summaryrefslogtreecommitdiffstats
path: root/dom/security
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@wolfbeast.com>2020-02-11 12:30:45 +0100
committerwolfbeast <mcwerewolf@wolfbeast.com>2020-04-14 12:41:57 +0200
commitc4f65de9b2c195ebe090a2f334aa7207c30a8a28 (patch)
tree79c949dc169d4f7c3e0b53837213a2c916de5f12 /dom/security
parente3148b0a25df4975996e0c173768fa55aa2af4ec (diff)
downloadUXP-c4f65de9b2c195ebe090a2f334aa7207c30a8a28.tar
UXP-c4f65de9b2c195ebe090a2f334aa7207c30a8a28.tar.gz
UXP-c4f65de9b2c195ebe090a2f334aa7207c30a8a28.tar.lz
UXP-c4f65de9b2c195ebe090a2f334aa7207c30a8a28.tar.xz
UXP-c4f65de9b2c195ebe090a2f334aa7207c30a8a28.zip
[CSP] Allow not having a Port for RessourceURI if the Scheme has no
Default Port
Diffstat (limited to 'dom/security')
-rw-r--r--dom/security/nsCSPUtils.cpp16
1 files changed, 15 insertions, 1 deletions
diff --git a/dom/security/nsCSPUtils.cpp b/dom/security/nsCSPUtils.cpp
index d07ad7945..6d4f297d6 100644
--- a/dom/security/nsCSPUtils.cpp
+++ b/dom/security/nsCSPUtils.cpp
@@ -555,7 +555,21 @@ permitsPort(const nsAString& aEnforcementScheme,
int32_t resourcePort;
nsresult rv = aResourceURI->GetPort(&resourcePort);
- NS_ENSURE_SUCCESS(rv, false);
+ if (NS_FAILED(rv) && aEnforcementPort.IsEmpty()) {
+ // If we cannot get a Port (e.g. because of an Custom Protocol handler)
+ // we need to check if a default port is associated with the Scheme
+ if (aEnforcementScheme.IsEmpty()) {
+ return false;
+ }
+ int defaultPortforScheme =
+ NS_GetDefaultPort(NS_ConvertUTF16toUTF8(aEnforcementScheme).get());
+
+ // If there is no default port associated with the Scheme (
+ // defaultPortforScheme == -1) or it is an externally handled protocol (
+ // defaultPortforScheme == 0 ) and the csp does not enforce a port - we can
+ // allow not having a port
+ return (defaultPortforScheme == -1 || defaultPortforScheme == 0);
+ }
// Avoid unnecessary string creation/manipulation and don't block the
// load if the resource to be loaded uses the default port for that