mirror of
https://github.com/classilla/tenfourfox.git
synced 2024-09-30 18:56:40 +00:00
#525: data URL opaque origins M1324406 M1381728
This commit is contained in:
parent
b95f6e9680
commit
3920907ee4
@ -22,6 +22,7 @@
|
|||||||
#include "nsIExternalProtocolHandler.h"
|
#include "nsIExternalProtocolHandler.h"
|
||||||
#include "nsIInterfaceRequestorUtils.h"
|
#include "nsIInterfaceRequestorUtils.h"
|
||||||
#include "nsIObjectFrame.h"
|
#include "nsIObjectFrame.h"
|
||||||
|
#include "nsIOService.h"
|
||||||
#include "nsIPermissionManager.h"
|
#include "nsIPermissionManager.h"
|
||||||
#include "nsPluginHost.h"
|
#include "nsPluginHost.h"
|
||||||
#include "nsPluginInstanceOwner.h"
|
#include "nsPluginInstanceOwner.h"
|
||||||
@ -2524,8 +2525,14 @@ nsObjectLoadingContent::OpenChannel()
|
|||||||
mURI,
|
mURI,
|
||||||
true, // aInheritForAboutBlank
|
true, // aInheritForAboutBlank
|
||||||
false); // aForceInherit
|
false); // aForceInherit
|
||||||
nsSecurityFlags securityFlags = nsILoadInfo::SEC_NORMAL;
|
nsSecurityFlags securityFlags = nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL;
|
||||||
if (inherit) {
|
|
||||||
|
bool isData;
|
||||||
|
bool isURIUniqueOrigin = nsIOService::IsDataURIUniqueOpaqueOrigin() &&
|
||||||
|
NS_SUCCEEDED(mURI->SchemeIs("data", &isData)) &&
|
||||||
|
isData;
|
||||||
|
|
||||||
|
if (inherit && !isURIUniqueOrigin) {
|
||||||
securityFlags |= nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL;
|
securityFlags |= nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL;
|
||||||
}
|
}
|
||||||
if (isSandBoxed) {
|
if (isSandBoxed) {
|
||||||
|
@ -2003,6 +2003,13 @@ pref("security.cert_pinning.enforcement_level", 0);
|
|||||||
// for tests.
|
// for tests.
|
||||||
pref("security.cert_pinning.process_headers_from_non_builtin_roots", false);
|
pref("security.cert_pinning.process_headers_from_non_builtin_roots", false);
|
||||||
|
|
||||||
|
// Bug 1324406: Treat 'data:' documents as unique, opaque origins
|
||||||
|
// If true, data: URIs will be treated as unique opaque origins, hence will use
|
||||||
|
// a NullPrincipal as the security context.
|
||||||
|
// Otherwise it will inherit the origin from parent node, this is the legacy
|
||||||
|
// behavior of Firefox.
|
||||||
|
pref("security.data_uri.unique_opaque_origin", true);
|
||||||
|
|
||||||
// Modifier key prefs: default to Windows settings,
|
// Modifier key prefs: default to Windows settings,
|
||||||
// menu access key = alt, accelerator key = control.
|
// menu access key = alt, accelerator key = control.
|
||||||
// Use 17 for Ctrl, 18 for Alt, 224 for Meta, 91 for Win, 0 for none. Mac settings in macprefs.js
|
// Use 17 for Ctrl, 18 for Alt, 224 for Meta, 91 for Win, 0 for none. Mac settings in macprefs.js
|
||||||
|
@ -166,7 +166,9 @@ static const char kNetworkActiveChanged[] = "network-active-changed";
|
|||||||
uint32_t nsIOService::gDefaultSegmentSize = 4096;
|
uint32_t nsIOService::gDefaultSegmentSize = 4096;
|
||||||
uint32_t nsIOService::gDefaultSegmentCount = 24;
|
uint32_t nsIOService::gDefaultSegmentCount = 24;
|
||||||
|
|
||||||
bool nsIOService::sTelemetryEnabled = false;
|
bool nsIOService::sIsDataURIUniqueOpaqueOrigin = false;
|
||||||
|
|
||||||
|
//bool nsIOService::sTelemetryEnabled = false;
|
||||||
|
|
||||||
NS_IMPL_ISUPPORTS(nsAppOfflineInfo, nsIAppOfflineInfo)
|
NS_IMPL_ISUPPORTS(nsAppOfflineInfo, nsIAppOfflineInfo)
|
||||||
|
|
||||||
@ -250,7 +252,8 @@ nsIOService::Init()
|
|||||||
else
|
else
|
||||||
NS_WARNING("failed to get observer service");
|
NS_WARNING("failed to get observer service");
|
||||||
|
|
||||||
Preferences::AddBoolVarCache(&sTelemetryEnabled, "toolkit.telemetry.enabled", false);
|
//Preferences::AddBoolVarCache(&sTelemetryEnabled, "toolkit.telemetry.enabled", false);
|
||||||
|
