summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@wolfbeast.com>2020-02-11 12:30:45 +0100
committerwolfbeast <mcwerewolf@wolfbeast.com>2020-02-15 13:19:25 +0100
commit582949cd30c2d8d20a16d3f972dabb164bddc029 (patch)
tree84375c93171fff154c67e17ef43145ea6f8f2245
parenta48dabbcba5d72cc76137984797383aecc704de8 (diff)
downloadUXP-582949cd30c2d8d20a16d3f972dabb164bddc029.tar
UXP-582949cd30c2d8d20a16d3f972dabb164bddc029.tar.gz
UXP-582949cd30c2d8d20a16d3f972dabb164bddc029.tar.lz
UXP-582949cd30c2d8d20a16d3f972dabb164bddc029.tar.xz
UXP-582949cd30c2d8d20a16d3f972dabb164bddc029.zip
[CSP] Allow not having a Port for RessourceURI if the Scheme has no
Default Port
-rw-r--r--dom/security/nsCSPUtils.cpp16
1 files changed, 15 insertions, 1 deletions
diff --git a/dom/security/nsCSPUtils.cpp b/dom/security/nsCSPUtils.cpp
index d07ad7945..6d4f297d6 100644
--- a/dom/security/nsCSPUtils.cpp
+++ b/dom/security/nsCSPUtils.cpp
@@ -555,7 +555,21 @@ permitsPort(const nsAString& aEnforcementScheme,
int32_t resourcePort;
nsresult rv = aResourceURI->GetPort(&resourcePort);
- NS_ENSURE_SUCCESS(rv, false);
+ if (NS_FAILED(rv) && aEnforcementPort.IsEmpty()) {
+ // If we cannot get a Port (e.g. because of an Custom Protocol handler)
+ // we need to check if a default port is associated with the Scheme
+ if (aEnforcementScheme.IsEmpty()) {
+ return false;
+ }
+ int defaultPortforScheme =
+ NS_GetDefaultPort(NS_ConvertUTF16toUTF8(aEnforcementScheme).get());
+
+ // If there is no default port associated with the Scheme (
+ // defaultPortforScheme == -1) or it is an externally handled protocol (
+ // defaultPortforScheme == 0 ) and the csp does not enforce a port - we can
+ // allow not having a port
+ return (defaultPortforScheme == -1 || defaultPortforScheme == 0);
+ }
// Avoid unnecessary string creation/manipulation and don't block the
// load if the resource to be loaded uses the default port for that