summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--dom/security/nsContentSecurityManager.cpp81
-rw-r--r--netwerk/base/nsNetUtil.cpp14
2 files changed, 27 insertions, 68 deletions
diff --git a/dom/security/nsContentSecurityManager.cpp b/dom/security/nsContentSecurityManager.cpp
index 458f41144..9329c558a 100644
--- a/dom/security/nsContentSecurityManager.cpp
+++ b/dom/security/nsContentSecurityManager.cpp
@@ -10,9 +10,6 @@
#include "nsIStreamListener.h"
#include "nsIDocument.h"
#include "nsMixedContentBlocker.h"
-#include "nsCDefaultURIFixup.h"
-#include "nsIURIFixup.h"
-#include "nsINestedURI.h"
#include "mozilla/dom/Element.h"
#include "mozilla/dom/TabChild.h"
@@ -247,6 +244,10 @@ DoCORSChecks(nsIChannel* aChannel, nsILoadInfo* aLoadInfo,
static nsresult
DoContentSecurityChecks(nsIChannel* aChannel, nsILoadInfo* aLoadInfo)
{
+ nsCOMPtr<nsIURI> uri;
+ nsresult rv = NS_GetFinalChannelURI(aChannel, getter_AddRefs(uri));
+ NS_ENSURE_SUCCESS(rv, rv);
+
nsContentPolicyType contentPolicyType =
aLoadInfo->GetExternalContentPolicyType();
nsContentPolicyType internalContentPolicyType =
@@ -254,24 +255,12 @@ DoContentSecurityChecks(nsIChannel* aChannel, nsILoadInfo* aLoadInfo)
nsCString mimeTypeGuess;
nsCOMPtr<nsINode> requestingContext = nullptr;
- nsCOMPtr<nsIURI> uri;
- nsresult rv = NS_GetFinalChannelURI(aChannel, getter_AddRefs(uri));
- NS_ENSURE_SUCCESS(rv, rv);
-
- if (contentPolicyType == nsIContentPolicy::TYPE_DOCUMENT ||
- contentPolicyType == nsIContentPolicy::TYPE_SUBDOCUMENT) {
- // TYPE_DOCUMENT and TYPE_SUBDOCUMENT loads might potentially
- // be wyciwyg:// channels. Let's fix up the URI so we can
- // perform proper security checks.
- nsCOMPtr<nsIURIFixup> urifixup(do_GetService(NS_URIFIXUP_CONTRACTID, &rv));
- if (NS_SUCCEEDED(rv) && urifixup) {
- nsCOMPtr<nsIURI> fixedURI;
- rv = urifixup->CreateExposableURI(uri, getter_AddRefs(fixedURI));
- if (NS_SUCCEEDED(rv)) {
- uri = fixedURI;
- }
- }
- }
+#ifdef DEBUG
+ // Don't enforce TYPE_DOCUMENT assertions for loads
+ // initiated by javascript tests.
+ bool skipContentTypeCheck = false;
+ skipContentTypeCheck = Preferences::GetBool("network.loadinfo.skip_type_assertion");
+#endif
switch(contentPolicyType) {
case nsIContentPolicy::TYPE_OTHER: {
@@ -305,14 +294,16 @@ DoContentSecurityChecks(nsIChannel* aChannel, nsILoadInfo* aLoadInfo)
}
case nsIContentPolicy::TYPE_DOCUMENT: {
- mimeTypeGuess = EmptyCString();
- requestingContext = aLoadInfo->LoadingNode();
+ MOZ_ASSERT(skipContentTypeCheck || false, "contentPolicyType not supported yet");
break;
}
case nsIContentPolicy::TYPE_SUBDOCUMENT: {
mimeTypeGuess = NS_LITERAL_CSTRING("text/html");
requestingContext = aLoadInfo->LoadingNode();
+ MOZ_ASSERT(!requestingContext ||
+ requestingContext->NodeType() == nsIDOMNode::DOCUMENT_NODE,
+ "type_subdocument requires requestingContext of type Document");
break;
}
@@ -456,32 +447,18 @@ DoContentSecurityChecks(nsIChannel* aChannel, nsILoadInfo* aLoadInfo)
MOZ_ASSERT(false, "can not perform security check without a valid contentType");
}
- // For document loads we use the triggeringPrincipal as the originPrincipal.
- // Note the the loadingPrincipal for loads of TYPE_DOCUMENT is a nullptr.
