Bug 1204269 - Use the worker private in order to determine the origin of the entry settings object for workers; r=smaug

2024-09-13 09:24:08 -07:00 · 2015-09-12 17:38:51 -04:00 · 2015-09-12 17:38:51 -04:00 · b70218fc21
commit b70218fc21
parent b491261813
1 changed files with 25 additions and 19 deletions
--- a/dom/base/WebSocket.cpp
+++ b/dom/base/WebSocket.cpp
@ -1546,29 +1546,35 @@ WebSocketImpl::Init(JSContext* aCx,
      !Preferences::GetBool("network.websocket.allowInsecureFromHTTPS",
                            false)) {
    // Confirmed we are opening plain ws:// and want to prevent this from a
-    // secure context (e.g. https). Check the principal's uri to determine if
-    // we were loaded from https.
+    // secure context (e.g. https).
+    nsCOMPtr<nsIPrincipal> principal;
+    nsCOMPtr<nsIURI> originURI;
+    if (mWorkerPrivate) {
+      // For workers, retrieve the URI from the WorkerPrivate
+      principal = mWorkerPrivate->GetPrincipal();
+    } else {
+      // Check the principal's uri to determine if we were loaded from https.
      nsCOMPtr<nsIGlobalObject> globalObject(GetEntryGlobal());
      if (globalObject) {
-      nsCOMPtr<nsIPrincipal> principal(globalObject->PrincipalOrNull());
+        principal = globalObject->PrincipalOrNull();
+      }
+    }
+
    if (principal) {
-        nsCOMPtr<nsIURI> uri;
-        principal->GetURI(getter_AddRefs(uri));
-        if (uri) {
+      principal->GetURI(getter_AddRefs(originURI));
+    }
+    if (originURI) {
      bool originIsHttps = false;
-          aRv = uri->SchemeIs("https", &originIsHttps);
+      aRv = originURI->SchemeIs("https", &originIsHttps);
      if (NS_WARN_IF(aRv.Failed())) {
        return;
      }
-
      if (originIsHttps) {
        aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
        return;
      }
    }
  }
-    }
-  }

  // Assign the sub protocol list and scan it for illegal values
  for (uint32_t index = 0; index < aProtocolArray.Length(); ++index) {