diff options
| author | Jeroen Vreeken <jeroen@vreeken.net> | 2019-07-18 11:02:12 +0200 |
|---|---|---|
| committer | Jeroen Vreeken <jeroen@vreeken.net> | 2019-07-18 11:02:12 +0200 |
| commit | f820636a8300b44751750354a01be21895b4b536 (patch) | |
| tree | ab217ad50a145a8c7a1094fbafd5d3d30260e7cd /dom/security | |
| parent | 6b6aa59ffc97ac76b4429db38eedac8474f5fda7 (diff) | |
| parent | 45cb5ab7291f44d3e06de4e71e5b0a9e80f6a0b6 (diff) | |
| download | UXP-f820636a8300b44751750354a01be21895b4b536.tar UXP-f820636a8300b44751750354a01be21895b4b536.tar.gz UXP-f820636a8300b44751750354a01be21895b4b536.tar.lz UXP-f820636a8300b44751750354a01be21895b4b536.tar.xz UXP-f820636a8300b44751750354a01be21895b4b536.zip | |
Merge branch 'master' of github.com:JeroenVreeken/UXP
Diffstat (limited to 'dom/security')
| -rw-r--r-- | dom/security/nsContentSecurityManager.cpp | 25 |
1 files changed, 24 insertions, 1 deletions
diff --git a/dom/security/nsContentSecurityManager.cpp b/dom/security/nsContentSecurityManager.cpp index f2cbc8fcf..08fd9afd9 100644 --- a/dom/security/nsContentSecurityManager.cpp +++ b/dom/security/nsContentSecurityManager.cpp @@ -95,9 +95,14 @@ nsContentSecurityManager::AllowTopLevelNavigationToDataURI(nsIChannel* aChannel) /* static */ nsresult nsContentSecurityManager::CheckFTPSubresourceLoad(nsIChannel* aChannel) { - // We dissallow using FTP resources as a subresource everywhere. + // We dissallow using FTP resources as a subresource almost everywhere. // The only valid way to use FTP resources is loading it as // a top level document. + + // Override blocking if the pref is set to allow. + if (!mozilla::net::nsIOService::BlockFTPSubresources()) { + return NS_OK; + } nsCOMPtr<nsILoadInfo> loadInfo = aChannel->GetLoadInfo(); if (!loadInfo) { @@ -105,6 +110,13 @@ nsContentSecurityManager::CheckFTPSubresourceLoad(nsIChannel* aChannel) } nsContentPolicyType type = loadInfo->GetExternalContentPolicyType(); + + // Allow save-as download of FTP files on HTTP pages. + if (type == nsIContentPolicy::TYPE_SAVEAS_DOWNLOAD) { + return NS_OK; + } + + // Allow direct document requests if (type == nsIContentPolicy::TYPE_DOCUMENT) { return NS_OK; } @@ -116,11 +128,22 @@ nsContentSecurityManager::CheckFTPSubresourceLoad(nsIChannel* aChannel) return NS_OK; } + // Allow if it's not the FTP protocol bool isFtpURI = (NS_SUCCEEDED(uri->SchemeIs("ftp", &isFtpURI)) && isFtpURI); if (!isFtpURI) { return NS_OK; } + // Allow loading FTP subresources in top-level FTP documents. + nsIPrincipal* triggeringPrincipal = loadInfo->TriggeringPrincipal(); + nsCOMPtr<nsIURI> tURI; + triggeringPrincipal->GetURI(getter_AddRefs(tURI)); + bool isTrigFtpURI = (NS_SUCCEEDED(tURI->SchemeIs("ftp", &isTrigFtpURI)) && isTrigFtpURI); + if (isTrigFtpURI) { + return NS_OK; + } + + // If we get here, the request is blocked and should be reported. nsCOMPtr<nsIDocument> doc; if (nsINode* node = loadInfo->LoadingNode()) { doc = node->OwnerDoc(); |