wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

bug 394390: Don't report bogus warnings to the error console when using cross-site xmlhttprequest. Patch by Surya Ismail <suryaismail@gmail.com>, r/sr=sicking

Browse Source
This commit is contained in:
jonas@sicking.cc 2007-10-26 18:46:09 -07:00
parent 3540fc7847
commit 903acf3ee6
12 changed files with 22 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
caps/idl/nsIScriptSecurityManager.idl
View File

@ -284,9 +284,12 @@ interface nsIScriptSecurityManager : nsIXPCSecurityManager
/**
* Returns OK if aSourceURI and target have the same "origin"
* (scheme, host, and port).
* ReportError flag suppresses error reports for functions that
* don't need reporting.
*/
void checkSameOriginURI(in nsIURI aSourceURI,
in nsIURI aTargetURI);
in nsIURI aTargetURI,
in boolean reportError);
/**
* Returns OK if aSourcePrincipal and aTargetPrincipal

7
caps/src/nsScriptSecurityManager.cpp
View File

@ -676,12 +676,15 @@ nsScriptSecurityManager::CheckSameOrigin(JSContext* cx,
NS_IMETHODIMP
nsScriptSecurityManager::CheckSameOriginURI(nsIURI* aSourceURI,
nsIURI* aTargetURI)
nsIURI* aTargetURI,
PRBool reportError)
{
if (!SecurityCompareURIs(aSourceURI, aTargetURI))
{
ReportError(nsnull, NS_LITERAL_STRING("CheckSameOriginError"),
if (reportError) {
ReportError(nsnull, NS_LITERAL_STRING("CheckSameOriginError"),
aSourceURI, aTargetURI);
}
return NS_ERROR_DOM_BAD_URI;
}
return NS_OK;

2
content/base/src/nsContentUtils.cpp
View File

@ -3643,7 +3643,7 @@ nsContentUtils::CheckSecurityBeforeLoad(nsIURI* aURIToLoad,
nsCOMPtr<nsIURI> loadingURI;
rv = aLoadingPrincipal->GetURI(getter_AddRefs(loadingURI));
NS_ENSURE_SUCCESS(rv, rv);
return sSecurityManager->CheckSameOriginURI(loadingURI, aURIToLoad);
return sSecurityManager->CheckSameOriginURI(loadingURI, aURIToLoad, PR_TRUE);
}
/* static */

2
content/base/src/nsCrossSiteListenerProxy.cpp
View File

@ -134,7 +134,7 @@ nsCrossSiteListenerProxy::OnStartRequest(nsIRequest* aRequest,
nsCOMPtr<nsIURI> finalURI;
channel->GetURI(getter_AddRefs(finalURI));
rv = nsContentUtils::GetSecurityManager()->
CheckSameOriginURI(mRequestingURI, finalURI);
CheckSameOriginURI(mRequestingURI, finalURI, PR_FALSE);
if (NS_SUCCEEDED(rv)) {
mAcceptState = eAccept;
return ForwardRequest(PR_FALSE);

4
content/base/src/nsSyncLoadService.cpp
View File

@ -194,7 +194,7 @@ nsSyncLoader::LoadDocument(nsIChannel* aChannel,
nsIScriptSecurityManager::STANDARD);
NS_ENSURE_SUCCESS(rv, rv);
rv = securityManager->CheckSameOriginURI(aLoaderURI, docURI);
rv = securityManager->CheckSameOriginURI(aLoaderURI, docURI, PR_TRUE);
NS_ENSURE_SUCCESS(rv, rv);
}
@ -378,7 +378,7 @@ nsSyncLoader::OnChannelRedirect(nsIChannel *aOldChannel,
nsIScriptSecurityManager *securityManager =
nsContentUtils::GetSecurityManager();
rv = securityManager->CheckSameOriginURI(oldURI, newURI);
rv = securityManager->CheckSameOriginURI(oldURI, newURI, PR_TRUE);
NS_ENSURE_SUCCESS(rv, rv);
mChannel = aNewChannel;

