From daf0b30772427f5faefe11d724b63c39d2f97b7d Mon Sep 17 00:00:00 2001 From: wolfbeast Date: Tue, 10 Jul 2018 18:16:22 +0200 Subject: Make nsAtomicFileOutputStream::DoOpen() fail if the file is read-only. This means we don't leave behind prefs-.js files when prefs.js is read-only. --- netwerk/base/nsFileStreams.cpp | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'netwerk') diff --git a/netwerk/base/nsFileStreams.cpp b/netwerk/base/nsFileStreams.cpp index 2ddb7ae98..6508b33b9 100644 --- a/netwerk/base/nsFileStreams.cpp +++ b/netwerk/base/nsFileStreams.cpp @@ -1015,11 +1015,18 @@ nsAtomicFileOutputStream::DoOpen() } if (NS_SUCCEEDED(rv) && mTargetFileExists) { + // Abort if |file| is not writable; it won't work as an output stream. + bool isWritable; + if (NS_SUCCEEDED(file->IsWritable(&isWritable)) && !isWritable) { + return NS_ERROR_FILE_ACCESS_DENIED; + } + uint32_t origPerm; if (NS_FAILED(file->GetPermissions(&origPerm))) { NS_ERROR("Can't get permissions of target file"); origPerm = mOpenParams.perm; } + // XXX What if |perm| is more restrictive then |origPerm|? // This leaves the user supplied permissions as they were. rv = tempResult->CreateUnique(nsIFile::NORMAL_FILE_TYPE, origPerm); -- cgit v1.2.3 From 9e91804a7ac273816afe296c660025ecf9c79cde Mon Sep 17 00:00:00 2001 From: janekptacijarabaci Date: Tue, 31 Jul 2018 07:02:39 +0200 Subject: Fixed misleading console error message for multiple CORS headers --- netwerk/protocol/http/nsCORSListenerProxy.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'netwerk') diff --git a/netwerk/protocol/http/nsCORSListenerProxy.cpp b/netwerk/protocol/http/nsCORSListenerProxy.cpp index c2a624330..b9355c82b 100644 --- a/netwerk/protocol/http/nsCORSListenerProxy.cpp +++ b/netwerk/protocol/http/nsCORSListenerProxy.cpp @@ -577,7 +577,7 @@ nsCORSListenerProxy::CheckRequestApproved(nsIRequest* aRequest) // check for duplicate headers rv = http->VisitOriginalResponseHeaders(visitor); if (NS_FAILED(rv)) { - LogBlockedRequest(aRequest, "CORSAllowOriginNotMatchingOrigin", nullptr); + LogBlockedRequest(aRequest, "CORSMultipleAllowOriginNotAllowed", nullptr); return rv; } -- cgit v1.2.3