mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
Fixing bug 380418. Prevent XMLHttpRequest from reading HTTPOnly cookies. r+sr=jonas@sicking.cc, a=b2 blocker
This commit is contained in:
parent
3891561ee3
commit
3da6f6083b
@ -1560,6 +1560,17 @@ nsXMLHttpRequest::GetResponseHeader(const nsACString& header,
|
||||
nsresult rv = NS_OK;
|
||||
_retval.Truncate();
|
||||
|
||||
// See bug #380418. Hide "Set-Cookie" headers from non-chrome scripts.
|
||||
PRBool chrome = PR_FALSE; // default to false in case IsCapabilityEnabled fails
|
||||
IsCapabilityEnabled("UniversalXPConnect", &chrome);
|
||||
if (!chrome &&
|
||||
(header.LowerCaseEqualsASCII("set-cookie") ||
|
||||
header.LowerCaseEqualsASCII("set-cookie2"))) {
|
||||
NS_WARNING("blocked access to response header");
|
||||
_retval.SetIsVoid(PR_TRUE);
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
// Check for dangerous headers
|
||||
if (mState & XML_HTTP_REQUEST_USE_XSITE_AC) {
|
||||
|
||||
@ -3343,10 +3354,19 @@ NS_IMPL_ISUPPORTS1(nsXMLHttpRequest::nsHeaderVisitor, nsIHttpHeaderVisitor)
|
||||
NS_IMETHODIMP nsXMLHttpRequest::
|
||||
nsHeaderVisitor::VisitHeader(const nsACString &header, const nsACString &value)
|
||||
{
|
||||
mHeaders.Append(header);
|
||||
mHeaders.Append(": ");
|
||||
mHeaders.Append(value);
|
||||
mHeaders.Append('\n');
|
||||
// See bug #380418. Hide "Set-Cookie" headers from non-chrome scripts.
|
||||
PRBool chrome = PR_FALSE; // default to false in case IsCapabilityEnabled fails
|
||||
IsCapabilityEnabled("UniversalXPConnect", &chrome);
|
||||
if (!chrome &&
|
||||
(header.LowerCaseEqualsASCII("set-cookie") ||
|
||||
header.LowerCaseEqualsASCII("set-cookie2"))) {
|
||||
NS_WARNING("blocked access to response header");
|
||||
} else {
|
||||
mHeaders.Append(header);
|
||||
mHeaders.Append(": ");
|
||||
mHeaders.Append(value);
|
||||
mHeaders.Append('\n');
|
||||
}
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
|
@ -258,6 +258,8 @@ _TEST_FILES = test_bug5141.html \
|
||||
bug461735-redirect2.sjs \
|
||||
bug461735-post-redirect.js \
|
||||
test_bug461735.html \
|
||||
test_bug380418.html \
|
||||
test_bug380418.html^headers^ \
|
||||
$(NULL)
|
||||
|
||||
# Disabled for now. Mochitest isn't reliable enough for these.
|
||||
|
51
content/base/test/test_bug380418.html
Normal file
51
content/base/test/test_bug380418.html
Normal file
@ -0,0 +1,51 @@
|
||||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<!-- https://bugzilla.mozilla.org/show_bug.cgi?id=380418 -->
|
||||
<head>
|
||||
<title>Test for Bug 380418</title>
|
||||
<script type="text/javascript" src="/MochiKit/MochiKit.js"></script>
|
||||
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||
</head>
|
||||
<body>
|
||||
<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=380418">Mozilla Bug 380418</a>
|
||||
<p id="display"></p>
|
||||
<div id="content" style="display: none">
|
||||
|
||||
</div>
|
||||
<pre id="test">
|
||||
<script class="testbody" type="text/javascript">
|
||||
|
||||
SimpleTest.waitForExplicitFinish();
|
||||
|
||||
var request = new XMLHttpRequest();
|
||||
request.open("GET", window.location.href, false);
|
||||
request.send(null);
|
||||
|
||||
// Try reading headers in privileged context
|
||||
netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect UniversalBrowserRead");
|
||||
is(request.getResponseHeader("Set-Cookie"), "test", "Reading Set-Cookie response header in privileged context");
|
||||
is(request.getResponseHeader("Set-Cookie2"), "test2", "Reading Set-Cookie2 response header in privileged context");
|
||||
is(request.getResponseHeader("X-Dummy"), "test", "Reading X-Dummy response header in privileged context");
|
||||
|
||||
ok(/\bSet-Cookie:/i.test(request.getAllResponseHeaders()), "Looking for Set-Cookie in all response headers in privileged context");
|
||||
ok(/\bSet-Cookie2:/i.test(request.getAllResponseHeaders()), "Looking for Set-Cookie2 in all response headers in privileged context");
|
||||
ok(/\bX-Dummy:/i.test(request.getAllResponseHeaders()), "Looking for X-Dummy in all response headers in privileged context");
|
||||
|
||||
// Try reading headers in unprivileged context
|
||||
setTimeout(function() {
|
||||
is(request.getResponseHeader("Set-Cookie"), null, "Reading Set-Cookie response header in unprivileged context");
|
||||
is(request.getResponseHeader("Set-Cookie2"), null, "Reading Set-Cookie2 response header in unprivileged context");
|
||||
is(request.getResponseHeader("X-Dummy"), "test", "Reading X-Dummy response header in unprivileged context");
|
||||
|
||||
ok(!/\bSet-Cookie:/i.test(request.getAllResponseHeaders()), "Looking for Set-Cookie in all response headers in unprivileged context");
|
||||
ok(!/\bSet-Cookie2:/i.test(request.getAllResponseHeaders()), "Looking for Set-Cookie2 in all response headers in unprivileged context");
|
||||
ok(/\bX-Dummy:/i.test(request.getAllResponseHeaders()), "Looking for X-Dummy in all response headers in unprivileged context");
|
||||
|
||||
SimpleTest.finish();
|
||||
}, 0);
|
||||
|
||||
</script>
|
||||
</pre>
|
||||
</body>
|
||||
</html>
|
4
content/base/test/test_bug380418.html^headers^
Normal file
4
content/base/test/test_bug380418.html^headers^
Normal file
@ -0,0 +1,4 @@
|
||||
Set-Cookie: test
|
||||
Set-Cookie2: test2
|
||||
X-Dummy: test
|
||||
Cache-Control: max-age=0
|
Loading…
Reference in New Issue
Block a user