Bug 1208756 - Introduce URI_FETCHABLE_BY_ANYONE and use it for moz-extension. r=bz

This matches the behavior described in
https://developer.chrome.com/extensions/manifest/web_accessible_resources
This commit is contained in:
Bobby Holley 2015-09-30 20:15:26 -07:00
parent ffb0e4b12f
commit 835d1674fe
3 changed files with 16 additions and 3 deletions

View File

@ -290,6 +290,12 @@ BasePrincipal::CheckMayLoad(nsIURI* aURI, bool aReport, bool aAllowIfInheritsPri
}
}
bool fetchableByAnyone;
rv = NS_URIChainHasFlags(aURI, nsIProtocolHandler::URI_FETCHABLE_BY_ANYONE, &fetchableByAnyone);
if (NS_SUCCEEDED(rv) && fetchableByAnyone) {
return NS_OK;
}
if (aReport) {
nsCOMPtr<nsIURI> prinURI;
rv = GetURI(getter_AddRefs(prinURI));

View File

@ -32,7 +32,7 @@ interface nsIProtocolHandlerWithDynamicFlags : nsISupports
/**
* nsIProtocolHandler
*/
[scriptable, uuid(3393c327-ce70-47f1-9be3-cc312e21c012)]
[scriptable, uuid(a87210e6-7c8c-41f7-864d-df809015193e)]
interface nsIProtocolHandler : nsISupports
{
/**
@ -287,6 +287,13 @@ interface nsIProtocolHandler : nsISupports
* by nsMixedContentBlocker
*/
const unsigned long URI_SAFE_TO_LOAD_IN_SECURE_CONTEXT = (1<<18);
/**
* This URI may be fetched and the contents are visible to anyone. This is
* semantically equivalent to the resource being served with all-access CORS
* headers.
*/
const unsigned long URI_FETCHABLE_BY_ANYONE = (1 << 19);
};
%{C++

View File

@ -21,7 +21,7 @@ nsresult
ExtensionProtocolHandler::GetFlagsForURI(nsIURI* aURI, uint32_t* aFlags)
{
// In general a moz-extension URI is only loadable by chrome, but a whitelisted
// subset are web-accessible. Check that whitelist.
// subset are web-accessible (and cross-origin fetchable). Check that whitelist.
nsCOMPtr<nsIAddonPolicyService> aps = do_GetService("@mozilla.org/addons/policy-service;1");
bool loadableByAnyone = false;
if (aps) {
@ -29,7 +29,7 @@ ExtensionProtocolHandler::GetFlagsForURI(nsIURI* aURI, uint32_t* aFlags)
NS_ENSURE_SUCCESS(rv, rv);
}
*aFlags = URI_STD | URI_IS_LOCAL_RESOURCE | (loadableByAnyone ? URI_LOADABLE_BY_ANYONE : URI_DANGEROUS_TO_LOAD);
*aFlags = URI_STD | URI_IS_LOCAL_RESOURCE | (loadableByAnyone ? (URI_LOADABLE_BY_ANYONE | URI_FETCHABLE_BY_ANYONE) : URI_DANGEROUS_TO_LOAD);
return NS_OK;
}