mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
bug 662692 - Do not allow mixed-content WebSockets r=smaug
This commit is contained in:
parent
0dc1e3045c
commit
58c63edee3
@ -1351,6 +1351,18 @@ nsWebSocket::Init(nsIPrincipal* aPrincipal,
|
||||
rv = ParseURL(PromiseFlatString(aURL));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
// Don't allow https:// to open ws://
|
||||
nsCOMPtr<nsIURI> originURI;
|
||||
PRBool originHTTPS;
|
||||
if (!mSecure &&
|
||||
!Preferences::GetBool("network.websocket.allowInsecureFromHTTPS",
|
||||
PR_FALSE) &&
|
||||
NS_SUCCEEDED(NS_NewURI(getter_AddRefs(originURI), mUTF16Origin)) &&
|
||||
NS_SUCCEEDED(originURI->SchemeIs("https", &originHTTPS)) &&
|
||||
originHTTPS) {
|
||||
return NS_ERROR_DOM_SECURITY_ERR;
|
||||
}
|
||||
|
||||
// sets the protocol
|
||||
if (!aProtocol.IsEmpty()) {
|
||||
rv = SetProtocol(PromiseFlatString(aProtocol));
|
||||
|
@ -817,6 +817,10 @@ pref("network.websocket.extensions.stream-deflate", true);
|
||||
// one time.
|
||||
pref("network.websocket.max-connections", 200);
|
||||
|
||||
// by default scripts loaded from a https:// origin can only open secure
|
||||
// (i.e. wss://) websockets.
|
||||
pref("network.websocket.allowInsecureFromHTTPS", false);
|
||||
|
||||
// </ws>
|
||||
|
||||
// Server-Sent Events
|
||||
|
Loading…
Reference in New Issue
Block a user