summaryrefslogtreecommitdiffstats
path: root/dom/security
diff options
context:
space:
mode:
Diffstat (limited to 'dom/security')
-rw-r--r--dom/security/nsCSPUtils.cpp16
1 files changed, 15 insertions, 1 deletions
diff --git a/dom/security/nsCSPUtils.cpp b/dom/security/nsCSPUtils.cpp
index d07ad7945..6d4f297d6 100644
--- a/dom/security/nsCSPUtils.cpp
+++ b/dom/security/nsCSPUtils.cpp
@@ -555,7 +555,21 @@ permitsPort(const nsAString& aEnforcementScheme,
int32_t resourcePort;
nsresult rv = aResourceURI->GetPort(&resourcePort);
- NS_ENSURE_SUCCESS(rv, false);
+ if (NS_FAILED(rv) && aEnforcementPort.IsEmpty()) {
+ // If we cannot get a Port (e.g. because of an Custom Protocol handler)
+ // we need to check if a default port is associated with the Scheme
+ if (aEnforcementScheme.IsEmpty()) {
+ return false;
+ }
+ int defaultPortforScheme =
+ NS_GetDefaultPort(NS_ConvertUTF16toUTF8(aEnforcementScheme).get());
+
+ // If there is no default port associated with the Scheme (
+ // defaultPortforScheme == -1) or it is an externally handled protocol (
+ // defaultPortforScheme == 0 ) and the csp does not enforce a port - we can
+ // allow not having a port
+ return (defaultPortforScheme == -1 || defaultPortforScheme == 0);
+ }
// Avoid unnecessary string creation/manipulation and don't block the
// load if the resource to be loaded uses the default port for that