- nsCOMPtr<nsIPrincipal> principal =
- (contentPolicyType == nsIContentPolicy::TYPE_DOCUMENT ||
- contentPolicyType == nsIContentPolicy::TYPE_SUBDOCUMENT)
- ? aLoadInfo->TriggeringPrincipal()
- : aLoadInfo->LoadingPrincipal();
-
int16_t shouldLoad = nsIContentPolicy::ACCEPT;
rv = NS_CheckContentLoadPolicy(internalContentPolicyType,
uri,
- principal,
+ aLoadInfo->LoadingPrincipal(),
requestingContext,
mimeTypeGuess,
nullptr, //extra,
&shouldLoad,
nsContentUtils::GetContentPolicy(),
nsContentUtils::GetSecurityManager());
-
- if (NS_FAILED(rv) || NS_CP_REJECTED(shouldLoad)) {
- if ((NS_SUCCEEDED(rv) && shouldLoad == nsIContentPolicy::REJECT_TYPE) &&
- (contentPolicyType == nsIContentPolicy::TYPE_DOCUMENT ||
- contentPolicyType == nsIContentPolicy::TYPE_SUBDOCUMENT)) {
- // for docshell loads we might have to return SHOW_ALT.
- return NS_ERROR_CONTENT_BLOCKED_SHOW_ALT;
- }
+ NS_ENSURE_SUCCESS(rv, rv);
+ if (NS_CP_REJECTED(shouldLoad)) {
return NS_ERROR_CONTENT_BLOCKED;
}
@@ -629,30 +606,6 @@ nsContentSecurityManager::CheckChannel(nsIChannel* aChannel)
nsresult rv = NS_GetFinalChannelURI(aChannel, getter_AddRefs(uri));
NS_ENSURE_SUCCESS(rv, rv);
- nsContentPolicyType contentPolicyType =
- loadInfo->GetExternalContentPolicyType();
-
- if (contentPolicyType == nsIContentPolicy::TYPE_DOCUMENT ||
- contentPolicyType == nsIContentPolicy::TYPE_SUBDOCUMENT) {
- // query the nested URI for security checks like in the case of view-source
- nsCOMPtr<nsINestedURI> nestedURI = do_QueryInterface(uri);
- if (nestedURI) {
- nestedURI->GetInnerURI(getter_AddRefs(uri));
- }
-
- // TYPE_DOCUMENT and TYPE_SUBDOCUMENT loads might potentially
- // be wyciwyg:// channels. Let's fix up the URI so we can
- // perform proper security checks.
- nsCOMPtr<nsIURIFixup> urifixup(do_GetService(NS_URIFIXUP_CONTRACTID, &rv));
- if (NS_SUCCEEDED(rv) && urifixup) {
- nsCOMPtr<nsIURI> fixedURI;
- rv = urifixup->CreateExposableURI(uri, getter_AddRefs(fixedURI));
- if (NS_SUCCEEDED(rv)) {
- uri = fixedURI;
- }
- }
- }
-
// Handle cookie policies
uint32_t cookiePolicy = loadInfo->GetCookiePolicy();
if (cookiePolicy == nsILoadInfo::SEC_COOKIES_SAME_ORIGIN) {
diff --git a/netwerk/base/nsNetUtil.cpp b/netwerk/base/nsNetUtil.cpp
index bc9bcf88a..8ff3e788f 100644
--- a/netwerk/base/nsNetUtil.cpp
+++ b/netwerk/base/nsNetUtil.cpp
@@ -1285,10 +1285,16 @@ NS_HasBeenCrossOrigin(nsIChannel* aChannel, bool aReport)
nsCOMPtr<nsILoadInfo> loadInfo = aChannel->GetLoadInfo();
MOZ_RELEASE_ASSERT(loadInfo, "Origin tracking only works for channels created with a loadinfo");
- // TYPE_DOCUMENT loads have a null LoadingPrincipal and can not be cross origin.
- if (!loadInfo->LoadingPrincipal()) {
- return false;
- }
+#ifdef DEBUG
+ // Don't enforce TYPE_DOCUMENT assertions for loads
+ // initiated by javascript tests.
+ bool skipContentTypeCheck = false;
+ skipContentTypeCheck = Preferences::GetBool("network.loadinfo.skip_type_assertion");
+#endif
+
+ MOZ_ASSERT(skipContentTypeCheck ||
+ loadInfo->GetExternalContentPolicyType() != nsIContentPolicy::TYPE_DOCUMENT,
+ "calling NS_HasBeenCrossOrigin on a top level load");
// Always treat tainted channels as cross-origin.
if (loadInfo->GetTainting() != LoadTainting::Basic) {