summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--application/basilisk/base/content/nsContextMenu.js9
-rw-r--r--application/palemoon/base/content/nsContextMenu.js9
-rw-r--r--devtools/client/netmonitor/request-utils.js3
-rw-r--r--dom/base/nsContentPolicyUtils.h1
-rw-r--r--dom/base/nsIContentPolicy.idl2
-rw-r--r--dom/base/nsIContentPolicyBase.idl16
-rw-r--r--dom/base/nsISimpleContentPolicy.idl2
-rw-r--r--dom/cache/DBSchema.cpp3
-rw-r--r--dom/fetch/InternalRequest.cpp3
-rw-r--r--dom/fetch/InternalRequest.h2
-rw-r--r--dom/security/nsCSPUtils.cpp3
-rw-r--r--dom/security/nsContentSecurityManager.cpp6
-rw-r--r--dom/security/nsMixedContentBlocker.cpp7
-rw-r--r--extensions/permissions/nsContentBlocker.cpp8
-rw-r--r--toolkit/modules/addons/WebRequestCommon.jsm1
15 files changed, 53 insertions, 22 deletions
diff --git a/application/basilisk/base/content/nsContextMenu.js b/application/basilisk/base/content/nsContextMenu.js
index 097caf367..589d670ab 100644
--- a/application/basilisk/base/content/nsContextMenu.js
+++ b/application/basilisk/base/content/nsContextMenu.js
@@ -1348,14 +1348,11 @@ nsContextMenu.prototype = {
}
// setting up a new channel for 'right click - save link as ...'
- // ideally we should use:
- // * doc - as the loadingNode, and/or
- // * this.principal - as the loadingPrincipal
- // for now lets use systemPrincipal to bypass mixedContentBlocker
- // checks after redirects, see bug: 1136055
var channel = NetUtil.newChannel({
uri: makeURI(linkURL),
- loadUsingSystemPrincipal: true
+ loadingPrincipal: this.principal,
+ contentPolicyType: Ci.nsIContentPolicy.TYPE_SAVEAS_DOWNLOAD,
+ securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS,
});
if (linkDownload)
diff --git a/application/palemoon/base/content/nsContextMenu.js b/application/palemoon/base/content/nsContextMenu.js
index f389491d3..738868ccb 100644
--- a/application/palemoon/base/content/nsContextMenu.js
+++ b/application/palemoon/base/content/nsContextMenu.js
@@ -1124,14 +1124,11 @@ nsContextMenu.prototype = {
}
// setting up a new channel for 'right click - save link as ...'
- // ideally we should use:
- // * doc - as the loadingNode, and/or
- // * this.principal - as the loadingPrincipal
- // for now lets use systemPrincipal to bypass mixedContentBlocker
- // checks after redirects, see bug: 1136055
var channel = NetUtil.newChannel({
uri: makeURI(linkURL),
- loadUsingSystemPrincipal: true
+ loadingPrincipal: this.target.ownerDocument.nodePrincipal,
+ contentPolicyType: Ci.nsIContentPolicy.TYPE_SAVEAS_DOWNLOAD,
+ securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS,
});
if (linkDownload)
diff --git a/devtools/client/netmonitor/request-utils.js b/devtools/client/netmonitor/request-utils.js
index 647d71e7c..90fb0c957 100644
--- a/devtools/client/netmonitor/request-utils.js
+++ b/devtools/client/netmonitor/request-utils.js
@@ -177,7 +177,8 @@ const LOAD_CAUSE_STRINGS = {
[Ci.nsIContentPolicy.TYPE_BEACON]: "beacon",
[Ci.nsIContentPolicy.TYPE_FETCH]: "fetch",
[Ci.nsIContentPolicy.TYPE_IMAGESET]: "imageset",
- [Ci.nsIContentPolicy.TYPE_WEB_MANIFEST]: "webManifest"
+ [Ci.nsIContentPolicy.TYPE_WEB_MANIFEST]: "webManifest",
+ [Ci.nsIContentPolicy.TYPE_SAVEAS_DOWNLOAD]: "saveasDownload"
};
exports.loadCauseString = function (causeType) {
diff --git a/dom/base/nsContentPolicyUtils.h b/dom/base/nsContentPolicyUtils.h
index ed0544226..600b24c56 100644
--- a/dom/base/nsContentPolicyUtils.h
+++ b/dom/base/nsContentPolicyUtils.h
@@ -134,6 +134,7 @@ NS_CP_ContentTypeName(uint32_t contentType)
CASE_RETURN( TYPE_INTERNAL_IMAGE_FAVICON );
CASE_RETURN( TYPE_INTERNAL_STYLESHEET );
CASE_RETURN( TYPE_INTERNAL_STYLESHEET_PRELOAD );
+ CASE_RETURN( TYPE_SAVEAS_DOWNLOAD );
default:
return "<Unknown Type>";
}
diff --git a/dom/base/nsIContentPolicy.idl b/dom/base/nsIContentPolicy.idl
index a73565a9a..200b97fbc 100644
--- a/dom/base/nsIContentPolicy.idl
+++ b/dom/base/nsIContentPolicy.idl
@@ -20,7 +20,7 @@ interface nsIPrincipal;
* by launching a dialog to prompt the user for something).
