diff options
| author | Moonchild <moonchild@palemoon.org> | 2021-01-09 19:19:39 +0000 |
|---|---|---|
| committer | Moonchild <moonchild@palemoon.org> | 2021-01-09 19:19:39 +0000 |
| commit | c0db767c25b8ebfc9d8d4cb4d07084243e56da8e (patch) | |
| tree | fca3f47e4ef05fb07dc95332ced12783397dde83 /dom/security | |
| parent | c1825acab02a9eb5f80e27986fab8d02422247f9 (diff) | |
| download | UXP-c0db767c25b8ebfc9d8d4cb4d07084243e56da8e.tar UXP-c0db767c25b8ebfc9d8d4cb4d07084243e56da8e.tar.gz UXP-c0db767c25b8ebfc9d8d4cb4d07084243e56da8e.tar.lz UXP-c0db767c25b8ebfc9d8d4cb4d07084243e56da8e.tar.xz UXP-c0db767c25b8ebfc9d8d4cb4d07084243e56da8e.zip | |
Issue #1710 - Check for triggering principal URI in FTP subresource check.
Resolves #1710
Diffstat (limited to 'dom/security')
| -rw-r--r-- | dom/security/nsContentSecurityManager.cpp | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/dom/security/nsContentSecurityManager.cpp b/dom/security/nsContentSecurityManager.cpp index 298dc810e..d33f962ec 100644 --- a/dom/security/nsContentSecurityManager.cpp +++ b/dom/security/nsContentSecurityManager.cpp @@ -149,8 +149,16 @@ nsContentSecurityManager::CheckFTPSubresourceLoad(nsIChannel* aChannel) nsIPrincipal* triggeringPrincipal = loadInfo->TriggeringPrincipal(); nsCOMPtr<nsIURI> tURI; triggeringPrincipal->GetURI(getter_AddRefs(tURI)); + if (!tURI) { + // We don't have a triggering principal URI, meaning this isn't actually + // a subresource, but rather a top-level document, i.e. something we can + // display in-browser and might be saving as-is. Allow the load. + return NS_OK; + } bool isTrigFtpURI = (NS_SUCCEEDED(tURI->SchemeIs("ftp", &isTrigFtpURI)) && isTrigFtpURI); if (isTrigFtpURI) { + // The document loading this resource is also on FTP, satisfying the SOP. + // Allow the load. return NS_OK; } |