diff options
-rw-r--r-- | application/basilisk/base/content/nsContextMenu.js | 9 | ||||
-rw-r--r-- | application/palemoon/base/content/nsContextMenu.js | 9 | ||||
-rw-r--r-- | devtools/client/netmonitor/request-utils.js | 3 | ||||
-rw-r--r-- | dom/base/nsContentPolicyUtils.h | 1 | ||||
-rw-r--r-- | dom/base/nsIContentPolicy.idl | 2 | ||||
-rw-r--r-- | dom/base/nsIContentPolicyBase.idl | 16 | ||||
-rw-r--r-- | dom/base/nsISimpleContentPolicy.idl | 2 | ||||
-rw-r--r-- | dom/cache/DBSchema.cpp | 3 | ||||
-rw-r--r-- | dom/fetch/InternalRequest.cpp | 3 | ||||
-rw-r--r-- | dom/fetch/InternalRequest.h | 2 | ||||
-rw-r--r-- | dom/security/nsCSPUtils.cpp | 3 | ||||
-rw-r--r-- | dom/security/nsContentSecurityManager.cpp | 6 | ||||
-rw-r--r-- | dom/security/nsMixedContentBlocker.cpp | 7 | ||||
-rw-r--r-- | extensions/permissions/nsContentBlocker.cpp | 8 | ||||
-rw-r--r-- | toolkit/modules/addons/WebRequestCommon.jsm | 1 |
15 files changed, 53 insertions, 22 deletions
diff --git a/application/basilisk/base/content/nsContextMenu.js b/application/basilisk/base/content/nsContextMenu.js index 097caf367..589d670ab 100644 --- a/application/basilisk/base/content/nsContextMenu.js +++ b/application/basilisk/base/content/nsContextMenu.js @@ -1348,14 +1348,11 @@ nsContextMenu.prototype = { } // setting up a new channel for 'right click - save link as ...' - // ideally we should use: - // * doc - as the loadingNode, and/or - // * this.principal - as the loadingPrincipal - // for now lets use systemPrincipal to bypass mixedContentBlocker - // checks after redirects, see bug: 1136055 var channel = NetUtil.newChannel({ uri: makeURI(linkURL), - loadUsingSystemPrincipal: true + loadingPrincipal: this.principal, + contentPolicyType: Ci.nsIContentPolicy.TYPE_SAVEAS_DOWNLOAD, + securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS, }); if (linkDownload) diff --git a/application/palemoon/base/content/nsContextMenu.js b/application/palemoon/base/content/nsContextMenu.js index f389491d3..738868ccb 100644 --- a/application/palemoon/base/content/nsContextMenu.js +++ b/application/palemoon/base/content/nsContextMenu.js @@ -1124,14 +1124,11 @@ nsContextMenu.prototype = { } // setting up a new channel for 'right click - save link as ...' - // ideally we should use: - // * doc - as the loadingNode, and/or - // * this.principal - as the loadingPrincipal - // for now lets use systemPrincipal to bypass mixedContentBlocker - // checks after redirects, see bug: 1136055 var channel = NetUtil.newChannel({ uri: makeURI(linkURL), - loadUsingSystemPrincipal: true + loadingPrincipal: this.target.ownerDocument.nodePrincipal, + contentPolicyType: Ci.nsIContentPolicy.TYPE_SAVEAS_DOWNLOAD, + securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS, }); if (linkDownload) diff --git a/devtools/client/netmonitor/request-utils.js b/devtools/client/netmonitor/request-utils.js index 647d71e7c..90fb0c957 100644 --- a/devtools/client/netmonitor/request-utils.js +++ b/devtools/client/netmonitor/request-utils.js @@ -177,7 +177,8 @@ const LOAD_CAUSE_STRINGS = { [Ci.nsIContentPolicy.TYPE_BEACON]: "beacon", [Ci.nsIContentPolicy.TYPE_FETCH]: "fetch", [Ci.nsIContentPolicy.TYPE_IMAGESET]: "imageset", - [Ci.nsIContentPolicy.TYPE_WEB_MANIFEST]: "webManifest" + [Ci.nsIContentPolicy.TYPE_WEB_MANIFEST]: "webManifest", + [Ci.nsIContentPolicy.TYPE_SAVEAS_DOWNLOAD]: "saveasDownload" }; exports.loadCauseString = function (causeType) { diff --git a/dom/base/nsContentPolicyUtils.h b/dom/base/nsContentPolicyUtils.h index ed0544226..600b24c56 100644 --- a/dom/base/nsContentPolicyUtils.h +++ b/dom/base/nsContentPolicyUtils.h @@ -134,6 +134,7 @@ NS_CP_ContentTypeName(uint32_t contentType) CASE_RETURN( TYPE_INTERNAL_IMAGE_FAVICON ); CASE_RETURN( TYPE_INTERNAL_STYLESHEET ); CASE_RETURN( TYPE_INTERNAL_STYLESHEET_PRELOAD ); + CASE_RETURN( TYPE_SAVEAS_DOWNLOAD ); default: return "<Unknown Type>"; } diff --git a/dom/base/nsIContentPolicy.idl b/dom/base/nsIContentPolicy.idl index a73565a9a..200b97fbc 100644 --- a/dom/base/nsIContentPolicy.idl +++ b/dom/base/nsIContentPolicy.idl @@ -20,7 +20,7 @@ interface nsIPrincipal; * by launching a dialog to prompt the user for something). */ -[scriptable,uuid(caad4f1f-d047-46ac-ae9d-dc598e4fb91b)] +[scriptable,uuid(64a5ae16-6836-475c-9938-4b6cc1eee8fb)] interface nsIContentPolicy : nsIContentPolicyBase { /** diff --git a/dom/base/nsIContentPolicyBase.idl b/dom/base/nsIContentPolicyBase.idl index 884e3d96d..908e562a8 100644 --- a/dom/base/nsIContentPolicyBase.idl +++ b/dom/base/nsIContentPolicyBase.idl @@ -24,7 +24,7 @@ typedef unsigned long nsContentPolicyType; * by launching a dialog to prompt the user for something). */ -[scriptable,uuid(17418187-d86f-48dd-92d1-238838df0a4e)] +[scriptable,uuid(d6ab1d11-8e24-4db4-8582-c40a78281737)] interface nsIContentPolicyBase : nsISupports { /** @@ -329,11 +329,17 @@ interface nsIContentPolicyBase : nsISupports */ const nsContentPolicyType TYPE_INTERNAL_IMAGE_FAVICON = 41; + /** + * Indicates an save-as link download from the front-end code. + */ + const nsContentPolicyType TYPE_SAVEAS_DOWNLOAD = 42; + /* When adding new content types, please update nsContentBlocker, - * NS_CP_ContentTypeName, nsCSPContext, all nsIContentPolicy - * implementations, the static_assert in dom/cache/DBSchema.cpp, - * and other things that are not listed here that are related to - * nsIContentPolicy. */ + * NS_CP_ContentTypeName, nsCSPContext, CSP_ContentTypeToDirective, + * DoContentSecurityChecks, all nsIContentPolicy implementations, the + * static_assert in dom/cache/DBSchema.cpp, nsPermissionManager.cpp, + * and other things that are not listed here that are related + * to nsIContentPolicy. */ ////////////////////////////////////////////////////////////////////// diff --git a/dom/base/nsISimpleContentPolicy.idl b/dom/base/nsISimpleContentPolicy.idl index 493aee1a5..dc0474736 100644 --- a/dom/base/nsISimpleContentPolicy.idl +++ b/dom/base/nsISimpleContentPolicy.idl @@ -28,7 +28,7 @@ interface nsIDOMElement; * by launching a dialog to prompt the user for something). */ -[scriptable,uuid(b9df71e3-a9b3-4706-b2d5-e6c0d3d68ec7)] +[scriptable,uuid(1553a476-8a14-410b-8ecc-47f48e937392)] interface nsISimpleContentPolicy : nsIContentPolicyBase { /** diff --git a/dom/cache/DBSchema.cpp b/dom/cache/DBSchema.cpp index d16ba2d6a..176e7b9d1 100644 --- a/dom/cache/DBSchema.cpp +++ b/dom/cache/DBSchema.cpp @@ -287,7 +287,8 @@ static_assert(nsIContentPolicy::TYPE_INVALID == 0 && nsIContentPolicy::TYPE_INTERNAL_IMAGE_PRELOAD == 38 && nsIContentPolicy::TYPE_INTERNAL_STYLESHEET == 39 && nsIContentPolicy::TYPE_INTERNAL_STYLESHEET_PRELOAD == 40 && - nsIContentPolicy::TYPE_INTERNAL_IMAGE_FAVICON == 41, + nsIContentPolicy::TYPE_INTERNAL_IMAGE_FAVICON == 41 && + nsIContentPolicy::TYPE_SAVEAS_DOWNLOAD == 42, "nsContentPolicyType values are as expected"); namespace { diff --git a/dom/fetch/InternalRequest.cpp b/dom/fetch/InternalRequest.cpp index 85feabde3..b2631da6a 100644 --- a/dom/fetch/InternalRequest.cpp +++ b/dom/fetch/InternalRequest.cpp @@ -320,6 +320,9 @@ InternalRequest::MapContentPolicyTypeToRequestContext(nsContentPolicyType aConte case nsIContentPolicy::TYPE_WEB_MANIFEST: context = RequestContext::Manifest; break; + case nsIContentPolicy::TYPE_SAVEAS_DOWNLOAD: + context = RequestContext::Internal; + break; default: MOZ_ASSERT(false, "Unhandled nsContentPolicyType value"); break; diff --git a/dom/fetch/InternalRequest.h b/dom/fetch/InternalRequest.h index 84ee0bf69..966490675 100644 --- a/dom/fetch/InternalRequest.h +++ b/dom/fetch/InternalRequest.h @@ -53,7 +53,7 @@ namespace dom { * image | TYPE_INTERNAL_IMAGE, TYPE_INTERNAL_IMAGE_PRELOAD, TYPE_INTERNAL_IMAGE_FAVICON * imageset | TYPE_IMAGESET * import | Not supported by Gecko - * internal | TYPE_DOCUMENT, TYPE_XBL, TYPE_OTHER + * internal | TYPE_DOCUMENT, TYPE_XBL, TYPE_OTHER, TYPE_SAVEAS_DOWNLOAD * location | * manifest | TYPE_WEB_MANIFEST * object | TYPE_INTERNAL_OBJECT diff --git a/dom/security/nsCSPUtils.cpp b/dom/security/nsCSPUtils.cpp index 49832f8f4..71c8e3433 100644 --- a/dom/security/nsCSPUtils.cpp +++ b/dom/security/nsCSPUtils.cpp @@ -258,6 +258,9 @@ CSP_ContentTypeToDirective(nsContentPolicyType aType) case nsIContentPolicy::TYPE_CSP_REPORT: return nsIContentSecurityPolicy::NO_DIRECTIVE; + case nsIContentPolicy::TYPE_SAVEAS_DOWNLOAD: + return nsIContentSecurityPolicy::NO_DIRECTIVE; + // Fall through to error for all other directives default: MOZ_ASSERT(false, "Can not map nsContentPolicyType to CSPDirective"); diff --git a/dom/security/nsContentSecurityManager.cpp b/dom/security/nsContentSecurityManager.cpp index f329aa723..4ee9b4877 100644 --- a/dom/security/nsContentSecurityManager.cpp +++ b/dom/security/nsContentSecurityManager.cpp @@ -471,6 +471,12 @@ DoContentSecurityChecks(nsIChannel* aChannel, nsILoadInfo* aLoadInfo) break; } + case nsIContentPolicy::TYPE_SAVEAS_DOWNLOAD: { + mimeTypeGuess = EmptyCString(); + requestingContext = aLoadInfo->LoadingNode(); + break; + } + default: // nsIContentPolicy::TYPE_INVALID MOZ_ASSERT(false, "can not perform security check without a valid contentType"); diff --git a/dom/security/nsMixedContentBlocker.cpp b/dom/security/nsMixedContentBlocker.cpp index 7d50a43a3..c03628da0 100644 --- a/dom/security/nsMixedContentBlocker.cpp +++ b/dom/security/nsMixedContentBlocker.cpp @@ -468,6 +468,13 @@ nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect, *aDecision = ACCEPT; return NS_OK; + // Creating insecure connections for a save-as link download is acceptable. + // This download is completely disconnected from the docShell, but still + // using the same loading principal. + case TYPE_SAVEAS_DOWNLOAD: + *aDecision = ACCEPT; + return NS_OK; + // Static display content is considered moderate risk for mixed content so // these will be blocked according to the mixed display preference case TYPE_IMAGE: diff --git a/extensions/permissions/nsContentBlocker.cpp b/extensions/permissions/nsContentBlocker.cpp index cc2162b70..391785dc3 100644 --- a/extensions/permissions/nsContentBlocker.cpp +++ b/extensions/permissions/nsContentBlocker.cpp @@ -23,6 +23,7 @@ #define BEHAVIOR_NOFOREIGN 3 // From nsIContentPolicy +// and nsIContentPolicyBase.idl: Their order must be retained! static const char *kTypeString[] = { "other", "script", @@ -59,6 +60,13 @@ static const char *kTypeString[] = { "", // TYPE_INTERNAL_XMLHTTPREQUEST "", // TYPE_INTERNAL_EVENTSOURCE "", // TYPE_INTERNAL_SERVICE_WORKER + "", // TYPE_INTERNAL_SCRIPT_PRELOAD + "", // TYPE_INTERNAL_IMAGE + "", // TYPE_INTERNAL_IMAGE_PRELOAD + "", // TYPE_INTERNAL_STYLESHEET + "", // TYPE_INTERNAL_STYLESHEET_PRELOAD + "", // TYPE_INTERNAL_IMAGE_FAVICON + "saveas_download", }; #define NUMBER_OF_TYPES MOZ_ARRAY_LENGTH(kTypeString) diff --git a/toolkit/modules/addons/WebRequestCommon.jsm b/toolkit/modules/addons/WebRequestCommon.jsm index 9359f4ff7..5dc860376 100644 --- a/toolkit/modules/addons/WebRequestCommon.jsm +++ b/toolkit/modules/addons/WebRequestCommon.jsm @@ -35,6 +35,7 @@ var WebRequestCommon = { case Ci.nsIContentPolicy.TYPE_CSP_REPORT: return "csp_report"; case Ci.nsIContentPolicy.TYPE_IMAGESET: return "imageset"; case Ci.nsIContentPolicy.TYPE_WEB_MANIFEST: return "web_manifest"; + case Ci.nsIContentPolicy.TYPE_SAVEAS_DOWNLOAD: return "saveas_download"; default: return "other"; } }, |