wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Bug 1204269 - Use the worker private in order to determine the origin of the entry settings object for workers; r=smaug

Browse Source
This commit is contained in:
Ehsan Akhgari 2015-09-12 17:38:51 -04:00
parent b491261813
commit b70218fc21
1 changed files with 25 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
dom/base/WebSocket.cpp
View File

@ -1546,26 +1546,32 @@ WebSocketImpl::Init(JSContext* aCx,
!Preferences::GetBool("network.websocket.allowInsecureFromHTTPS",
false)) {
// Confirmed we are opening plain ws:// and want to prevent this from a
// secure context (e.g. https). Check the principal's uri to determine if
// we were loaded from https.
nsCOMPtr<nsIGlobalObject> globalObject(GetEntryGlobal());
if (globalObject) {
nsCOMPtr<nsIPrincipal> principal(globalObject->PrincipalOrNull());
if (principal) {
nsCOMPtr<nsIURI> uri;
principal->GetURI(getter_AddRefs(uri));
if (uri) {
bool originIsHttps = false;
aRv = uri->SchemeIs("https", &originIsHttps);
if (NS_WARN_IF(aRv.Failed())) {
return;
}
// secure context (e.g. https).
nsCOMPtr<nsIPrincipal> principal;
nsCOMPtr<nsIURI> originURI;
if (mWorkerPrivate) {
// For workers, retrieve the URI from the WorkerPrivate
principal = mWorkerPrivate->GetPrincipal();
} else {
// Check the principal's uri to determine if we were loaded from https.
nsCOMPtr<nsIGlobalObject> globalObject(GetEntryGlobal());
if (globalObject) {
principal = globalObject->PrincipalOrNull();
}
}
if (originIsHttps) {
aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
return;
}
}
if (principal) {
principal->GetURI(getter_AddRefs(originURI));
}
if (originURI) {
bool originIsHttps = false;
aRv = originURI->SchemeIs("https", &originIsHttps);
if (NS_WARN_IF(aRv.Failed())) {
return;
}
if (originIsHttps) {
aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
return;
}
}
}