roytam1/basilisk55
1
0
Fork 0
mirror of https://github.com/roytam1/basilisk55.git synced 2026-05-26 15:02:46 +00:00
Code Issues Projects Releases Wiki Activity

import from UXP: Issue #2578 - Part 1: Implement preference for controlling same-origin policy (09b3c7a2)

Browse Source
This commit is contained in:
roytam1
2024-09-13 10:20:01 +08:00
parent 2fd028db26
commit 7f2684be23
3 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
caps/nsScriptSecurityManager.cpp
+7 -1
View File
@@ -76,6 +76,7 @@ nsIIOService *nsScriptSecurityManager::sIOService = nullptr;
nsIStringBundle *nsScriptSecurityManager::sStrBundle = nullptr;
JSContext *nsScriptSecurityManager::sContext = nullptr;
bool nsScriptSecurityManager::sStrictFileOriginPolicy = true;
bool nsScriptSecurityManager::sSameOriginPolicy = true;
///////////////////////////
// Convenience Functions //
@@ -545,7 +546,7 @@ nsScriptSecurityManager::CheckSameOriginURI(nsIURI* aSourceURI,
nsIURI* aTargetURI,
bool reportError)
{
if (!SecurityCompareURIs(aSourceURI, aTargetURI))
if (sSameOriginPolicy && !SecurityCompareURIs(aSourceURI, aTargetURI))
{
if (reportError) {
ReportError(nullptr, NS_LITERAL_STRING("CheckSameOriginError"),
@@ -1372,10 +1373,13 @@ nsScriptSecurityManager::CanGetService(JSContext *cx,
const char sJSEnabledPrefName[] = "javascript.enabled";
const char sFileOriginPolicyPrefName[] =
"security.fileuri.strict_origin_policy";
const char sSameOriginPolicyPrefName[] =
"security.same_origin_policy.enabled";
static const char* kObservedPrefs[] = {
sJSEnabledPrefName,
sFileOriginPolicyPrefName,
sSameOriginPolicyPrefName,
"capability.policy.",
nullptr
};
@@ -1531,6 +1535,8 @@ nsScriptSecurityManager::ScriptSecurityPrefChanged()
Preferences::GetBool(sJSEnabledPrefName, mIsJavaScriptEnabled);
sStrictFileOriginPolicy =
Preferences::GetBool(sFileOriginPolicyPrefName, false);
sSameOriginPolicy =
Preferences::GetBool(sSameOriginPolicyPrefName, true);
mFileURIWhitelist.reset();
}
caps/nsScriptSecurityManager.h
+1
View File
@@ -151,6 +151,7 @@ private:
}
static bool sStrictFileOriginPolicy;
static bool sSameOriginPolicy;
static nsIIOService *sIOService;
static nsIStringBundle *sStrBundle;
modules/libpref/init/all.js
+3
View File
@@ -1405,6 +1405,9 @@ pref("javascript.options.streams", true);
pref("advanced.mailftp", false);
pref("image.animation_mode", "normal");
// Same-origin policy for all URIs.
pref("security.same_origin_policy.enabled", true);
// Same-origin policy for file URIs, "false" is traditional
pref("security.fileuri.strict_origin_policy", true);