal(),
|
|
requestingContext,
|
|
mimeTypeGuess,
|
|
nullptr, //extra,
|
|
&shouldLoad,
|
|
nsContentUtils::GetContentPolicy(),
|
|
nsContentUtils::GetSecurityManager());
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
if (NS_CP_REJECTED(shouldLoad)) {
|
|
return NS_ERROR_CONTENT_BLOCKED;
|
|
}
|
|
return NS_OK;
|
|
}
|
|
|
|
/*
|
|
* Based on the security flags provided in the loadInfo of the channel,
|
|
* doContentSecurityCheck() performs the following content security checks
|
|
* before opening the channel:
|
|
*
|
|
* (1) Same Origin Policy Check (if applicable)
|
|
* (2) Allow Cross Origin but perform sanity checks whether a principal
|
|
* is allowed to access the following URL.
|
|
* (3) Perform CORS check (if applicable)
|
|
* (4) ContentPolicy checks (Content-Security-Policy, Mixed Content, ...)
|
|
*
|
|
* @param aChannel
|
|
* The channel to perform the security checks on.
|
|
* @param aInAndOutListener
|
|
* The streamListener that is passed to channel->AsyncOpen2() that is now potentially
|
|
* wrappend within nsCORSListenerProxy() and becomes the corsListener that now needs
|
|
* to be set as new streamListener on the channel.
|
|
*/
|
|
nsresult
|
|
nsContentSecurityManager::doContentSecurityCheck(nsIChannel* aChannel,
|
|
nsCOMPtr<nsIStreamListener>& aInAndOutListener)
|
|
{
|
|
NS_ENSURE_ARG(aChannel);
|
|
nsCOMPtr<nsILoadInfo> loadInfo = aChannel->GetLoadInfo();
|
|
|
|
if (!loadInfo) {
|
|
MOZ_ASSERT(false, "channel needs to have loadInfo to perform security checks");
|
|
return NS_ERROR_UNEXPECTED;
|
|
}
|
|
|
|
// if dealing with a redirected channel then we have already installed
|
|
// streamlistener and redirect proxies and so we are done.
|
|
if (loadInfo->GetInitialSecurityCheckDone()) {
|
|
return NS_OK;
|
|
}
|
|
|
|
// make sure that only one of the five security flags is set in the loadinfo
|
|
// e.g. do not require same origin and allow cross origin at the same time
|
|
nsresult rv = ValidateSecurityFlags(loadInfo);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
// since aChannel was openend using asyncOpen2() we have to make sure
|
|
// that redirects of that channel also get openend using asyncOpen2()
|
|
// please note that some implementations of ::AsyncOpen2 might already
|
|
// have set that flag to true (e.g. nsViewSourceChannel) in which case
|
|
// we just set the flag again.
|
|
rv = loadInfo->SetEnforceSecurity(true);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
if (loadInfo->GetSecurityMode() == nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS) {
|
|
rv = DoCORSChecks(aChannel, loadInfo, aInAndOutListener);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
}
|
|
|
|
rv = CheckChannel(aChannel);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
nsCOMPtr<nsIURI> finalChannelURI;
|
|
rv = NS_GetFinalChannelURI(aChannel, getter_AddRefs(finalChannelURI));
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
// Perform all ContentPolicy checks (MixedContent, CSP, ...)
|
|
rv = DoContentSecurityChecks(finalChannelURI, loadInfo);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
// now lets set the initalSecurityFlag for subsequent calls
|
|
rv = loadInfo->SetInitialSecurityCheckDone(true);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
// all security checks passed - lets allow the load
|
|
return NS_OK;
|
|
}
|
|
|
|
NS_IMETHODIMP
|
|
nsContentSecurityManager::AsyncOnChannelRedirect(nsIChannel* aOldChannel,
|
|
nsIChannel* aNewChannel,
|
|
uint32_t aRedirFlags,
|
|
nsIAsyncVerifyRedirectCallback *aCb)
|
|
{
|
|
nsCOMPtr<nsILoadInfo> loadInfo = aOldChannel->GetLoadInfo();
|
|
// Are we enforcing security using LoadInfo?
