mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
Bug 1223481 - Use the "potentially trustworthy origin" helper to validate Push server URLs. r=dragana
This commit is contained in:
parent
d79033e045
commit
a97b29a4c6
@ -27,6 +27,10 @@ const CONNECTION_PROTOCOLS = [PushServiceWebSocket, PushServiceHttp2];
|
||||
XPCOMUtils.defineLazyModuleGetter(this, "AlarmService",
|
||||
"resource://gre/modules/AlarmService.jsm");
|
||||
|
||||
XPCOMUtils.defineLazyServiceGetter(this, "gContentSecurityManager",
|
||||
"@mozilla.org/contentsecuritymanager;1",
|
||||
"nsIContentSecurityManager");
|
||||
|
||||
this.EXPORTED_SYMBOLS = ["PushService"];
|
||||
|
||||
XPCOMUtils.defineLazyGetter(this, "console", () => {
|
||||
@ -327,16 +331,34 @@ this.PushService = {
|
||||
}
|
||||
},
|
||||
|
||||
_findService: function(serverURI) {
|
||||
var uri;
|
||||
var service;
|
||||
if (serverURI) {
|
||||
for (let connProtocol of CONNECTION_PROTOCOLS) {
|
||||
uri = connProtocol.checkServerURI(serverURI);
|
||||
if (uri) {
|
||||
service = connProtocol;
|
||||
break;
|
||||
}
|
||||
_findService: function(serverURL) {
|
||||
console.debug("findService()");
|
||||
|
||||
let uri;
|
||||
let service;
|
||||
|
||||
if (!serverURL) {
|
||||
console.warn("findService: No dom.push.serverURL found");
|
||||
return [];
|
||||
}
|
||||
|
||||
try {
|
||||
uri = Services.io.newURI(serverURL, null, null);
|
||||
} catch (e) {
|
||||
console.warn("findService: Error creating valid URI from",
|
||||
"dom.push.serverURL", serverURL);
|
||||
return [];
|
||||
}
|
||||
|
||||
if (!gContentSecurityManager.isURIPotentiallyTrustworthy(uri)) {
|
||||
console.warn("findService: Untrusted server URI", uri.spec);
|
||||
return [];
|
||||
}
|
||||
|
||||
for (let connProtocol of CONNECTION_PROTOCOLS) {
|
||||
if (connProtocol.validServerURI(uri)) {
|
||||
service = connProtocol;
|
||||
break;
|
||||
}
|
||||
}
|
||||
return [service, uri];
|
||||
@ -428,22 +450,7 @@ this.PushService = {
|
||||
if (options.serverURI) {
|
||||
// this is use for xpcshell test.
|
||||
|
||||
var uri;
|
||||
var service;
|
||||
if (!options.service) {
|
||||
for (let connProtocol of CONNECTION_PROTOCOLS) {
|
||||
uri = connProtocol.checkServerURI(options.serverURI);
|
||||
if (uri) {
|
||||
service = connProtocol;
|
||||
break;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
try {
|
||||
uri = Services.io.newURI(options.serverURI, null, null);
|
||||
service = options.service;
|
||||
} catch(e) {}
|
||||
}
|
||||
let [service, uri] = this._findService(options.serverURI);
|
||||
if (!service) {
|
||||
this._setState(PUSH_SERVICE_INIT);
|
||||
return;
|
||||
|
@ -441,26 +441,8 @@ this.PushServiceHttp2 = {
|
||||
return this._mainPushService !== null;
|
||||
},
|
||||
|
||||
checkServerURI: function(serverURL) {
|
||||
if (!serverURL) {
|
||||
console.warn("checkServerURI: No dom.push.serverURL found");
|
||||
return;
|
||||
}
|
||||
|
||||
let uri;
|
||||
try {
|
||||
uri = Services.io.newURI(serverURL, null, null);
|
||||
} catch(e) {
|
||||
console.warn("checkServerURI: Error creating valid URI from",
|
||||
"dom.push.serverURL", serverURL);
|
||||
return null;
|
||||
}
|
||||
|
||||
if (uri.scheme !== "https") {
|
||||
console.warn("checkServerURI: Unsupported scheme", uri.scheme);
|
||||
return null;
|
||||
}
|
||||
return uri;
|
||||
validServerURI: function(serverURI) {
|
||||
return serverURI.scheme == "http" || serverURI.scheme == "https";
|
||||
},
|
||||
|
||||
connect: function(subscriptions) {
|
||||
|
@ -203,26 +203,8 @@ this.PushServiceWebSocket = {
|
||||
}
|
||||
},
|
||||
|
||||
checkServerURI: function(serverURL) {
|
||||
if (!serverURL) {
|
||||
console.warn("checkServerURI: No dom.push.serverURL found");
|
||||
return;
|
||||
}
|
||||
|
||||
let uri;
|
||||
try {
|
||||
uri = Services.io.newURI(serverURL, null, null);
|
||||
} catch(e) {
|
||||
console.warn("checkServerURI: Error creating valid URI from",
|
||||
"dom.push.serverURL", serverURL);
|
||||
return null;
|
||||
}
|
||||
|
||||
if (uri.scheme !== "wss") {
|
||||
console.warn("checkServerURI: Unsupported websocket scheme", uri.scheme);
|
||||
return null;
|
||||
}
|
||||
return uri;
|
||||
validServerURI: function(serverURI) {
|
||||
return serverURI.scheme == "ws" || serverURI.scheme == "wss";
|
||||
},
|
||||
|
||||
get _UAID() {
|
||||
|
@ -79,7 +79,6 @@ add_task(function* test1() {
|
||||
|
||||
PushService.init({
|
||||
serverURI: serverURL + "/subscribe5xxCode",
|
||||
service: PushServiceHttp2,
|
||||
db
|
||||
});
|
||||
|
||||
|
@ -83,7 +83,6 @@ add_task(function* test1() {
|
||||
|
||||
PushService.init({
|
||||
serverURI: serverURL + "/subscribe",
|
||||
service: PushServiceHttp2,
|
||||
db
|
||||
});
|
||||
|
||||
|
@ -93,7 +93,6 @@ add_task(function* test1() {
|
||||
|
||||
PushService.init({
|
||||
serverURI: serverURL + "/subscribe",
|
||||
service: PushServiceHttp2,
|
||||
db
|
||||
});
|
||||
|
||||
|
@ -88,7 +88,6 @@ add_task(function* test1() {
|
||||
|
||||
PushService.init({
|
||||
serverURI: serverURL + "/subscribe",
|
||||
service: PushServiceHttp2,
|
||||
db
|
||||
});
|
||||
|
||||
|
@ -66,7 +66,6 @@ add_task(function* test1() {
|
||||
|
||||
PushService.init({
|
||||
serverURI: serverURL + "/subscribe",
|
||||
service: PushServiceHttp2,
|
||||
db
|
||||
});
|
||||
|
||||
|
@ -425,7 +425,8 @@ nsContentSecurityManager::IsURIPotentiallyTrustworthy(nsIURI* aURI, bool* aIsTru
|
||||
|
||||
if (scheme.EqualsLiteral("https") ||
|
||||
scheme.EqualsLiteral("file") ||
|
||||
scheme.EqualsLiteral("app")) {
|
||||
scheme.EqualsLiteral("app") ||
|
||||
scheme.EqualsLiteral("wss")) {
|
||||
*aIsTrustWorthy = true;
|
||||
return NS_OK;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user