From bbf10b90975bc11e5ea2ac70196615a041b00f6f Mon Sep 17 00:00:00 2001
From: "Matt A. Tobin" <email@mattatobin.com>
Date: Sun, 10 Nov 2019 17:25:51 -0500
Subject: Bug 1328847 - Change SEC_NORMAL to
 SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL where system principal is used.

Tag #1273
---
 mailnews/compose/src/nsURLFetcher.cpp | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

(limited to 'mailnews/compose/src/nsURLFetcher.cpp')

diff --git a/mailnews/compose/src/nsURLFetcher.cpp b/mailnews/compose/src/nsURLFetcher.cpp
index b564ab9a4..ca2dcd7c6 100644
--- a/mailnews/compose/src/nsURLFetcher.cpp
+++ b/mailnews/compose/src/nsURLFetcher.cpp
@@ -7,7 +7,7 @@
 
 #include "msgCore.h" // for pre-compiled headers
 #include "nsCOMPtr.h"
-#include "nsNullPrincipal.h"
+#include "nsIScriptSecurityManager.h"
 #include <stdio.h>
 #include "nscore.h"
 #include "nsIFactory.h"
@@ -317,15 +317,19 @@ nsURLFetcher::FireURLRequest(nsIURI *aURL, nsIFile *localFile, nsIOutputStream *
   nsCOMPtr<nsIURILoader> pURILoader (do_GetService(NS_URI_LOADER_CONTRACTID));
   NS_ENSURE_TRUE(pURILoader, NS_ERROR_FAILURE);
 
-  nsCOMPtr<nsIPrincipal> nullPrincipal =
-    do_CreateInstance("@mozilla.org/nullprincipal;1", &rv);
-  NS_ENSURE_SUCCESS(rv, rv);
+  nsCOMPtr<nsIScriptSecurityManager>
+    secMan(do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv));
+  NS_ENSURE_SUCCESS(rv,rv);
+
+  nsCOMPtr<nsIPrincipal> systemPrincipal;
+  rv = secMan->GetSystemPrincipal(getter_AddRefs(systemPrincipal));
+  NS_ENSURE_SUCCESS(rv,rv);
 
   nsCOMPtr<nsIChannel> channel;
   rv = NS_NewChannel(getter_AddRefs(channel),
                      aURL,
-                     nullPrincipal,
-                     nsILoadInfo::SEC_NORMAL,
+                     systemPrincipal,
+                     nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
                      nsIContentPolicy::TYPE_OTHER,
                      nullptr, // aLoadGroup
                      this); // aCallbacks
-- 
cgit v1.2.3