Bug 1063837 - For xhr, don't set principal to nullprincipal in cases where we want a sandboxed document; instead, set the sandboxed flag in loadinfo. For EventSource, there is no issue iwth using system. r=sicking, smaug

2024-09-13 09:24:08 -07:00 · 2014-09-22 15:34:26 -07:00 · 2014-09-22 15:34:26 -07:00 · ec768e8f8a
commit ec768e8f8a
parent 5f7762e7cf
2 changed files with 17 additions and 35 deletions
--- a/content/base/src/EventSource.cpp
+++ b/content/base/src/EventSource.cpp
@ -753,13 +753,6 @@ EventSource::InitChannelAndRequestEventSource()
  nsCOMPtr<nsIDocument> doc =
    nsContentUtils::GetDocumentFromScriptContext(sc);

-  nsCOMPtr<nsIPrincipal> principal = mPrincipal;
-  if (nsContentUtils::IsSystemPrincipal(principal)) {
-    // Don't give this channel the system principal.
-    principal = do_CreateInstance("@mozilla.org/nullprincipal;1", &rv);
-    NS_ENSURE_SUCCESS(rv, rv);
-  }
-
  nsCOMPtr<nsIChannel> channel;
  // If we have the document, use it
  if (doc) {
@ -776,7 +769,7 @@ EventSource::InitChannelAndRequestEventSource()
    // otherwise use the principal
    rv = NS_NewChannel(getter_AddRefs(channel),
                       mSrc,
-                       principal,
+                       mPrincipal,
                       nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL,
                       nsIContentPolicy::TYPE_DATAREQUEST,
                       channelPolicy,    // aChannelPolicy
--- a/content/base/src/nsXMLHttpRequest.cpp
+++ b/content/base/src/nsXMLHttpRequest.cpp
@ -1735,16 +1735,16 @@ nsXMLHttpRequest::Open(const nsACString& inMethod, const nsACString& url,
    channelPolicy->SetLoadType(nsIContentPolicy::TYPE_XMLHTTPREQUEST);
  }

-  nsCOMPtr<nsIPrincipal> documentPrincipal;
+  nsSecurityFlags secFlags = nsILoadInfo::SEC_NORMAL;
  if (IsSystemXHR()) {
    // Don't give this document the system principal.  We need to keep track of
    // mPrincipal being system because we use it for various security checks
    // that should be passing, but the document data shouldn't get a system
-    // principal.
-    documentPrincipal = do_CreateInstance("@mozilla.org/nullprincipal;1", &rv);
-    NS_ENSURE_SUCCESS(rv, rv);
+    // principal.  Hence we set the sandbox flag in loadinfo, so that 
+    // GetChannelResultPrincipal will give us the nullprincipal.
+    secFlags |= nsILoadInfo::SEC_SANDBOXED;
  } else {
-    documentPrincipal = mPrincipal;
+    secFlags |= nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL;
  }

  // If we have the document, use it
@ -1752,7 +1752,7 @@ nsXMLHttpRequest::Open(const nsACString& inMethod, const nsACString& url,
    rv = NS_NewChannel(getter_AddRefs(mChannel),
                       uri,
                       doc,
-                       nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL,
+                       secFlags,
                       nsIContentPolicy::TYPE_XMLHTTPREQUEST,
                       channelPolicy,
                       loadGroup,
@ -1762,8 +1762,8 @@ nsXMLHttpRequest::Open(const nsACString& inMethod, const nsACString& url,
    //otherwise use the principal
    rv = NS_NewChannel(getter_AddRefs(mChannel),
                       uri,
-                       documentPrincipal,
-                       nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL,
+                       mPrincipal,
+                       secFlags,
                       nsIContentPolicy::TYPE_XMLHTTPREQUEST,
                       channelPolicy,
                       loadGroup,
@ -1987,19 +1987,6 @@ nsXMLHttpRequest::OnStartRequest(nsIRequest *request, nsISupports *ctxt)
  nsCOMPtr<nsIChannel> channel(do_QueryInterface(request));
  NS_ENSURE_TRUE(channel, NS_ERROR_UNEXPECTED);

-  nsCOMPtr<nsIPrincipal> documentPrincipal;
-  if (IsSystemXHR()) {
-    // Don't give this document the system principal.  We need to keep track of
-    // mPrincipal being system because we use it for various security checks
-    // that should be passing, but the document data shouldn't get a system
-    // principal.
-    nsresult rv;
-    documentPrincipal = do_CreateInstance("@mozilla.org/nullprincipal;1", &rv);
-    NS_ENSURE_SUCCESS(rv, rv);
-  } else {
-    documentPrincipal = mPrincipal;
-  }
-
  nsresult status;
  request->GetStatus(&status);
  mErrorLoad = mErrorLoad || NS_FAILED(status);
@ -2137,21 +2124,23 @@ nsXMLHttpRequest::OnStartRequest(nsIRequest *request, nsISupports *ctxt)
      chromeXHRDocBaseURI = doc->GetBaseURI();
    }

-    // Create an empty document from it.  Here we have to cheat a little bit...
-    // Setting the base URI to |baseURI| won't work if the document has a null
-    // principal, so use mPrincipal when creating the document, then reset the
-    // principal.
+    // Create an empty document from it.
    const nsAString& emptyStr = EmptyString();
    nsCOMPtr<nsIDOMDocument> responseDoc;
    nsIGlobalObject* global = DOMEventTargetHelper::GetParentObject();
+
+    nsCOMPtr<nsIPrincipal> requestingPrincipal;
+    rv = nsContentUtils::GetSecurityManager()->
+       GetChannelResultPrincipal(channel, getter_AddRefs(requestingPrincipal));
+    NS_ENSURE_SUCCESS(rv, rv);
+
    rv = NS_NewDOMDocument(getter_AddRefs(responseDoc),
                           emptyStr, emptyStr, nullptr, docURI,
-                           baseURI, mPrincipal, true, global,
+                           baseURI, requestingPrincipal, true, global,
                           mIsHtml ? DocumentFlavorHTML :
                                     DocumentFlavorLegacyGuess);
    NS_ENSURE_SUCCESS(rv, rv);
    mResponseXML = do_QueryInterface(responseDoc);
-    mResponseXML->SetPrincipal(documentPrincipal);
    mResponseXML->SetChromeXHRDocURI(chromeXHRDocURI);
    mResponseXML->SetChromeXHRDocBaseURI(chromeXHRDocBaseURI);