diff options
author | Ascrod <32915892+Ascrod@users.noreply.github.com> | 2018-07-05 21:00:31 -0400 |
---|---|---|
committer | Ascrod <32915892+Ascrod@users.noreply.github.com> | 2018-07-05 21:00:31 -0400 |
commit | 6f64e487f35986f093dbb002d12554a61021b2c9 (patch) | |
tree | a8c68cfabfbd57f3cbdb490521479834e1224983 | |
parent | dac5ea478509d939c7f0f51e95d0989a156e6f11 (diff) | |
download | UXP-6f64e487f35986f093dbb002d12554a61021b2c9.tar UXP-6f64e487f35986f093dbb002d12554a61021b2c9.tar.gz UXP-6f64e487f35986f093dbb002d12554a61021b2c9.tar.lz UXP-6f64e487f35986f093dbb002d12554a61021b2c9.tar.xz UXP-6f64e487f35986f093dbb002d12554a61021b2c9.zip |
Bug 1456652 - SameSite cookie Reader view patch bypass
-rw-r--r-- | toolkit/components/reader/ReaderMode.jsm | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/toolkit/components/reader/ReaderMode.jsm b/toolkit/components/reader/ReaderMode.jsm index e9eb83154..6641e7387 100644 --- a/toolkit/components/reader/ReaderMode.jsm +++ b/toolkit/components/reader/ReaderMode.jsm @@ -119,7 +119,18 @@ this.ReaderMode = { } } - win.document.location = originalURL; + let referrerURI, principal; + try { + referrerURI = Services.io.newURI(url); + principal = Services.scriptSecurityManager.createCodebasePrincipal( + referrerURI, win.document.nodePrincipal.originAttributes); + } catch (e) { + Cu.reportError(e); + return; + } + let flags = webNav.LOAD_FLAGS_DISALLOW_INHERIT_PRINCIPAL | + webNav.LOAD_FLAGS_DISALLOW_INHERIT_OWNER; + webNav.loadURI(originalURL, flags, referrerURI, null, null, principal); }, /** |