*/
-[scriptable,uuid(caad4f1f-d047-46ac-ae9d-dc598e4fb91b)]
+[scriptable,uuid(64a5ae16-6836-475c-9938-4b6cc1eee8fb)]
interface nsIContentPolicy : nsIContentPolicyBase
{
/**
diff --git a/dom/base/nsIContentPolicyBase.idl b/dom/base/nsIContentPolicyBase.idl
index 884e3d96d..908e562a8 100644
--- a/dom/base/nsIContentPolicyBase.idl
+++ b/dom/base/nsIContentPolicyBase.idl
@@ -24,7 +24,7 @@ typedef unsigned long nsContentPolicyType;
* by launching a dialog to prompt the user for something).
*/
-[scriptable,uuid(17418187-d86f-48dd-92d1-238838df0a4e)]
+[scriptable,uuid(d6ab1d11-8e24-4db4-8582-c40a78281737)]
interface nsIContentPolicyBase : nsISupports
{
/**
@@ -329,11 +329,17 @@ interface nsIContentPolicyBase : nsISupports
*/
const nsContentPolicyType TYPE_INTERNAL_IMAGE_FAVICON = 41;
+ /**
+ * Indicates an save-as link download from the front-end code.
+ */
+ const nsContentPolicyType TYPE_SAVEAS_DOWNLOAD = 42;
+
/* When adding new content types, please update nsContentBlocker,
- * NS_CP_ContentTypeName, nsCSPContext, all nsIContentPolicy
- * implementations, the static_assert in dom/cache/DBSchema.cpp,
- * and other things that are not listed here that are related to
- * nsIContentPolicy. */
+ * NS_CP_ContentTypeName, nsCSPContext, CSP_ContentTypeToDirective,
+ * DoContentSecurityChecks, all nsIContentPolicy implementations, the
+ * static_assert in dom/cache/DBSchema.cpp, nsPermissionManager.cpp,
+ * and other things that are not listed here that are related
+ * to nsIContentPolicy. */
//////////////////////////////////////////////////////////////////////
diff --git a/dom/base/nsISimpleContentPolicy.idl b/dom/base/nsISimpleContentPolicy.idl
index 493aee1a5..dc0474736 100644
--- a/dom/base/nsISimpleContentPolicy.idl
+++ b/dom/base/nsISimpleContentPolicy.idl
@@ -28,7 +28,7 @@ interface nsIDOMElement;
* by launching a dialog to prompt the user for something).
*/
-[scriptable,uuid(b9df71e3-a9b3-4706-b2d5-e6c0d3d68ec7)]
+[scriptable,uuid(1553a476-8a14-410b-8ecc-47f48e937392)]
interface nsISimpleContentPolicy : nsIContentPolicyBase
{
/**
diff --git a/dom/cache/DBSchema.cpp b/dom/cache/DBSchema.cpp
index d16ba2d6a..176e7b9d1 100644
--- a/dom/cache/DBSchema.cpp
+++ b/dom/cache/DBSchema.cpp
@@ -287,7 +287,8 @@ static_assert(nsIContentPolicy::TYPE_INVALID == 0 &&
nsIContentPolicy::TYPE_INTERNAL_IMAGE_PRELOAD == 38 &&
nsIContentPolicy::TYPE_INTERNAL_STYLESHEET == 39 &&
nsIContentPolicy::TYPE_INTERNAL_STYLESHEET_PRELOAD == 40 &&
- nsIContentPolicy::TYPE_INTERNAL_IMAGE_FAVICON == 41,
+ nsIContentPolicy::TYPE_INTERNAL_IMAGE_FAVICON == 41 &&
+ nsIContentPolicy::TYPE_SAVEAS_DOWNLOAD == 42,
"nsContentPolicyType values are as expected");
namespace {
diff --git a/dom/fetch/InternalRequest.cpp b/dom/fetch/InternalRequest.cpp
index 85feabde3..b2631da6a 100644
--- a/dom/fetch/InternalRequest.cpp
+++ b/dom/fetch/InternalRequest.cpp
@@ -320,6 +320,9 @@ InternalRequest::MapContentPolicyTypeToRequestContext(nsContentPolicyType aConte
case nsIContentPolicy::TYPE_WEB_MANIFEST:
context = RequestContext::Manifest;
break;
+ case nsIContentPolicy::TYPE_SAVEAS_DOWNLOAD:
+ context = RequestContext::Internal;
+ break;
default:
MOZ_ASSERT(false, "Unhandled nsContentPolicyType value");
break;
diff --git a/dom/fetch/InternalRequest.h b/dom/fetch/InternalRequest.h
index 84ee0bf69..966490675 100644
--- a/dom/fetch/InternalRequest.h
+++ b/dom/fetch/InternalRequest.h
@@ -53,7 +53,7 @@ namespace dom {
* image | TYPE_INTERNAL_IMAGE, TYPE_INTERNAL_IMAGE_PRELOAD, TYPE_INTERNAL_IMAGE_FAVICON
* imageset | TYPE_IMAGESET
* import | Not supported by Gecko
