wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Bug 1223481 - Use the "potentially trustworthy origin" helper to validate Push server URLs. r=dragana

Browse Source
This commit is contained in:
Kit Cambridge 2015-11-10 10:50:46 -08:00
parent d79033e045
commit a97b29a4c6
9 changed files with 39 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
dom/push/PushService.jsm
View File

@ -27,6 +27,10 @@ const CONNECTION_PROTOCOLS = [PushServiceWebSocket, PushServiceHttp2];
XPCOMUtils.defineLazyModuleGetter(this, "AlarmService",
"resource://gre/modules/AlarmService.jsm");
XPCOMUtils.defineLazyServiceGetter(this, "gContentSecurityManager",
"@mozilla.org/contentsecuritymanager;1",
"nsIContentSecurityManager");
this.EXPORTED_SYMBOLS = ["PushService"];
XPCOMUtils.defineLazyGetter(this, "console", () => {
@ -327,16 +331,34 @@ this.PushService = {
}
},
_findService: function(serverURI) {
var uri;
var service;
if (serverURI) {
for (let connProtocol of CONNECTION_PROTOCOLS) {
uri = connProtocol.checkServerURI(serverURI);
if (uri) {
service = connProtocol;
break;
}
_findService: function(serverURL) {
console.debug("findService()");
let uri;
let service;
if (!serverURL) {
console.warn("findService: No dom.push.serverURL found");
return [];
}
try {
uri = Services.io.newURI(serverURL, null, null);
} catch (e) {
console.warn("findService: Error creating valid URI from",
"dom.push.serverURL", serverURL);
return [];
}
if (!gContentSecurityManager.isURIPotentiallyTrustworthy(uri)) {
console.warn("findService: Untrusted server URI", uri.spec);
return [];
}
for (let connProtocol of CONNECTION_PROTOCOLS) {
if (connProtocol.validServerURI(uri)) {
service = connProtocol;
break;
}
}
return [service, uri];
@ -428,22 +450,7 @@ this.PushService = {
if (options.serverURI) {
// this is use for xpcshell test.
var uri;
var service;
if (!options.service) {
for (let connProtocol of CONNECTION_PROTOCOLS) {
uri = connProtocol.checkServerURI(options.serverURI);
if (uri) {
service = connProtocol;
break;
}
}
} else {
try {
uri = Services.io.newURI(options.serverURI, null, null);
service = options.service;
} catch(e) {}
}
let [service, uri] = this._findService(options.serverURI);
if (!service) {
this._setState(PUSH_SERVICE_INIT);
return;

22
dom/push/PushServiceHttp2.jsm
View File

@ -441,26 +441,8 @@ this.PushServiceHttp2 = {
return this._mainPushService !== null;
},
checkServerURI: function(serverURL) {
if (!serverURL) {
console.warn("checkServerURI: No dom.push.serverURL found");
return;
}
let uri;
try {
uri = Services.io.newURI(serverURL, null, null);
} catch(e) {
console.warn("checkServerURI: Error creating valid URI from",
"dom.push.serverURL", serverURL);
return null;
}
if (uri.scheme !== "https") {
console.warn("checkServerURI: Unsupported scheme", uri.scheme);
return null;
}
return uri;
validServerURI: function(serverURI) {
return serverURI.scheme == "http" || serverURI.scheme == "https";
},
connect: function(subscriptions) {

22
dom/push/PushServiceWebSocket.jsm
View File

@ -203,26 +203,8 @@ this.PushServiceWebSocket = {
}
},
checkServerURI: function(serverURL) {
if (!serverURL) {
console.warn("checkServerURI: No dom.push.serverURL found");
return;
}
let uri;
try {
uri = Services.io.newURI(serverURL, null, null);
} catch(e) {
console.warn("checkServerURI: Error creating valid URI from",
"dom.push.serverURL", serverURL);
return null;
}
if (uri.scheme !== "wss") {
console.warn("checkServerURI: Unsupported websocket scheme", uri.scheme);
return null;
}
return uri;
validServerURI: function(serverURI) {
return serverURI.scheme == "ws" || serverURI.scheme == "wss";
},
get _UAID() {

1
dom/push/test/xpcshell/test_register_5xxCode_http2.js
View File

@ -79,7 +79,6 @@ add_task(function* test1() {
PushService.init({
serverURI: serverURL + "/subscribe5xxCode",
service: PushServiceHttp2,
db
});

1
dom/push/test/xpcshell/test_resubscribe_4xxCode_http2.js
View File

@ -83,7 +83,6 @@ add_task(function* test1() {
PushService.init({
serverURI: serverURL + "/subscribe",
service: PushServiceHttp2,
db
});

1
dom/push/test/xpcshell/test_resubscribe_5xxCode_http2.js
View File

@ -93,7 +93,6 @@ add_task(function* test1() {
PushService.init({
serverURI: serverURL + "/subscribe",
service: PushServiceHttp2,
db
});

1
dom/push/test/xpcshell/test_resubscribe_listening_for_msg_error_http2.js
View File

@ -88,7 +88,6 @@ add_task(function* test1() {
PushService.init({
serverURI: serverURL + "/subscribe",
service: PushServiceHttp2,
db
});

1
dom/push/test/xpcshell/test_updateRecordNoEncryptionKeys_http2.js
View File

@ -66,7 +66,6 @@ add_task(function* test1() {
PushService.init({
serverURI: serverURL + "/subscribe",
service: PushServiceHttp2,
db
});

3
dom/security/nsContentSecurityManager.cpp
View File

@ -425,7 +425,8 @@ nsContentSecurityManager::IsURIPotentiallyTrustworthy(nsIURI* aURI, bool* aIsTru
if (scheme.EqualsLiteral("https") ||
scheme.EqualsLiteral("file") ||
scheme.EqualsLiteral("app")) {
scheme.EqualsLiteral("app") ||
scheme.EqualsLiteral("wss")) {
*aIsTrustWorthy = true;
return NS_OK;
}