mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
Bug 1139665 - Check content load policy in FetchDriver. r=baku
This commit is contained in:
parent
13691da45d
commit
e87d2bc87e
@ -177,7 +177,7 @@ public:
|
||||
nsRefPtr<FetchDriver> fetch = new FetchDriver(mRequest, principal, loadGroup);
|
||||
nsIDocument* doc = mResolver->GetWorkerPrivate()->GetDocument();
|
||||
if (doc) {
|
||||
fetch->SetReferrerPolicy(doc->GetReferrerPolicy());
|
||||
fetch->SetDocument(doc);
|
||||
}
|
||||
|
||||
nsresult rv = fetch->Fetch(mResolver);
|
||||
@ -234,7 +234,7 @@ FetchRequest(nsIGlobalObject* aGlobal, const RequestOrUSVString& aInput,
|
||||
nsCOMPtr<nsILoadGroup> loadGroup = doc->GetDocumentLoadGroup();
|
||||
nsRefPtr<FetchDriver> fetch =
|
||||
new FetchDriver(r, doc->NodePrincipal(), loadGroup);
|
||||
fetch->SetReferrerPolicy(doc->GetReferrerPolicy());
|
||||
fetch->SetDocument(doc);
|
||||
aRv = fetch->Fetch(resolver);
|
||||
if (NS_WARN_IF(aRv.Failed())) {
|
||||
return nullptr;
|
||||
@ -315,7 +315,6 @@ public:
|
||||
result.ThrowTypeError(MSG_FETCH_FAILED);
|
||||
promise->MaybeReject(result);
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
};
|
||||
|
@ -5,6 +5,7 @@
|
||||
|
||||
#include "mozilla/dom/FetchDriver.h"
|
||||
|
||||
#include "nsIDocument.h"
|
||||
#include "nsIInputStream.h"
|
||||
#include "nsIOutputStream.h"
|
||||
#include "nsIHttpChannel.h"
|
||||
@ -42,7 +43,6 @@ FetchDriver::FetchDriver(InternalRequest* aRequest, nsIPrincipal* aPrincipal,
|
||||
, mLoadGroup(aLoadGroup)
|
||||
, mRequest(aRequest)
|
||||
, mFetchRecursionCount(0)
|
||||
, mReferrerPolicy(net::RP_Default)
|
||||
, mResponseAvailableCalled(false)
|
||||
{
|
||||
}
|
||||
@ -99,11 +99,27 @@ FetchDriver::ContinueFetch(bool aCORSFlag)
|
||||
return FailWithNetworkError();
|
||||
}
|
||||
|
||||
// CSP/mixed content checks.
|
||||
int16_t shouldLoad;
|
||||
rv = NS_CheckContentLoadPolicy(mRequest->ContentPolicyType(),
|
||||
requestURI,
|
||||
mPrincipal,
|
||||
mDocument,
|
||||
// FIXME(nsm): Should MIME be extracted from
|
||||
// Content-Type header?
|
||||
EmptyCString(), /* mime guess */
|
||||
nullptr, /* extra */
|
||||
&shouldLoad,
|
||||
nsContentUtils::GetContentPolicy(),
|
||||
nsContentUtils::GetSecurityManager());
|
||||
if (NS_WARN_IF(NS_FAILED(rv) || NS_CP_REJECTED(shouldLoad))) {
|
||||
// Disallowed by content policy.
|
||||
return FailWithNetworkError();
|
||||
}
|
||||
|
||||
// Begin Step 4 of the Fetch algorithm
|
||||
// https://fetch.spec.whatwg.org/#fetching
|
||||
|
||||
// FIXME(nsm): Bug 1039846: Add CSP checks
|
||||
|
||||
nsAutoCString scheme;
|
||||
rv = requestURI->GetScheme(scheme);
|
||||
if (NS_WARN_IF(NS_FAILED(rv))) {
|
||||
@ -289,7 +305,6 @@ FetchDriver::HttpFetch(bool aCORSFlag, bool aCORSPreflightFlag, bool aAuthentica
|
||||
{
|
||||
// Step 1. "Let response be null."
|
||||
mResponse = nullptr;
|
||||
|
||||
nsresult rv;
|
||||
|
||||
nsCOMPtr<nsIIOService> ios = do_GetIOService(&rv);
|
||||
@ -406,7 +421,12 @@ FetchDriver::HttpFetch(bool aCORSFlag, bool aCORSPreflightFlag, bool aAuthentica
|
||||
return FailWithNetworkError();
|
||||
}
|
||||
|
||||
rv = httpChan->SetReferrerWithPolicy(refURI, mReferrerPolicy);
|
||||
net::ReferrerPolicy referrerPolicy = net::RP_Default;
|
||||
if (mDocument) {
|
||||
referrerPolicy = mDocument->GetReferrerPolicy();
|
||||
}
|
||||
|
||||
rv = httpChan->SetReferrerWithPolicy(refURI, referrerPolicy);
|
||||
if (NS_WARN_IF(NS_FAILED(rv))) {
|
||||
return FailWithNetworkError();
|
||||
}
|
||||
|
@ -16,6 +16,7 @@
|
||||
#include "mozilla/DebugOnly.h"
|
||||
#include "mozilla/net/ReferrerPolicy.h"
|
||||
|
||||
class nsIDocument;
|
||||
class nsIOutputStream;
|
||||
class nsILoadGroup;
|
||||
class nsIPrincipal;
|
||||
@ -58,11 +59,11 @@ public:
|
||||
NS_IMETHOD Fetch(FetchDriverObserver* aObserver);
|
||||
|
||||
void
|
||||
SetReferrerPolicy(net::ReferrerPolicy aPolicy)
|
||||
SetDocument(nsIDocument* aDocument)
|
||||
{
|
||||
// Cannot set policy after Fetch() has been called.
|
||||
// Cannot set document after Fetch() has been called.
|
||||
MOZ_ASSERT(mFetchRecursionCount == 0);
|
||||
mReferrerPolicy = aPolicy;
|
||||
mDocument = aDocument;
|
||||
}
|
||||
|
||||
private:
|
||||
@ -76,8 +77,8 @@ private:
|
||||
nsCOMPtr<nsIAsyncVerifyRedirectCallback> mRedirectCallback;
|
||||
nsCOMPtr<nsIChannel> mOldRedirectChannel;
|
||||
nsCOMPtr<nsIChannel> mNewRedirectChannel;
|
||||
nsCOMPtr<nsIDocument> mDocument;
|
||||
uint32_t mFetchRecursionCount;
|
||||
net::ReferrerPolicy mReferrerPolicy;
|
||||
|
||||
DebugOnly<bool> mResponseAvailableCalled;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user