Bug 1163898 part 2. Allow creation of an anonymous XHR in non-window scopes if the right mozAnon bits are passed in. r=smaug

2024-09-13 09:24:08 -07:00 · 2015-05-12 15:56:41 -04:00 · 2015-05-12 15:56:41 -04:00 · da86cbdc59
commit da86cbdc59
parent 57e2d885c4
3 changed files with 30 additions and 9 deletions
--- a/dom/base/nsXMLHttpRequest.cpp
+++ b/dom/base/nsXMLHttpRequest.cpp
@ -391,29 +391,33 @@ nsXMLHttpRequest::InitParameters(bool aAnon, bool aSystem)
  }

  // Check for permissions.
-  nsCOMPtr<nsPIDOMWindow> window = do_QueryInterface(GetOwner());
-  if (!window || !window->GetDocShell()) {
-    return;
-  }
-
  // Chrome is always allowed access, so do the permission check only
  // for non-chrome pages.
  if (!IsSystemXHR() && aSystem) {
-    nsCOMPtr<nsIDocument> doc = window->GetExtantDoc();
-    if (!doc) {
+    nsIGlobalObject* global = GetOwnerGlobal();
+    if (NS_WARN_IF(!global)) {
+      SetParameters(aAnon, false);
+      return;
+    }
+
+    nsIPrincipal* principal = global->PrincipalOrNull();
+    if (NS_WARN_IF(!principal)) {
+      SetParameters(aAnon, false);
      return;
    }

-    nsCOMPtr<nsIPrincipal> principal = doc->NodePrincipal();
    nsCOMPtr<nsIPermissionManager> permMgr =
      services::GetPermissionManager();
-    if (!permMgr)
+    if (NS_WARN_IF(!permMgr)) {
+      SetParameters(aAnon, false);
      return;
+    }

    uint32_t permission;
    nsresult rv =
      permMgr->TestPermissionFromPrincipal(principal, "systemXHR", &permission);
    if (NS_FAILED(rv) || permission != nsIPermissionManager::ALLOW_ACTION) {
+      SetParameters(aAnon, false);
      return;
    }
  }
--- a/dom/tests/unit/test_xhr_init.js
+++ b/dom/tests/unit/test_xhr_init.js
@ -0,0 +1,16 @@
+function run_test()
+{
+    Components.utils.importGlobalProperties(["XMLHttpRequest"]);
+
+    var x = new XMLHttpRequest({mozAnon: true, mozSystem: false});
+    do_check_true(x.mozAnon);
+    do_check_true(x.mozSystem); // Because we're system principal
+
+    x = new XMLHttpRequest({mozAnon: true});
+    do_check_true(x.mozAnon);
+    do_check_true(x.mozSystem);
+
+    x = new XMLHttpRequest();
+    do_check_false(x.mozAnon);
+    do_check_true(x.mozSystem);
+}
--- a/dom/tests/unit/xpcshell.ini
+++ b/dom/tests/unit/xpcshell.ini
@ -23,3 +23,4 @@ skip-if = os == "android"
 [test_geolocation_position_unavailable_wrap.js]
 skip-if = os == "mac" || os == "android"
 [test_PromiseDebugging.js]
+[test_xhr_init.js]