summaryrefslogtreecommitdiffstats
path: root/dom/plugins
diff options
context:
space:
mode:
authorKyle Machulis <kyle@nonpolynomial.com>2019-07-20 15:27:48 +0200
committerwolfbeast <mcwerewolf@wolfbeast.com>2019-07-22 12:20:58 +0200
commit2e1267ed95da1db2705adf4d1c17d72783821a31 (patch)
tree66a733d518aab8bb87c99026d0b5fde4de5acc89 /dom/plugins
parent5e9dc3044f8aebd06bdd1095832a057e6efb7305 (diff)
downloadUXP-2e1267ed95da1db2705adf4d1c17d72783821a31.tar
UXP-2e1267ed95da1db2705adf4d1c17d72783821a31.tar.gz
UXP-2e1267ed95da1db2705adf4d1c17d72783821a31.tar.lz
UXP-2e1267ed95da1db2705adf4d1c17d72783821a31.tar.xz
UXP-2e1267ed95da1db2705adf4d1c17d72783821a31.zip
Don't allow cross-origin POST redirects on 308 codes.
We already don't allow cross origin POST redirects on 307 redirects; this adds extra guards to make sure we don't allow them on 308s either.
Diffstat (limited to 'dom/plugins')
-rw-r--r--dom/plugins/base/nsPluginStreamListenerPeer.cpp4
1 files changed, 2 insertions, 2 deletions
diff --git a/dom/plugins/base/nsPluginStreamListenerPeer.cpp b/dom/plugins/base/nsPluginStreamListenerPeer.cpp
index 665e11ec1..0476315d5 100644
--- a/dom/plugins/base/nsPluginStreamListenerPeer.cpp
+++ b/dom/plugins/base/nsPluginStreamListenerPeer.cpp
@@ -1381,7 +1381,7 @@ nsPluginStreamListenerPeer::AsyncOnChannelRedirect(nsIChannel *oldChannel, nsICh
return NS_ERROR_FAILURE;
}
- // Don't allow cross-origin 307 POST redirects.
+ // Don't allow cross-origin 307/308 POST redirects.
nsCOMPtr<nsIHttpChannel> oldHttpChannel(do_QueryInterface(oldChannel));
if (oldHttpChannel) {
uint32_t responseStatus;
@@ -1389,7 +1389,7 @@ nsPluginStreamListenerPeer::AsyncOnChannelRedirect(nsIChannel *oldChannel, nsICh
if (NS_FAILED(rv)) {
return rv;
}
- if (responseStatus == 307) {
+ if (responseStatus == 307 || responseStatus == 308) {
nsAutoCString method;
rv = oldHttpChannel->GetRequestMethod(method);
if (NS_FAILED(rv)) {
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-25 22:22:29 +0000