mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
Bug 1077529 - Update Trusted Hosted Apps r=fabrice
Verify manifest of trusted hosted app on update instead of just overwriting it. --- dom/apps/TrustedHostedAppsUtils.jsm | 8 ++++---- dom/apps/Webapps.jsm | 26 +++++++++++++++++++++----- 2 files changed, 25 insertions(+), 9 deletions(-)
This commit is contained in:
parent
a2fcf407bf
commit
3322f49403
@ -254,19 +254,19 @@ this.TrustedHostedAppsUtils = {
|
||||
return deferred.promise;
|
||||
},
|
||||
|
||||
verifyManifest: function(aData) {
|
||||
verifyManifest: function(aApp, aAppId, aManifest) {
|
||||
return new Promise((resolve, reject) => {
|
||||
// sanity check on manifest host's CA (proper CA check with
|
||||
// pinning is done by regular networking code)
|
||||
if (!this.isHostPinned(aData.app.manifestURL)) {
|
||||
if (!this.isHostPinned(aApp.manifestURL)) {
|
||||
reject("TRUSTED_APPLICATION_HOST_CERTIFICATE_INVALID");
|
||||
return;
|
||||
}
|
||||
if (!this.verifyCSPWhiteList(aData.app.manifest.csp)) {
|
||||
if (!this.verifyCSPWhiteList(aManifest.csp)) {
|
||||
reject("TRUSTED_APPLICATION_WHITELIST_VALIDATION_FAILED");
|
||||
return;
|
||||
}
|
||||
this.verifySignedManifest(aData.app, aData.appId).then(resolve, reject);
|
||||
this.verifySignedManifest(aApp, aAppId).then(resolve, reject);
|
||||
});
|
||||
}
|
||||
};
|
||||
|
@ -2001,8 +2001,24 @@ this.DOMApplicationRegistry = {
|
||||
} else {
|
||||
// Update only the appcache if the manifest has not changed
|
||||
// based on the hash value.
|
||||
this.updateHostedApp(aData, id, app, oldManifest,
|
||||
oldHash == hash ? null : manifest);
|
||||
if (oldHash == hash) {
|
||||
debug("Update - oldhash");
|
||||
this.updateHostedApp(aData, id, app, oldManifest, null);
|
||||
return;
|
||||
}
|
||||
|
||||
// For hosted apps and hosted apps with appcache, use the
|
||||
// manifest "as is".
|
||||
if (this.kTrustedHosted !== this.appKind(app, app.manifest)) {
|
||||
this.updateHostedApp(aData, id, app, oldManifest, manifest);
|
||||
return;
|
||||
}
|
||||
|
||||
// For trusted hosted apps, verify the manifest before
|
||||
// installation.
|
||||
TrustedHostedAppsUtils.verifyManifest(app, id, manifest)
|
||||
.then(() => this.updateHostedApp(aData, id, app, oldManifest, manifest),
|
||||
sendError);
|
||||
}
|
||||
}
|
||||
} else if (xhr.status == 304) {
|
||||
@ -2326,8 +2342,8 @@ this.DOMApplicationRegistry = {
|
||||
installApp();
|
||||
return;
|
||||
}
|
||||
TrustedHostedAppsUtils.verifyManifest(aData)
|
||||
.then(installApp, sendError);
|
||||
TrustedHostedAppsUtils.verifyManifest(aData.app, aData.appId, app.manifest)
|
||||
.then(installApp, sendError);
|
||||
} else {
|
||||
debug("Installed manifest check failed");
|
||||
// checkManifest() sends error before return
|
||||
@ -2361,7 +2377,7 @@ this.DOMApplicationRegistry = {
|
||||
}
|
||||
|
||||
debug("App kind: " + this.kTrustedHosted);
|
||||
TrustedHostedAppsUtils.verifyManifest(aData)
|
||||
TrustedHostedAppsUtils.verifyManifest(aData.app, aData.appId, app.manifest)
|
||||
.then(installApp, sendError);
|
||||
return;
|
||||
} else {
|
||||
|
Loading…
Reference in New Issue
Block a user