Bug 1038756: Callsites creating a channel in /layout/style/ (r=dbaron)

2024-09-13 09:24:08 -07:00 · 2014-09-21 09:41:26 -07:00 · 2014-09-21 09:41:26 -07:00 · ff00c01a1c
commit ff00c01a1c
parent 3c910c5f38
2 changed files with 108 additions and 52 deletions
--- a/layout/style/Loader.cpp
+++ b/layout/style/Loader.cpp
@ -119,7 +119,8 @@ public:
                nsIStyleSheetLinkingElement* aOwningElement,
                bool aIsAlternate,
                nsICSSLoaderObserver* aObserver,
-                nsIPrincipal* aLoaderPrincipal);
+                nsIPrincipal* aLoaderPrincipal,
+                nsINode* aRequestingNode);

  // Data for loading a sheet linked from an @import rule
  SheetLoadData(Loader* aLoader,
@ -127,7 +128,8 @@ public:
                CSSStyleSheet* aSheet,
                SheetLoadData* aParentData,
                nsICSSLoaderObserver* aObserver,
-                nsIPrincipal* aLoaderPrincipal);
+                nsIPrincipal* aLoaderPrincipal,
+                nsINode* aRequestingNode);

  // Data for loading a non-document sheet
  SheetLoadData(Loader* aLoader,
@ -138,7 +140,8 @@ public:
                bool aUseSystemPrincipal,
                const nsCString& aCharset,
                nsICSSLoaderObserver* aObserver,
-                nsIPrincipal* aLoaderPrincipal);
+                nsIPrincipal* aLoaderPrincipal,
+                nsINode* aRequestingNode);

  already_AddRefed<nsIURI> GetReferrerURI();

@ -234,6 +237,9 @@ public:
  // The principal that identifies who started loading us.
  nsCOMPtr<nsIPrincipal>                mLoaderPrincipal;

+  // The node that identifies who started loading us.
+  nsCOMPtr<nsINode>                     mRequestingNode;
+
  // The charset to use if the transport and sheet don't indicate one.
  // May be empty.  Must be empty if mOwningElement is non-null.
  nsCString                             mCharsetHint;
@ -314,7 +320,8 @@ SheetLoadData::SheetLoadData(Loader* aLoader,
                             nsIStyleSheetLinkingElement* aOwningElement,
                             bool aIsAlternate,
                             nsICSSLoaderObserver* aObserver,
-                             nsIPrincipal* aLoaderPrincipal)
+                             nsIPrincipal* aLoaderPrincipal,
+                             nsINode* aRequestingNode)
  : mLoader(aLoader),
    mTitle(aTitle),
    mURI(aURI),
@ -333,7 +340,8 @@ SheetLoadData::SheetLoadData(Loader* aLoader,
    mSheetAlreadyComplete(false),
    mOwningElement(aOwningElement),
    mObserver(aObserver),
-    mLoaderPrincipal(aLoaderPrincipal)
+    mLoaderPrincipal(aLoaderPrincipal),
+    mRequestingNode(aRequestingNode)
 {
  NS_PRECONDITION(mLoader, "Must have a loader!");
 }
@ -343,7 +351,8 @@ SheetLoadData::SheetLoadData(Loader* aLoader,
                             CSSStyleSheet* aSheet,
                             SheetLoadData* aParentData,
                             nsICSSLoaderObserver* aObserver,
-                             nsIPrincipal* aLoaderPrincipal)
+                             nsIPrincipal* aLoaderPrincipal,
+                             nsINode* aRequestingNode)
  : mLoader(aLoader),
    mURI(aURI),
    mLineNumber(1),
@ -362,7 +371,8 @@ SheetLoadData::SheetLoadData(Loader* aLoader,
    mSheetAlreadyComplete(false),
    mOwningElement(nullptr),
    mObserver(aObserver),
-    mLoaderPrincipal(aLoaderPrincipal)
+    mLoaderPrincipal(aLoaderPrincipal),
+    mRequestingNode(aRequestingNode)
 {
  NS_PRECONDITION(mLoader, "Must have a loader!");
  if (mParentData) {
@ -385,7 +395,8 @@ SheetLoadData::SheetLoadData(Loader* aLoader,
                             bool aUseSystemPrincipal,
                             const nsCString& aCharset,
                             nsICSSLoaderObserver* aObserver,
-                             nsIPrincipal* aLoaderPrincipal)
+                             nsIPrincipal* aLoaderPrincipal,
+                             nsINode* aRequestingNode)
  : mLoader(aLoader),
    mURI(aURI),
    mLineNumber(1),
@ -404,6 +415,7 @@ SheetLoadData::SheetLoadData(Loader* aLoader,
    mOwningElement(nullptr),
    mObserver(aObserver),
    mLoaderPrincipal(aLoaderPrincipal),
+    mRequestingNode(aRequestingNode),
    mCharsetHint(aCharset)
 {
  NS_PRECONDITION(mLoader, "Must have a loader!");
@ -1415,6 +1427,22 @@ Loader::LoadSheet(SheetLoadData* aLoadData, StyleSheetState aSheetState)
    return NS_BINDING_ABORTED;
  }

