diff options
author | Moonchild <mcwerewolf@gmail.com> | 2018-09-27 00:59:51 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-09-27 00:59:51 +0200 |
commit | b92dbaf6a1da5e06e9c0eb818288c0db1b6e45e2 (patch) | |
tree | 61462bdb3c34813d3cbd32c87628854a48392cea /devtools | |
parent | 63875408947b0e5551f41e4de1e0ca44dd970c36 (diff) | |
parent | c5c9445e3adf6b65c98f6810551d7c3d64133134 (diff) | |
download | UXP-b92dbaf6a1da5e06e9c0eb818288c0db1b6e45e2.tar UXP-b92dbaf6a1da5e06e9c0eb818288c0db1b6e45e2.tar.gz UXP-b92dbaf6a1da5e06e9c0eb818288c0db1b6e45e2.tar.lz UXP-b92dbaf6a1da5e06e9c0eb818288c0db1b6e45e2.tar.xz UXP-b92dbaf6a1da5e06e9c0eb818288c0db1b6e45e2.zip |
Merge pull request #791 from g4jc/session_supercookie
Issue #792 - backport mozbug 1334776 - CVE-2017-7797 Header name interning leaks across origins
Diffstat (limited to 'devtools')
10 files changed, 33 insertions, 33 deletions
diff --git a/devtools/client/netmonitor/filter-predicates.js b/devtools/client/netmonitor/filter-predicates.js index 9c8e49c62..75ee422aa 100644 --- a/devtools/client/netmonitor/filter-predicates.js +++ b/devtools/client/netmonitor/filter-predicates.js @@ -72,7 +72,7 @@ function isWS({ requestHeaders, responseHeaders }) { // Find the 'upgrade' header. let upgradeHeader = requestHeaders.headers.find(header => { - return (header.name == "Upgrade"); + return (header.name.toLowerCase() == "upgrade"); }); // If no header found on request, check response - mainly to get @@ -81,7 +81,7 @@ function isWS({ requestHeaders, responseHeaders }) { if (!upgradeHeader && responseHeaders && Array.isArray(responseHeaders.headers)) { upgradeHeader = responseHeaders.headers.find(header => { - return (header.name == "Upgrade"); + return (header.name.toLowerCase() == "upgrade"); }); } diff --git a/devtools/client/netmonitor/test/browser_net_copy_headers.js b/devtools/client/netmonitor/test/browser_net_copy_headers.js index 36ce2fb34..bb582c8e1 100644 --- a/devtools/client/netmonitor/test/browser_net_copy_headers.js +++ b/devtools/client/netmonitor/test/browser_net_copy_headers.js @@ -49,12 +49,12 @@ add_task(function* () { const EXPECTED_RESPONSE_HEADERS = [ `${httpVersion} ${status} ${statusText}`, - "Last-Modified: Sun, 3 May 2015 11:11:11 GMT", - "Content-Type: text/html", - "Content-Length: 465", - "Connection: close", - "Server: httpd.js", - "Date: Sun, 3 May 2015 11:11:11 GMT" + "last-modified: Sun, 3 May 2015 11:11:11 GMT", + "content-type: text/html", + "content-length: 465", + "connection: close", + "server: httpd.js", + "date: Sun, 3 May 2015 11:11:11 GMT" ].join("\n"); yield waitForClipboardPromise(function setup() { @@ -62,8 +62,8 @@ add_task(function* () { }, function validate(result) { // Fake the "Last-Modified" and "Date" headers because they will vary: result = String(result) - .replace(/Last-Modified: [^\n]+ GMT/, "Last-Modified: Sun, 3 May 2015 11:11:11 GMT") - .replace(/Date: [^\n]+ GMT/, "Date: Sun, 3 May 2015 11:11:11 GMT"); + .replace(/last-modified: [^\n]+ GMT/, "last-modified: Sun, 3 May 2015 11:11:11 GMT") + .replace(/date: [^\n]+ GMT/, "date: Sun, 3 May 2015 11:11:11 GMT"); return result === EXPECTED_RESPONSE_HEADERS; }); info("Clipboard contains the currently selected item's response headers."); diff --git a/devtools/client/netmonitor/test/browser_net_timing-division.js b/devtools/client/netmonitor/test/browser_net_timing-division.js index 0114ba235..ff2379dc2 100644 --- a/devtools/client/netmonitor/test/browser_net_timing-division.js +++ b/devtools/client/netmonitor/test/browser_net_timing-division.js @@ -48,9 +48,9 @@ add_task(function* () { let lastRequest = RequestsMenu.getItemAtIndex(1); info("First request happened at: " + - firstRequest.attachment.responseHeaders.headers.find(e => e.name == "Date").value); + firstRequest.attachment.responseHeaders.headers.find(e => e.name == "date").value); info("Last request happened at: " + - lastRequest.attachment.responseHeaders.headers.find(e => e.name == "Date").value); + lastRequest.attachment.responseHeaders.headers.find(e => e.name == "date").value); ok(secDivs.length, "There should be at least one division on the seconds time scale."); diff --git a/devtools/client/shared/AppCacheUtils.jsm b/devtools/client/shared/AppCacheUtils.jsm index a2beca993..9fd4d0541 100644 --- a/devtools/client/shared/AppCacheUtils.jsm +++ b/devtools/client/shared/AppCacheUtils.jsm @@ -86,7 +86,7 @@ AppCacheUtils.prototype = { _parseManifest: function ACU__parseManifest(uriInfo) { let deferred = defer(); let manifestName = uriInfo.name; - let manifestLastModified = new Date(uriInfo.responseHeaders["Last-Modified"]); + let manifestLastModified = new Date(uriInfo.responseHeaders["last-modified"]); if (uriInfo.charset.toLowerCase() != "utf-8") { this._addError(0, "notUTF8", uriInfo.charset); @@ -158,7 +158,7 @@ AppCacheUtils.prototype = { // Check that the resource was not modified after the manifest was last // modified. If it was then the manifest file should be refreshed. let resourceLastModified = - new Date(uriInfo.responseHeaders["Last-Modified"]); + new Date(uriInfo.responseHeaders["last-modified"]); if (manifestLastModified < resourceLastModified) { this._addError(parsedUri.line, "fileChangedButNotManifest", @@ -230,12 +230,12 @@ AppCacheUtils.prototype = { result.requestHeaders = {}; request.visitRequestHeaders(function (header, value) { - result.requestHeaders[header] = value; + result.responseHeaders[header.toLowerCase()] = value; }); result.responseHeaders = {}; request.visitResponseHeaders(function (header, value) { - result.responseHeaders[header] = value; + result.responseHeaders[header.toLowerCase()] = value; }); deferred.resolve(result); diff --git a/devtools/client/shared/curl.js b/devtools/client/shared/curl.js index 420fe6aa5..6d33ad971 100644 --- a/devtools/client/shared/curl.js +++ b/devtools/client/shared/curl.js @@ -81,14 +81,14 @@ const Curl = { postDataText = data.postDataText; postData.push("--data"); postData.push(escapeString(utils.writePostDataTextParams(postDataText))); - ignoredHeaders.add("Content-Length"); + ignoredHeaders.add("content-length"); } else if (multipartRequest) { postDataText = data.postDataText; postData.push("--data-binary"); let boundary = utils.getMultipartBoundary(data); let text = utils.removeBinaryDataFromMultipartText(postDataText, boundary); postData.push(escapeString(text)); - ignoredHeaders.add("Content-Length"); + ignoredHeaders.add("content-length"); } // Add method. @@ -125,11 +125,11 @@ const Curl = { } for (let i = 0; i < headers.length; i++) { let header = headers[i]; - if (header.name === "Accept-Encoding") { + if (header.name.toLowerCase() === "accept-encoding") { command.push("--compressed"); continue; } - if (ignoredHeaders.has(header.name)) { + if (ignoredHeaders.has(header.name.toLowerCase())) { continue; } command.push("-H"); diff --git a/devtools/client/webconsole/net/test/mochitest/browser_net_headers.js b/devtools/client/webconsole/net/test/mochitest/browser_net_headers.js index 4a47074ee..14cde846c 100644 --- a/devtools/client/webconsole/net/test/mochitest/browser_net_headers.js +++ b/devtools/client/webconsole/net/test/mochitest/browser_net_headers.js @@ -26,11 +26,11 @@ add_task(function* () { // Select "Headers" tab let tabBody = yield