summaryrefslogtreecommitdiffstats
path: root/dom/security
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@wolfbeast.com>2020-02-11 12:30:45 +0100
committerwolfbeast <mcwerewolf@wolfbeast.com>2020-02-11 12:30:45 +0100
commit6184ed7555d622afdad9d888627e0084182ccaa8 (patch)
tree9feafa0c64d8a127b44e410530c2be1b13f4765c /dom/security
parent31d8779a2292a917476c9ef85cea1e73be826c96 (diff)
downloadUXP-6184ed7555d622afdad9d888627e0084182ccaa8.tar
UXP-6184ed7555d622afdad9d888627e0084182ccaa8.tar.gz
UXP-6184ed7555d622afdad9d888627e0084182ccaa8.tar.lz
UXP-6184ed7555d622afdad9d888627e0084182ccaa8.tar.xz
UXP-6184ed7555d622afdad9d888627e0084182ccaa8.zip
[CSP] Allow not having a Port for RessourceURI if the Scheme has no
Default Port
Diffstat (limited to 'dom/security')
-rw-r--r--dom/security/nsCSPUtils.cpp16
1 files changed, 15 insertions, 1 deletions
diff --git a/dom/security/nsCSPUtils.cpp b/dom/security/nsCSPUtils.cpp
index d07ad7945..6d4f297d6 100644
--- a/dom/security/nsCSPUtils.cpp
+++ b/dom/security/nsCSPUtils.cpp
@@ -555,7 +555,21 @@ permitsPort(const nsAString& aEnforcementScheme,
int32_t resourcePort;
nsresult rv = aResourceURI->GetPort(&resourcePort);
- NS_ENSURE_SUCCESS(rv, false);
+ if (NS_FAILED(rv) && aEnforcementPort.IsEmpty()) {
+ // If we cannot get a Port (e.g. because of an Custom Protocol handler)
+ // we need to check if a default port is associated with the Scheme
+ if (aEnforcementScheme.IsEmpty()) {
+ return false;
+ }
+ int defaultPortforScheme =
+ NS_GetDefaultPort(NS_ConvertUTF16toUTF8(aEnforcementScheme).get());
+
+ // If there is no default port associated with the Scheme (
+ // defaultPortforScheme == -1) or it is an externally handled protocol (
+ // defaultPortforScheme == 0 ) and the csp does not enforce a port - we can
+ // allow not having a port
+ return (defaultPortforScheme == -1 || defaultPortforScheme == 0);
+ }
// Avoid unnecessary string creation/manipulation and don't block the
// load if the resource to be loaded uses the default port for that