+  bool inherit = false;
+  nsIPrincipal* requestingPrincipal = aLoadData->mLoaderPrincipal;
+  if (requestingPrincipal) {
+    rv = NS_URIChainHasFlags(aLoadData->mURI,
+                             nsIProtocolHandler::URI_INHERITS_SECURITY_CONTEXT,
+                             &inherit);
+    inherit =
+      ((NS_SUCCEEDED(rv) && inherit) ||
+       (nsContentUtils::URIIsLocalFile(aLoadData->mURI) &&
+        NS_SUCCEEDED(aLoadData->mLoaderPrincipal->
+                     CheckMayLoad(aLoadData->mURI, false, false))));
+  }
+  else {
+    requestingPrincipal = nsContentUtils::GetSystemPrincipal();
+  }
+
  if (aLoadData->mSyncLoad) {
    LOG(("  Synchronous load"));
    NS_ASSERTION(!aLoadData->mObserver, "Observer for a sync load?");
@ -1441,9 +1469,22 @@ Loader::LoadSheet(SheetLoadData* aLoadData, StyleSheetState aSheetState)
    // Just load it
    nsCOMPtr<nsIInputStream> stream;
    nsCOMPtr<nsIChannel> channel;
-    rv = NS_OpenURI(getter_AddRefs(stream), aLoadData->mURI, nullptr,
-                    nullptr, nullptr, nsIRequest::LOAD_NORMAL,
-                    getter_AddRefs(channel));
+    // Note that we are calling NS_OpenURIInternal() with both a node and a
+    // principal.  This is because of a case where the node is the document
+    // being styled and the principal is the stylesheet (perhaps from a
+    // different origin)  that is applying the styles.
+    rv = NS_OpenURIInternal(getter_AddRefs(stream),
+                            aLoadData->mURI,
+                            aLoadData->mRequestingNode,
+                            requestingPrincipal,
+                            nsILoadInfo::SEC_NORMAL,
+                            nsIContentPolicy::TYPE_OTHER,
+                            nullptr,   // aLoadGroup
+                            nullptr,   // aCallbacks
+                            nsIRequest::LOAD_NORMAL,
+                            nullptr,   // aIoService
+                            getter_AddRefs(channel));
+
    if (NS_FAILED(rv)) {
      LOG_ERROR(("  Failed to open URI synchronously"));
      SheetComplete(aLoadData, rv);
@ -1527,11 +1568,27 @@ Loader::LoadSheet(SheetLoadData* aLoadData, StyleSheetState aSheetState)
    }
  }

+  nsLoadFlags securityFlags = nsILoadInfo::SEC_NORMAL;
+  if (inherit) {
+    securityFlags |= nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL;
+  }
+
  nsCOMPtr<nsIChannel> channel;
-  rv = NS_NewChannel(getter_AddRefs(channel),
-                     aLoadData->mURI, nullptr, loadGroup, nullptr,
-                     nsIChannel::LOAD_NORMAL | nsIChannel::LOAD_CLASSIFY_URI,
-                     channelPolicy);
+  // Note we are calling NS_NewChannelInternal here with a node and a principal.
+  // This is because of a case where the node is the document being styled and
+  // the principal is the stylesheet (perhaps from a different origin)  that is
+  // applying the styles.
+  rv = NS_NewChannelInternal(getter_AddRefs(channel),
+                             aLoadData->mURI,
+                             aLoadData->mRequestingNode,
+                             requestingPrincipal,
+                             securityFlags,
+                             nsIContentPolicy::TYPE_STYLESHEET,
+                             channelPolicy,
+                             loadGroup,
+                             nullptr,   // aCallbacks
+                             nsIChannel::LOAD_NORMAL |
+                             nsIChannel::LOAD_CLASSIFY_URI);

  if (NS_FAILED(rv)) {
 #ifdef DEBUG
@ -1572,24 +1629,6 @@ Loader::LoadSheet(SheetLoadData* aLoadData, StyleSheetState aSheetState)
  // this before opening it, so it's only treated as a hint.
  channel->SetContentType(NS_LITERAL_CSTRING("text/css"));

-  if (aLoadData->mLoaderPrincipal) {
-    bool inherit;
-    rv = NS_URIChainHasFlags(aLoadData->mURI,
-                             nsIProtocolHandler::URI_INHERITS_SECURITY_CONTEXT,
-                             &inherit);
-    inherit =
-      ((NS_SUCCEEDED(rv) && inherit) ||
-       (nsContentUtils::URIIsLocalFile(aLoadData->mURI) &&
-        NS_SUCCEEDED(aLoadData->mLoaderPrincipal->
-                     CheckMayLoad(aLoadData->mURI, false, false))));
-    nsCOMPtr<nsILoadInfo> loadInfo =
-      new LoadInfo(aLoadData->mLoaderPrincipal,
-                   inherit ?
-                     LoadInfo::eInheritPrincipal : LoadInfo::eDontInheritPrincipal,
-                   LoadInfo::eNotSandboxed);
-    channel->SetLoadInfo(loadInfo);
-  }
-
  // We don't have to hold on to the stream loader.  The ownership
  // model is: Necko owns the stream loader, which owns the load data,
  // which owns us
@ -1917,7 +1956,7 @@ Loader::LoadInlineStyle(nsIContent* aElement,