3
content/base/src/nsXMLHttpRequest.cpp
View File

@ -1150,7 +1150,8 @@ IsSameOrigin(nsIPrincipal* aPrincipal, nsIChannel* aChannel)
rv = aChannel->GetURI(getter_AddRefs(channelURI));
NS_ENSURE_SUCCESS(rv, rv);
rv = nsContentUtils::GetSecurityManager()->CheckSameOriginURI(codebase, channelURI);
rv = nsContentUtils::GetSecurityManager()->
CheckSameOriginURI(codebase, channelURI, PR_FALSE);
return NS_SUCCEEDED(rv);
}

2
content/xbl/src/nsXBLService.cpp
View File

@ -1111,7 +1111,7 @@ nsSameOriginChecker::OnChannelRedirect(nsIChannel *aOldChannel,
NS_ENSURE_SUCCESS(rv, rv);
return nsContentUtils::GetSecurityManager()->
CheckSameOriginURI(oldURI, newURI);
CheckSameOriginURI(oldURI, newURI, PR_TRUE);
}
NS_IMETHODIMP

2
content/xml/document/src/nsXMLContentSink.cpp
View File

@ -756,7 +756,7 @@ nsXMLContentSink::ProcessStyleLink(nsIContent* aElement,
nsIScriptSecurityManager::ALLOW_CHROME);
NS_ENSURE_SUCCESS(rv, NS_OK);
rv = secMan->CheckSameOriginURI(mDocumentURI, url);
rv = secMan->CheckSameOriginURI(mDocumentURI, url, PR_TRUE);
NS_ENSURE_SUCCESS(rv, NS_OK);
// Do content policy check

2
content/xslt/src/xslt/txMozillaStylesheetCompiler.cpp
View File

@ -393,7 +393,7 @@ txStylesheetSink::OnChannelRedirect(nsIChannel *aOldChannel,
rv = aNewChannel->GetURI(getter_AddRefs(newURI)); // The new URI
NS_ENSURE_SUCCESS(rv, rv);
return secMan->CheckSameOriginURI(oldURI, newURI);
return secMan->CheckSameOriginURI(oldURI, newURI, PR_TRUE);
}
NS_IMETHODIMP

2
content/xul/document/src/nsXULDocument.cpp
View File

@ -2608,7 +2608,7 @@ nsXULDocument::LoadOverlayInternal(nsIURI* aURI, PRBool aIsDynamic,
PRBool overlayIsChrome = IsChromeURI(aURI);
if (!IsChromeURI(mDocumentURI) && !overlayIsChrome) {
// Make sure we're allowed to load this overlay.
rv = secMan->CheckSameOriginURI(mDocumentURI, aURI);
rv = secMan->CheckSameOriginURI(mDocumentURI, aURI, PR_TRUE);
if (NS_FAILED(rv)) {
*aFailureFromContent = PR_TRUE;
return rv;

2
dom/src/base/nsJSEnvironment.cpp
View File

@ -427,7 +427,7 @@ NS_ScriptErrorReporter(JSContext *cx,
// URIs. See bug 387476.
sameOrigin =
NS_SUCCEEDED(sSecurityManager->
CheckSameOriginURI(errorURI, codebase));
CheckSameOriginURI(errorURI, codebase, PR_TRUE));
}
}

3
js/src/xpconnect/shell/xpcshell.cpp
View File

@ -1161,7 +1161,8 @@ FullTrustSecMan::CheckSameOrigin(JSContext * aJSContext, nsIURI *aTargetURI)
/* void checkSameOriginURI (in nsIURI aSourceURI, in nsIURI aTargetURI); */
NS_IMETHODIMP
FullTrustSecMan::CheckSameOriginURI(nsIURI *aSourceURI, nsIURI *aTargetURI)
FullTrustSecMan::CheckSameOriginURI(nsIURI *aSourceURI, nsIURI *aTargetURI,
PRBool reportError)
{
return NS_OK;
}