- * internal | TYPE_DOCUMENT, TYPE_XBL, TYPE_OTHER
+ * internal | TYPE_DOCUMENT, TYPE_XBL, TYPE_OTHER, TYPE_SAVEAS_DOWNLOAD
* location |
* manifest | TYPE_WEB_MANIFEST
* object | TYPE_INTERNAL_OBJECT
diff --git a/dom/security/nsCSPUtils.cpp b/dom/security/nsCSPUtils.cpp
index 49832f8f4..71c8e3433 100644
--- a/dom/security/nsCSPUtils.cpp
+++ b/dom/security/nsCSPUtils.cpp
@@ -258,6 +258,9 @@ CSP_ContentTypeToDirective(nsContentPolicyType aType)
case nsIContentPolicy::TYPE_CSP_REPORT:
return nsIContentSecurityPolicy::NO_DIRECTIVE;
+ case nsIContentPolicy::TYPE_SAVEAS_DOWNLOAD:
+ return nsIContentSecurityPolicy::NO_DIRECTIVE;
+
// Fall through to error for all other directives
default:
MOZ_ASSERT(false, "Can not map nsContentPolicyType to CSPDirective");
diff --git a/dom/security/nsContentSecurityManager.cpp b/dom/security/nsContentSecurityManager.cpp
index f329aa723..4ee9b4877 100644
--- a/dom/security/nsContentSecurityManager.cpp
+++ b/dom/security/nsContentSecurityManager.cpp
@@ -471,6 +471,12 @@ DoContentSecurityChecks(nsIChannel* aChannel, nsILoadInfo* aLoadInfo)
break;
}
+ case nsIContentPolicy::TYPE_SAVEAS_DOWNLOAD: {
+ mimeTypeGuess = EmptyCString();
+ requestingContext = aLoadInfo->LoadingNode();
+ break;
+ }
+
default:
// nsIContentPolicy::TYPE_INVALID
MOZ_ASSERT(false, "can not perform security check without a valid contentType");
diff --git a/dom/security/nsMixedContentBlocker.cpp b/dom/security/nsMixedContentBlocker.cpp
index 7d50a43a3..c03628da0 100644
--- a/dom/security/nsMixedContentBlocker.cpp
+++ b/dom/security/nsMixedContentBlocker.cpp
@@ -468,6 +468,13 @@ nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect,
*aDecision = ACCEPT;
return NS_OK;
+ // Creating insecure connections for a save-as link download is acceptable.
+ // This download is completely disconnected from the docShell, but still
+ // using the same loading principal.
+ case TYPE_SAVEAS_DOWNLOAD:
+ *aDecision = ACCEPT;
+ return NS_OK;
+
// Static display content is considered moderate risk for mixed content so
// these will be blocked according to the mixed display preference
case TYPE_IMAGE:
diff --git a/extensions/permissions/nsContentBlocker.cpp b/extensions/permissions/nsContentBlocker.cpp
index cc2162b70..391785dc3 100644
--- a/extensions/permissions/nsContentBlocker.cpp
+++ b/extensions/permissions/nsContentBlocker.cpp
@@ -23,6 +23,7 @@
#define BEHAVIOR_NOFOREIGN 3
// From nsIContentPolicy
+// and nsIContentPolicyBase.idl: Their order must be retained!
static const char *kTypeString[] = {
"other",
"script",
@@ -59,6 +60,13 @@ static const char *kTypeString[] = {
"", // TYPE_INTERNAL_XMLHTTPREQUEST
"", // TYPE_INTERNAL_EVENTSOURCE
"", // TYPE_INTERNAL_SERVICE_WORKER
+ "", // TYPE_INTERNAL_SCRIPT_PRELOAD
+ "", // TYPE_INTERNAL_IMAGE
+ "", // TYPE_INTERNAL_IMAGE_PRELOAD
+ "", // TYPE_INTERNAL_STYLESHEET
+ "", // TYPE_INTERNAL_STYLESHEET_PRELOAD
+ "", // TYPE_INTERNAL_IMAGE_FAVICON
+ "saveas_download",
};
#define NUMBER_OF_TYPES MOZ_ARRAY_LENGTH(kTypeString)
diff --git a/toolkit/modules/addons/WebRequestCommon.jsm b/toolkit/modules/addons/WebRequestCommon.jsm
index 9359f4ff7..5dc860376 100644
--- a/toolkit/modules/addons/WebRequestCommon.jsm
+++ b/toolkit/modules/addons/WebRequestCommon.jsm
@@ -35,6 +35,7 @@ var WebRequestCommon = {
case Ci.nsIContentPolicy.TYPE_CSP_REPORT: return "csp_report";
case Ci.nsIContentPolicy.TYPE_IMAGESET: return "imageset";
case Ci.nsIContentPolicy.TYPE_WEB_MANIFEST: return "web_manifest";
+ case Ci.nsIContentPolicy.TYPE_SAVEAS_DOWNLOAD: return "saveas_download";
default: return "other";
}
},