summaryrefslogtreecommitdiffstats
path: root/dom/security/nsContentSecurityManager.cpp
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@wolfbeast.com>2019-07-15 12:51:23 +0200
committerwolfbeast <mcwerewolf@wolfbeast.com>2019-07-15 13:20:53 +0200
commit4491ec5eacd5ed501737c0db2c134fe1815c50a8 (patch)
tree3a69fc6eebe4baa9c9cbeae8eec3f00492a276be /dom/security/nsContentSecurityManager.cpp
parentd9aff90f06254a0b724a0ea9c21db39f74ff8fc6 (diff)
downloadUXP-4491ec5eacd5ed501737c0db2c134fe1815c50a8.tar
UXP-4491ec5eacd5ed501737c0db2c134fe1815c50a8.tar.gz
UXP-4491ec5eacd5ed501737c0db2c134fe1815c50a8.tar.lz
UXP-4491ec5eacd5ed501737c0db2c134fe1815c50a8.tar.xz
UXP-4491ec5eacd5ed501737c0db2c134fe1815c50a8.zip
Selectively allow ftp subresources in the blocked mode.
- Allow "Save As..." downloads - Allow subresource use if the top-level document is also on FTP
Diffstat (limited to 'dom/security/nsContentSecurityManager.cpp')
-rw-r--r--dom/security/nsContentSecurityManager.cpp22
1 files changed, 21 insertions, 1 deletions
diff --git a/dom/security/nsContentSecurityManager.cpp b/dom/security/nsContentSecurityManager.cpp
index 12c55e8f6..08fd9afd9 100644
--- a/dom/security/nsContentSecurityManager.cpp
+++ b/dom/security/nsContentSecurityManager.cpp
@@ -95,9 +95,11 @@ nsContentSecurityManager::AllowTopLevelNavigationToDataURI(nsIChannel* aChannel)
/* static */ nsresult
nsContentSecurityManager::CheckFTPSubresourceLoad(nsIChannel* aChannel)
{
- // We dissallow using FTP resources as a subresource everywhere.
+ // We dissallow using FTP resources as a subresource almost everywhere.
// The only valid way to use FTP resources is loading it as
// a top level document.
+
+ // Override blocking if the pref is set to allow.
if (!mozilla::net::nsIOService::BlockFTPSubresources()) {
return NS_OK;
}
@@ -108,6 +110,13 @@ nsContentSecurityManager::CheckFTPSubresourceLoad(nsIChannel* aChannel)
}
nsContentPolicyType type = loadInfo->GetExternalContentPolicyType();
+
+ // Allow save-as download of FTP files on HTTP pages.
+ if (type == nsIContentPolicy::TYPE_SAVEAS_DOWNLOAD) {
+ return NS_OK;
+ }
+
+ // Allow direct document requests
if (type == nsIContentPolicy::TYPE_DOCUMENT) {
return NS_OK;
}
@@ -119,11 +128,22 @@ nsContentSecurityManager::CheckFTPSubresourceLoad(nsIChannel* aChannel)
return NS_OK;
}
+ // Allow if it's not the FTP protocol
bool isFtpURI = (NS_SUCCEEDED(uri->SchemeIs("ftp", &isFtpURI)) && isFtpURI);
if (!isFtpURI) {
return NS_OK;
}
+ // Allow loading FTP subresources in top-level FTP documents.
+ nsIPrincipal* triggeringPrincipal = loadInfo->TriggeringPrincipal();
+ nsCOMPtr<nsIURI> tURI;
+ triggeringPrincipal->GetURI(getter_AddRefs(tURI));
+ bool isTrigFtpURI = (NS_SUCCEEDED(tURI->SchemeIs("ftp", &isTrigFtpURI)) && isTrigFtpURI);
+ if (isTrigFtpURI) {
+ return NS_OK;
+ }
+
+ // If we get here, the request is blocked and should be reported.
nsCOMPtr<nsIDocument> doc;
if (nsINode* node = loadInfo->LoadingNode()) {
doc = node->OwnerDoc();