mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
Bug 1063837 - For xhr, don't set principal to nullprincipal in cases where we want a sandboxed document; instead, set the sandboxed flag in loadinfo. For EventSource, there is no issue iwth using system. r=sicking, smaug
This commit is contained in:
parent
5f7762e7cf
commit
ec768e8f8a
@ -753,13 +753,6 @@ EventSource::InitChannelAndRequestEventSource()
|
||||
nsCOMPtr<nsIDocument> doc =
|
||||
nsContentUtils::GetDocumentFromScriptContext(sc);
|
||||
|
||||
nsCOMPtr<nsIPrincipal> principal = mPrincipal;
|
||||
if (nsContentUtils::IsSystemPrincipal(principal)) {
|
||||
// Don't give this channel the system principal.
|
||||
principal = do_CreateInstance("@mozilla.org/nullprincipal;1", &rv);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIChannel> channel;
|
||||
// If we have the document, use it
|
||||
if (doc) {
|
||||
@ -776,7 +769,7 @@ EventSource::InitChannelAndRequestEventSource()
|
||||
// otherwise use the principal
|
||||
rv = NS_NewChannel(getter_AddRefs(channel),
|
||||
mSrc,
|
||||
principal,
|
||||
mPrincipal,
|
||||
nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL,
|
||||
nsIContentPolicy::TYPE_DATAREQUEST,
|
||||
channelPolicy, // aChannelPolicy
|
||||
|
@ -1735,16 +1735,16 @@ nsXMLHttpRequest::Open(const nsACString& inMethod, const nsACString& url,
|
||||
channelPolicy->SetLoadType(nsIContentPolicy::TYPE_XMLHTTPREQUEST);
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIPrincipal> documentPrincipal;
|
||||
nsSecurityFlags secFlags = nsILoadInfo::SEC_NORMAL;
|
||||
if (IsSystemXHR()) {
|
||||
// Don't give this document the system principal. We need to keep track of
|
||||
// mPrincipal being system because we use it for various security checks
|
||||
// that should be passing, but the document data shouldn't get a system
|
||||
// principal.
|
||||
documentPrincipal = do_CreateInstance("@mozilla.org/nullprincipal;1", &rv);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
// principal. Hence we set the sandbox flag in loadinfo, so that
|
||||
// GetChannelResultPrincipal will give us the nullprincipal.
|
||||
secFlags |= nsILoadInfo::SEC_SANDBOXED;
|
||||
} else {
|
||||
documentPrincipal = mPrincipal;
|
||||
secFlags |= nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL;
|
||||
}
|
||||
|
||||
// If we have the document, use it
|
||||
@ -1752,7 +1752,7 @@ nsXMLHttpRequest::Open(const nsACString& inMethod, const nsACString& url,
|
||||
rv = NS_NewChannel(getter_AddRefs(mChannel),
|
||||
uri,
|
||||
doc,
|
||||
nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL,
|
||||
secFlags,
|
||||
nsIContentPolicy::TYPE_XMLHTTPREQUEST,
|
||||
channelPolicy,
|
||||
loadGroup,
|
||||
@ -1762,8 +1762,8 @@ nsXMLHttpRequest::Open(const nsACString& inMethod, const nsACString& url,
|
||||
//otherwise use the principal
|
||||
rv = NS_NewChannel(getter_AddRefs(mChannel),
|
||||
uri,
|
||||
documentPrincipal,
|
||||
nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL,
|
||||
mPrincipal,
|
||||
secFlags,
|
||||
nsIContentPolicy::TYPE_XMLHTTPREQUEST,
|
||||
channelPolicy,
|
||||
loadGroup,
|
||||
@ -1987,19 +1987,6 @@ nsXMLHttpRequest::OnStartRequest(nsIRequest *request, nsISupports *ctxt)
|
||||
nsCOMPtr<nsIChannel> channel(do_QueryInterface(request));
|
||||
NS_ENSURE_TRUE(channel, NS_ERROR_UNEXPECTED);
|
||||
|
||||
nsCOMPtr<nsIPrincipal> documentPrincipal;
|
||||
if (IsSystemXHR()) {
|
||||
// Don't give this document the system principal. We need to keep track of
|
||||
// mPrincipal being system because we use it for various security checks
|
||||
// that should be passing, but the document data shouldn't get a system
|
||||
// principal.
|
||||
nsresult rv;
|
||||
documentPrincipal = do_CreateInstance("@mozilla.org/nullprincipal;1", &rv);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
} else {
|
||||
documentPrincipal = mPrincipal;
|
||||
}
|
||||
|
||||
nsresult status;
|
||||
request->GetStatus(&status);
|
||||
mErrorLoad = mErrorLoad || NS_FAILED(status);
|
||||
@ -2137,21 +2124,23 @@ nsXMLHttpRequest::OnStartRequest(nsIRequest *request, nsISupports *ctxt)
|
||||
chromeXHRDocBaseURI = doc->GetBaseURI();
|
||||
}
|
||||
|
||||
// Create an empty document from it. Here we have to cheat a little bit...
|
||||
// Setting the base URI to |baseURI| won't work if the document has a null
|
||||
// principal, so use mPrincipal when creating the document, then reset the
|
||||
// principal.
|
||||
// Create an empty document from it.
|
||||
const nsAString& emptyStr = EmptyString();
|
||||
nsCOMPtr<nsIDOMDocument> responseDoc;
|
||||
nsIGlobalObject* global = DOMEventTargetHelper::GetParentObject();
|
||||
|
||||
nsCOMPtr<nsIPrincipal> requestingPrincipal;
|
||||
rv = nsContentUtils::GetSecurityManager()->
|
||||
GetChannelResultPrincipal(channel, getter_AddRefs(requestingPrincipal));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
rv = NS_NewDOMDocument(getter_AddRefs(responseDoc),
|
||||
emptyStr, emptyStr, nullptr, docURI,
|
||||
baseURI, mPrincipal, true, global,
|
||||
baseURI, requestingPrincipal, true, global,
|
||||
mIsHtml ? DocumentFlavorHTML :
|
||||
DocumentFlavorLegacyGuess);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
mResponseXML = do_QueryInterface(responseDoc);
|
||||
mResponseXML->SetPrincipal(documentPrincipal);
|
||||
mResponseXML->SetChromeXHRDocURI(chromeXHRDocURI);
|
||||
mResponseXML->SetChromeXHRDocBaseURI(chromeXHRDocBaseURI);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user