|
|
if (loadInfo && loadInfo->GetEnforceSecurity()) {
|
|
nsresult rv = CheckChannel(aNewChannel);
|
|
if (NS_FAILED(rv)) {
|
|
aOldChannel->Cancel(rv);
|
|
return rv;
|
|
}
|
|
}
|
|
|
|
// Also verify that the redirecting server is allowed to redirect to the
|
|
// given URI
|
|
nsCOMPtr<nsIPrincipal> oldPrincipal;
|
|
nsContentUtils::GetSecurityManager()->
|
|
GetChannelResultPrincipal(aOldChannel, getter_AddRefs(oldPrincipal));
|
|
|
|
nsCOMPtr<nsIURI> newURI;
|
|
aNewChannel->GetURI(getter_AddRefs(newURI));
|
|
nsCOMPtr<nsIURI> newOriginalURI;
|
|
aNewChannel->GetOriginalURI(getter_AddRefs(newOriginalURI));
|
|
|
|
NS_ENSURE_STATE(oldPrincipal && newURI && newOriginalURI);
|
|
|
|
const uint32_t flags =
|
|
nsIScriptSecurityManager::LOAD_IS_AUTOMATIC_DOCUMENT_REPLACEMENT |
|
|
nsIScriptSecurityManager::DISALLOW_SCRIPT;
|
|
nsresult rv = nsContentUtils::GetSecurityManager()->
|
|
CheckLoadURIWithPrincipal(oldPrincipal, newURI, flags);
|
|
if (NS_SUCCEEDED(rv) && newOriginalURI != newURI) {
|
|
rv = nsContentUtils::GetSecurityManager()->
|
|
CheckLoadURIWithPrincipal(oldPrincipal, newOriginalURI, flags);
|
|
}
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
aCb->OnRedirectVerifyCallback(NS_OK);
|
|
return NS_OK;
|
|
}
|
|
|
|
static void
|
|
AddLoadFlags(nsIRequest *aRequest, nsLoadFlags aNewFlags)
|
|
{
|
|
nsLoadFlags flags;
|
|
aRequest->GetLoadFlags(&flags);
|
|
flags |= aNewFlags;
|
|
aRequest->SetLoadFlags(flags);
|
|
}
|
|
|
|
/*
|
|
* Check that this channel passes all security checks. Returns an error code
|
|
* if this requesst should not be permitted.
|
|
*/
|
|
nsresult
|
|
nsContentSecurityManager::CheckChannel(nsIChannel* aChannel)
|
|
{
|
|
nsCOMPtr<nsILoadInfo> loadInfo = aChannel->GetLoadInfo();
|
|
MOZ_ASSERT(loadInfo);
|
|
|
|
nsCOMPtr<nsIURI> uri;
|
|
nsresult rv = NS_GetFinalChannelURI(aChannel, getter_AddRefs(uri));
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
// Handle cookie policies
|
|
uint32_t cookiePolicy = loadInfo->GetCookiePolicy();
|
|
if (cookiePolicy == nsILoadInfo::SEC_COOKIES_SAME_ORIGIN) {
|
|
|
|
// We shouldn't have the SEC_COOKIES_SAME_ORIGIN flag for top level loads
|
|
MOZ_ASSERT(loadInfo->GetExternalContentPolicyType() !=
|
|
nsIContentPolicy::TYPE_DOCUMENT);
|
|
nsIPrincipal* loadingPrincipal = loadInfo->LoadingPrincipal();
|
|
|
|
// It doesn't matter what we pass for the third, data-inherits, argument.
|
|
// Any protocol which inherits won't pay attention to cookies anyway.
|
|
rv = loadingPrincipal->CheckMayLoad(uri, false, false);
|
|
if (NS_FAILED(rv)) {
|
|
AddLoadFlags(aChannel, nsIRequest::LOAD_ANONYMOUS);
|
|
}
|
|
}
|
|
else if (cookiePolicy == nsILoadInfo::SEC_COOKIES_OMIT) {
|
|
AddLoadFlags(aChannel, nsIRequest::LOAD_ANONYMOUS);
|
|
}
|
|
|
|
nsSecurityFlags securityMode = loadInfo->GetSecurityMode();
|
|
|
|
// CORS mode is handled by nsCORSListenerProxy
|
|
if (securityMode == nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS) {
|
|
if (NS_HasBeenCrossOrigin(aChannel)) {
|
|
loadInfo->MaybeIncreaseTainting(LoadTainting::CORS);
|
|
}
|
|
return NS_OK;
|
|
}
|
|
|
|
// Allow subresource loads if TriggeringPrincipal is the SystemPrincipal.