Preferences::AddBoolVarCache(&sIsDataURIUniqueOpaqueOrigin, "security.data_uri.unique_opaque_origin", true);
|
||||||
Preferences::AddBoolVarCache(&mOfflineMirrorsConnectivity, OFFLINE_MIRRORS_CONNECTIVITY, true);
|
Preferences::AddBoolVarCache(&mOfflineMirrorsConnectivity, OFFLINE_MIRRORS_CONNECTIVITY, true);
|
||||||
|
|
||||||
gIOService = this;
|
gIOService = this;
|
||||||
@ -715,6 +718,7 @@ nsIOService::NewChannelFromURIWithProxyFlagsInternal(nsIURI* aURI,
|
|||||||
if (NS_FAILED(rv))
|
if (NS_FAILED(rv))
|
||||||
return rv;
|
return rv;
|
||||||
|
|
||||||
|
#if(0)
|
||||||
if (sTelemetryEnabled) {
|
if (sTelemetryEnabled) {
|
||||||
nsAutoCString path;
|
nsAutoCString path;
|
||||||
aURI->GetPath(path);
|
aURI->GetPath(path);
|
||||||
@ -736,6 +740,7 @@ nsIOService::NewChannelFromURIWithProxyFlagsInternal(nsIURI* aURI,
|
|||||||
Telemetry::Accumulate(Telemetry::URL_PATH_CONTAINS_EXCLAMATION_DOUBLE_SLASH,
|
Telemetry::Accumulate(Telemetry::URL_PATH_CONTAINS_EXCLAMATION_DOUBLE_SLASH,
|
||||||
hasBangDoubleSlash);
|
hasBangDoubleSlash);
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
nsCOMPtr<nsIProtocolHandler> handler;
|
nsCOMPtr<nsIProtocolHandler> handler;
|
||||||
rv = GetProtocolHandler(scheme.get(), getter_AddRefs(handler));
|
rv = GetProtocolHandler(scheme.get(), getter_AddRefs(handler));
|
||||||
@ -2066,3 +2071,9 @@ nsIOService::IsAppOffline(uint32_t aAppId, bool* aResult)
|
|||||||
|
|
||||||
return NS_OK;
|
return NS_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*static*/ bool
|
||||||
|
nsIOService::IsDataURIUniqueOpaqueOrigin()
|
||||||
|
{
|
||||||
|
return sIsDataURIUniqueOpaqueOrigin;
|
||||||
|
}
|
||||||
|
@ -87,6 +87,8 @@ public:
|
|||||||
bool IsShutdown() { return mShutdown; }
|
bool IsShutdown() { return mShutdown; }
|
||||||
bool IsLinkUp();
|
bool IsLinkUp();
|
||||||
|
|
||||||
|
static bool IsDataURIUniqueOpaqueOrigin();
|
||||||
|
|
||||||
// Should only be called from NeckoChild. Use SetAppOffline instead.
|
// Should only be called from NeckoChild. Use SetAppOffline instead.
|
||||||
void SetAppOfflineInternal(uint32_t appId, int32_t status);
|
void SetAppOfflineInternal(uint32_t appId, int32_t status);
|
||||||
|
|
||||||
@ -174,7 +176,8 @@ private:
|
|||||||
// that is used especially in IsAppOffline
|
// that is used especially in IsAppOffline
|
||||||
nsDataHashtable<nsUint32HashKey, int32_t> mAppsOfflineStatus;
|
nsDataHashtable<nsUint32HashKey, int32_t> mAppsOfflineStatus;
|
||||||
|
|
||||||
static bool sTelemetryEnabled;
|
//static bool sTelemetryEnabled;
|
||||||
|
static bool sIsDataURIUniqueOpaqueOrigin;
|
||||||
|
|
||||||
// These timestamps are needed for collecting telemetry on PR_Connect,
|
// These timestamps are needed for collecting telemetry on PR_Connect,
|
||||||
// PR_ConnectContinue and PR_Close blocking time. If we spend very long
|
// PR_ConnectContinue and PR_Close blocking time. If we spend very long
|
||||||
|
@ -55,9 +55,16 @@ nsDataHandler::GetDefaultPort(int32_t *result) {
|
|||||||
|
|
||||||
NS_IMETHODIMP
|
NS_IMETHODIMP
|
||||||
nsDataHandler::GetProtocolFlags(uint32_t *result) {
|
nsDataHandler::GetProtocolFlags(uint32_t *result) {
|
||||||
*result = URI_NORELATIVE | URI_NOAUTH | URI_INHERITS_SECURITY_CONTEXT |
|
*result = URI_NORELATIVE | URI_NOAUTH |
|
||||||
URI_LOADABLE_BY_ANYONE | URI_NON_PERSISTABLE | URI_IS_LOCAL_RESOURCE |
|
URI_LOADABLE_BY_ANYONE | URI_NON_PERSISTABLE | URI_IS_LOCAL_RESOURCE |
|
||||||
URI_SYNC_LOAD_IS_OK;
|
URI_SYNC_LOAD_IS_OK;
|
||||||
|
|
||||||
|
// From bug 1324406:
|
||||||
|
// data: URIs inherit the security context.
|
||||||
|
if (!nsIOService::IsDataURIUniqueOpaqueOrigin()) {
|
||||||
|
*result |= URI_INHERITS_SECURITY_CONTEXT;
|
||||||
|
}
|
||||||
|
|
||||||
return NS_OK;
|
return NS_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user