diff options
| author | Kyle Machulis <kyle@nonpolynomial.com> | 2019-07-20 15:27:48 +0200 |
|---|---|---|
| committer | wolfbeast <mcwerewolf@wolfbeast.com> | 2019-07-20 15:28:48 +0200 |
| commit | 8b7daa5369f74b4402f0912c0c64be474f053b0a (patch) | |
| tree | b510c161aa5e8baadbf611403ab1a8bde5d4602f | |
| parent | c3643770724119efc1ec8b3fe4e2571db0f897b6 (diff) | |
| download | UXP-8b7daa5369f74b4402f0912c0c64be474f053b0a.tar UXP-8b7daa5369f74b4402f0912c0c64be474f053b0a.tar.gz UXP-8b7daa5369f74b4402f0912c0c64be474f053b0a.tar.lz UXP-8b7daa5369f74b4402f0912c0c64be474f053b0a.tar.xz UXP-8b7daa5369f74b4402f0912c0c64be474f053b0a.zip | |
Don't allow cross-origin POST redirects on 308 codes.
We already don't allow cross origin POST redirects on 307 redirects;
this adds extra guards to make sure we don't allow them on 308s either.
| -rw-r--r-- | dom/plugins/base/nsPluginStreamListenerPeer.cpp | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/dom/plugins/base/nsPluginStreamListenerPeer.cpp b/dom/plugins/base/nsPluginStreamListenerPeer.cpp index 665e11ec1..0476315d5 100644 --- a/dom/plugins/base/nsPluginStreamListenerPeer.cpp +++ b/dom/plugins/base/nsPluginStreamListenerPeer.cpp @@ -1381,7 +1381,7 @@ nsPluginStreamListenerPeer::AsyncOnChannelRedirect(nsIChannel *oldChannel, nsICh return NS_ERROR_FAILURE; } - // Don't allow cross-origin 307 POST redirects. + // Don't allow cross-origin 307/308 POST redirects. nsCOMPtr<nsIHttpChannel> oldHttpChannel(do_QueryInterface(oldChannel)); if (oldHttpChannel) { uint32_t responseStatus; @@ -1389,7 +1389,7 @@ nsPluginStreamListenerPeer::AsyncOnChannelRedirect(nsIChannel *oldChannel, nsICh if (NS_FAILED(rv)) { return rv; } - if (responseStatus == 307) { + if (responseStatus == 307 || responseStatus == 308) { nsAutoCString method; rv = oldHttpChannel->GetRequestMethod(method); if (NS_FAILED(rv)) { |