summaryrefslogtreecommitdiffstats
path: root/netwerk/base/nsNetUtil.cpp
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@wolfbeast.com>2019-07-20 14:56:26 +0200
committerwolfbeast <mcwerewolf@wolfbeast.com>2019-07-20 14:56:26 +0200
commit33b6f178d16f94df7de98d1316f563f14a2bedd5 (patch)
treee16427f59d80337e39b2e66fcd281c4a6802cc8f /netwerk/base/nsNetUtil.cpp
parentaae0bfd5b8e4ac85d97cdce4a0fcd405f3160cd7 (diff)
downloadUXP-33b6f178d16f94df7de98d1316f563f14a2bedd5.tar
UXP-33b6f178d16f94df7de98d1316f563f14a2bedd5.tar.gz
UXP-33b6f178d16f94df7de98d1316f563f14a2bedd5.tar.lz
UXP-33b6f178d16f94df7de98d1316f563f14a2bedd5.tar.xz
UXP-33b6f178d16f94df7de98d1316f563f14a2bedd5.zip
Treat all file: URIs as having a unique origin.
This prevents cross-file access from files loaded into the browser from the local file system, further restricting the origin policy of file: URIs. Added a pref to control this behavior for local file access if required for certain applications, since this change might break using the browser to run applications on the local file system that require access to local files.
Diffstat (limited to 'netwerk/base/nsNetUtil.cpp')
-rw-r--r--netwerk/base/nsNetUtil.cpp56
1 files changed, 32 insertions, 24 deletions
diff --git a/netwerk/base/nsNetUtil.cpp b/netwerk/base/nsNetUtil.cpp
index 653a9003e..2974e26b0 100644
--- a/netwerk/base/nsNetUtil.cpp
+++ b/netwerk/base/nsNetUtil.cpp
@@ -10,6 +10,7 @@
#include "mozilla/LoadContext.h"
#include "mozilla/LoadInfo.h"
#include "mozilla/BasePrincipal.h"
+#include "mozilla/Preferences.h"
#include "mozilla/Telemetry.h"
#include "nsNetUtil.h"
#include "nsNetUtilInlines.h"
@@ -1821,33 +1822,40 @@ NS_RelaxStrictFileOriginPolicy(nsIURI *aTargetURI,
return false;
}
- //
- // If the file to be loaded is in a subdirectory of the source
- // (or same-dir if source is not a directory) then it will
- // inherit its source principal and be scriptable by that source.
- //
- bool sourceIsDir;
- bool allowed = false;
- nsresult rv = sourceFile->IsDirectory(&sourceIsDir);
- if (NS_SUCCEEDED(rv) && sourceIsDir) {
- rv = sourceFile->Contains(targetFile, &allowed);
- } else {
- nsCOMPtr<nsIFile> sourceParent;
- rv = sourceFile->GetParent(getter_AddRefs(sourceParent));
- if (NS_SUCCEEDED(rv) && sourceParent) {
- rv = sourceParent->Equals(targetFile, &allowed);
- if (NS_FAILED(rv) || !allowed) {
- rv = sourceParent->Contains(targetFile, &allowed);
- } else {
- MOZ_ASSERT(aAllowDirectoryTarget,
- "sourceFile->Parent == targetFile, but targetFile "
- "should've been disallowed if it is a directory");
+ bool uniqueOrigin = true;
+ uniqueOrigin = Preferences::GetBool("security.fileuri.unique_origin");
+
+ // If treating all files as unique origins, we can skip this because
+ // it should always be refused.
+ if (!uniqueOrigin) {
+ //
+ // If the file to be loaded is in a subdirectory of the source
+ // (or same-dir if source is not a directory) then it will
+ // inherit its source principal and be scriptable by that source.
+ //
+ bool sourceIsDir;
+ bool allowed = false;
+ nsresult rv = sourceFile->IsDirectory(&sourceIsDir);
+ if (NS_SUCCEEDED(rv) && sourceIsDir) {
+ rv = sourceFile->Contains(targetFile, &allowed);
+ } else {
+ nsCOMPtr<nsIFile> sourceParent;
+ rv = sourceFile->GetParent(getter_AddRefs(sourceParent));
+ if (NS_SUCCEEDED(rv) && sourceParent) {
+ rv = sourceParent->Equals(targetFile, &allowed);
+ if (NS_FAILED(rv) || !allowed) {
+ rv = sourceParent->Contains(targetFile, &allowed);
+ } else {
+ MOZ_ASSERT(aAllowDirectoryTarget,
+ "sourceFile->Parent == targetFile, but targetFile "
+ "should've been disallowed if it is a directory");
+ }
}
}
- }
- if (NS_SUCCEEDED(rv) && allowed) {
- return true;
+ if (NS_SUCCEEDED(rv) && allowed) {
+ return true;
+ }
}
return false;