|
|
// For example, allow user stylesheets to load XBL from external files.
|
|
if (nsContentUtils::IsSystemPrincipal(loadInfo->TriggeringPrincipal()) &&
|
|
loadInfo->GetExternalContentPolicyType() != nsIContentPolicy::TYPE_DOCUMENT &&
|
|
loadInfo->GetExternalContentPolicyType() != nsIContentPolicy::TYPE_SUBDOCUMENT) {
|
|
return NS_OK;
|
|
}
|
|
|
|
// if none of the REQUIRE_SAME_ORIGIN flags are set, then SOP does not apply
|
|
if ((securityMode == nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS) ||
|
|
(securityMode == nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED)) {
|
|
rv = DoSOPChecks(uri, loadInfo, aChannel);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
}
|
|
|
|
if ((securityMode == nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS) ||
|
|
(securityMode == nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL)) {
|
|
if (NS_HasBeenCrossOrigin(aChannel)) {
|
|
loadInfo->MaybeIncreaseTainting(LoadTainting::Opaque);
|
|
}
|
|
// Please note that DoCheckLoadURIChecks should only be enforced for
|
|
// cross origin requests. If the flag SEC_REQUIRE_CORS_DATA_INHERITS is set
|
|
// within the loadInfo, then then CheckLoadURIWithPrincipal is performed
|
|
// within nsCorsListenerProxy
|
|
rv = DoCheckLoadURIChecks(uri, loadInfo);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
}
|
|
|
|
return NS_OK;
|
|
}
|
|
|
|
// ==== nsIContentSecurityManager implementation =====
|
|
|
|
NS_IMETHODIMP
|
|
nsContentSecurityManager::PerformSecurityCheck(nsIChannel* aChannel,
|
|
nsIStreamListener* aStreamListener,
|
|
nsIStreamListener** outStreamListener)
|
|
{
|
|
nsCOMPtr<nsIStreamListener> inAndOutListener = aStreamListener;
|
|
nsresult rv = doContentSecurityCheck(aChannel, inAndOutListener);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
inAndOutListener.forget(outStreamListener);
|
|
return NS_OK;
|
|
}
|
|
|
|
NS_IMETHODIMP
|
|
nsContentSecurityManager::IsURIPotentiallyTrustworthy(nsIURI* aURI, bool* aIsTrustWorthy)
|
|
{
|
|
MOZ_ASSERT(NS_IsMainThread());
|
|
NS_ENSURE_ARG_POINTER(aURI);
|
|
NS_ENSURE_ARG_POINTER(aIsTrustWorthy);
|
|
|
|
*aIsTrustWorthy = false;
|
|
nsAutoCString scheme;
|
|
nsresult rv = aURI->GetScheme(scheme);
|
|
if (NS_FAILED(rv)) {
|
|
return NS_OK;
|
|
}
|
|
|
|
// According to the specification, the user agent may choose to extend the
|
|
// trust to other, vendor-specific URL schemes. We use this for "resource:",
|
|
// which is technically a substituting protocol handler that is not limited to
|
|
// local resource mapping, but in practice is never mapped remotely as this
|
|
// would violate assumptions a lot of code makes.
|
|
if (scheme.EqualsLiteral("https") ||
|
|
scheme.EqualsLiteral("file") ||
|
|
scheme.EqualsLiteral("resource") ||
|
|
scheme.EqualsLiteral("app") ||
|
|
scheme.EqualsLiteral("wss")) {
|
|
*aIsTrustWorthy = true;
|
|
return NS_OK;
|
|
}
|
|
|
|
nsAutoCString host;
|
|
rv = aURI->GetHost(host);
|
|
if (NS_FAILED(rv)) {
|
|
return NS_OK;
|
|
}
|
|
|
|
if (host.Equals("127.0.0.1") ||
|
|
host.Equals("localhost") ||
|
|
host.Equals("::1")) {
|
|
*aIsTrustWorthy = true;
|
|
return NS_OK;
|
|
}
|
|
return NS_OK;
|
|
}
|