selectNetInfoTab(hud, netInfoBody, "headers"); let paramName = tabBody.querySelector( - ".netInfoParamName > span[title='Content-Type']"); + ".netInfoParamName > span[title='content-type']"); // Verify "Content-Type" header (name and value) ok(paramName, "Header name must exist"); - is(paramName.textContent, "Content-Type", + is(paramName.textContent, "content-type", "The header name must have proper value"); let paramValue = paramName.parentNode.nextSibling; diff --git a/devtools/client/webconsole/test/browser_webconsole_bug_630733_response_redirect_headers.js b/devtools/client/webconsole/test/browser_webconsole_bug_630733_response_redirect_headers.js index 509749953..da4bdcf12 100644 --- a/devtools/client/webconsole/test/browser_webconsole_bug_630733_response_redirect_headers.js +++ b/devtools/client/webconsole/test/browser_webconsole_bug_630733_response_redirect_headers.js @@ -87,7 +87,7 @@ function getContent() { function performTest() { function readHeader(name) { for (let header of headers) { - if (header.name == name) { + if (header.name.toLowerCase() == name.toLowerCase()) { return header.value; } } diff --git a/devtools/shared/webconsole/test/test_network_get.html b/devtools/shared/webconsole/test/test_network_get.html index 710c9b0d7..c2313be12 100644 --- a/devtools/shared/webconsole/test/test_network_get.html +++ b/devtools/shared/webconsole/test/test_network_get.html @@ -196,13 +196,13 @@ function onResponseHeaders(aState, aResponse) ok(!!aResponse.rawHeaders, "response rawHeaders available"); checkHeadersOrCookies(aResponse.headers, { - "Content-Type": /^application\/(json|octet-stream)$/, - "Content-Length": /^\d+$/, + "content-type": /^application\/(json|octet-stream)$/, + "content-length": /^\d+$/, }); checkRawHeaders(aResponse.rawHeaders, { - "Content-Type": /^application\/(json|octet-stream)$/, - "Content-Length": /^\d+$/, + "content-type": /^application\/(json|octet-stream)$/, + "content-length": /^\d+$/, }); onResponseCookies = onResponseCookies.bind(null, aState); diff --git a/devtools/shared/webconsole/test/test_network_longstring.html b/devtools/shared/webconsole/test/test_network_longstring.html index d55136896..9e6ea7771 100644 --- a/devtools/shared/webconsole/test/test_network_longstring.html +++ b/devtools/shared/webconsole/test/test_network_longstring.html @@ -212,8 +212,8 @@ function onResponseHeaders(aState, aResponse) ok(aResponse.headersSize > 0, "response headersSize > 0"); checkHeadersOrCookies(aResponse.headers, { - "Content-Type": /^application\/(json|octet-stream)$/, - "Content-Length": /^\d+$/, + "content-type": /^application\/(json|octet-stream)$/, + "content-length": /^\d+$/, "x-very-short": "hello world", "x-very-long": { "type": "longString", diff --git a/devtools/shared/webconsole/test/test_network_post.html b/devtools/shared/webconsole/test/test_network_post.html index d96b9b0b7..a0b8edb64 100644 --- a/devtools/shared/webconsole/test/test_network_post.html +++ b/devtools/shared/webconsole/test/test_network_post.html @@ -204,13 +204,13 @@ function onResponseHeaders(aState, aResponse) ok(!!aResponse.rawHeaders, "response rawHeaders available"); checkHeadersOrCookies(aResponse.headers, { - "Content-Type": /^application\/(json|octet-stream)$/, - "Content-Length": /^\d+$/, + "content-type": /^application\/(json|octet-stream)$/, + "content-length": /^\d+$/, }); checkRawHeaders(aResponse.rawHeaders, { - "Content-Type": /^application\/(json|octet-stream)$/, - "Content-Length": /^\d+$/, + "content-type": /^application\/(json|octet-stream)$/, + "content-length": /^\d+$/, }); onResponseCookies = onResponseCookies.bind(null, aState); |