From c0db767c25b8ebfc9d8d4cb4d07084243e56da8e Mon Sep 17 00:00:00 2001
From: Moonchild <moonchild@palemoon.org>
Date: Sat, 9 Jan 2021 19:19:39 +0000
Subject: Issue #1710 - Check for triggering principal URI in FTP subresource
 check.

Resolves #1710
---
 dom/security/nsContentSecurityManager.cpp | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'dom')

diff --git a/dom/security/nsContentSecurityManager.cpp b/dom/security/nsContentSecurityManager.cpp
index 298dc810e..d33f962ec 100644
--- a/dom/security/nsContentSecurityManager.cpp
+++ b/dom/security/nsContentSecurityManager.cpp
@@ -149,8 +149,16 @@ nsContentSecurityManager::CheckFTPSubresourceLoad(nsIChannel* aChannel)
   nsIPrincipal* triggeringPrincipal = loadInfo->TriggeringPrincipal();
   nsCOMPtr<nsIURI> tURI;
   triggeringPrincipal->GetURI(getter_AddRefs(tURI));
+  if (!tURI) {
+    // We don't have a triggering principal URI, meaning this isn't actually
+    // a subresource, but rather a top-level document, i.e. something we can
+    // display in-browser and might be saving as-is. Allow the load.
+    return NS_OK;
+  }
   bool isTrigFtpURI = (NS_SUCCEEDED(tURI->SchemeIs("ftp", &isTrigFtpURI)) && isTrigFtpURI);
   if (isTrigFtpURI) {
+    // The document loading this resource is also on FTP, satisfying the SOP.
+    // Allow the load.
     return NS_OK;
   }
 
-- 
cgit v1.2.3