  SheetLoadData* data = new SheetLoadData(this, aTitle, nullptr, sheet,
                                          owningElement, *aIsAlternate,
-                                          aObserver, nullptr);
+                                          aObserver, nullptr, static_cast<nsINode*>(aElement));

  // We never actually load this, so just set its principal directly
  sheet->SetPrincipal(aElement->NodePrincipal());
@ -2002,9 +2041,10 @@ Loader::LoadStyleLink(nsIContent* aElement,
  }

  // Now we need to actually load it
+  nsCOMPtr<nsINode> requestingNode = do_QueryInterface(context);
  SheetLoadData* data = new SheetLoadData(this, aTitle, aURL, sheet,
                                          owningElement, *aIsAlternate,
-                                          aObserver, principal);
+                                          aObserver, principal, requestingNode);
  NS_ADDREF(data);

  // If we have to parse and it's an alternate non-inline, defer it
@ -2152,8 +2192,9 @@ Loader::LoadChildSheet(CSSStyleSheet* aParentSheet,
    return NS_OK;
  }

+  nsCOMPtr<nsINode> requestingNode = do_QueryInterface(context);
  SheetLoadData* data = new SheetLoadData(this, aURL, sheet, parentData,
-                                          observer, principal);
+                                          observer, principal, requestingNode);

  NS_ADDREF(data);
  bool syncLoad = data->mSyncLoad;
@ -2265,7 +2306,7 @@ Loader::InternalLoadNonDocumentSheet(nsIURI* aURL,
  SheetLoadData* data =
    new SheetLoadData(this, aURL, sheet, syncLoad, aAllowUnsafeRules,
                      aUseSystemPrincipal, aCharset, aObserver,
-                      aOriginPrincipal);
+                      aOriginPrincipal, mDocument);

  NS_ADDREF(data);
  rv = LoadSheet(data, state);
@ -2300,7 +2341,8 @@ Loader::PostLoadEvent(nsIURI* aURI,
                      aElement,
                      aWasAlternate,
                      aObserver,
-                      nullptr);
+                      nullptr,
+                      mDocument);
  NS_ENSURE_TRUE(evt, NS_ERROR_OUT_OF_MEMORY);

  if (!mPostedEvents.AppendElement(evt)) {
--- a/layout/style/nsFontFaceLoader.cpp
+++ b/layout/style/nsFontFaceLoader.cpp
@ -340,13 +340,18 @@ nsUserFontSet::StartLoad(gfxUserFontEntry* aUserFontEntry,
    channelPolicy->SetContentSecurityPolicy(csp);
    channelPolicy->SetLoadType(nsIContentPolicy::TYPE_FONT);
  }
-  rv = NS_NewChannel(getter_AddRefs(channel),
-                     aFontFaceSrc->mURI,
-                     nullptr,
-                     loadGroup,
-                     nullptr,
-                     nsIRequest::LOAD_NORMAL,
-                     channelPolicy);
+  // Note we are calling NS_NewChannelInternal() with both a node and a
+  // principal.  This is because the document where the font is being loaded
+  // might have a different origin from the principal of the stylesheet
+  // that initiated the font load.
+  rv = NS_NewChannelInternal(getter_AddRefs(channel),
+                             aFontFaceSrc->mURI,
+                             ps->GetDocument(),
+                             aUserFontEntry->mPrincipal,
+                             nsILoadInfo::SEC_NORMAL,
+                             nsIContentPolicy::TYPE_FONT,
+                             channelPolicy,
+                             loadGroup);

  NS_ENSURE_SUCCESS(rv, rv);

@ -955,13 +960,22 @@ nsUserFontSet::SyncLoadFontData(gfxUserFontEntry* aFontToLoad,
    channelPolicy->SetContentSecurityPolicy(csp);
    channelPolicy->SetLoadType(nsIContentPolicy::TYPE_FONT);
  }
-  rv = NS_NewChannel(getter_AddRefs(channel),
-                     aFontFaceSrc->mURI,
-                     nullptr,
-                     nullptr,
-                     nullptr,
-                     nsIRequest::LOAD_NORMAL,
-                     channelPolicy);
+
+  nsIPresShell* ps = mPresContext->PresShell();
+  if (!ps) {
+    return NS_ERROR_FAILURE;
+  }
+  // Note we are calling NS_NewChannelInternal() with both a node and a
+  // principal.  This is because the document where the font is being loaded
+  // might have a different origin from the principal of the stylesheet
+  // that initiated the font load.
+  rv = NS_NewChannelInternal(getter_AddRefs(channel),
+                             aFontFaceSrc->mURI,
+                             ps->GetDocument(),
+                             aFontToLoad->mPrincipal,
+                             nsILoadInfo::SEC_NORMAL,
+                             nsIContentPolicy::TYPE_FONT,
+                             channelPolicy);

  NS_ENSURE_SUCCESS(rv, rv);