mirror of
https://github.com/classilla/tenfourfox.git
synced 2025-01-01 06:33:22 +00:00
#525: data URL opaque origins M1324406 M1381728
This commit is contained in:
parent
b95f6e9680
commit
3920907ee4
@ -22,6 +22,7 @@
|
||||
#include "nsIExternalProtocolHandler.h"
|
||||
#include "nsIInterfaceRequestorUtils.h"
|
||||
#include "nsIObjectFrame.h"
|
||||
#include "nsIOService.h"
|
||||
#include "nsIPermissionManager.h"
|
||||
#include "nsPluginHost.h"
|
||||
#include "nsPluginInstanceOwner.h"
|
||||
@ -2524,8 +2525,14 @@ nsObjectLoadingContent::OpenChannel()
|
||||
mURI,
|
||||
true, // aInheritForAboutBlank
|
||||
false); // aForceInherit
|
||||
nsSecurityFlags securityFlags = nsILoadInfo::SEC_NORMAL;
|
||||
if (inherit) {
|
||||
nsSecurityFlags securityFlags = nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL;
|
||||
|
||||
bool isData;
|
||||
bool isURIUniqueOrigin = nsIOService::IsDataURIUniqueOpaqueOrigin() &&
|
||||
NS_SUCCEEDED(mURI->SchemeIs("data", &isData)) &&
|
||||
isData;
|
||||
|
||||
if (inherit && !isURIUniqueOrigin) {
|
||||
securityFlags |= nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL;
|
||||
}
|
||||
if (isSandBoxed) {
|
||||
|
@ -2003,6 +2003,13 @@ pref("security.cert_pinning.enforcement_level", 0);
|
||||
// for tests.
|
||||
pref("security.cert_pinning.process_headers_from_non_builtin_roots", false);
|
||||
|
||||
// Bug 1324406: Treat 'data:' documents as unique, opaque origins
|
||||
// If true, data: URIs will be treated as unique opaque origins, hence will use
|
||||
// a NullPrincipal as the security context.
|
||||
// Otherwise it will inherit the origin from parent node, this is the legacy
|
||||
// behavior of Firefox.
|
||||
pref("security.data_uri.unique_opaque_origin", true);
|
||||
|
||||
// Modifier key prefs: default to Windows settings,
|
||||
// menu access key = alt, accelerator key = control.
|
||||
// Use 17 for Ctrl, 18 for Alt, 224 for Meta, 91 for Win, 0 for none. Mac settings in macprefs.js
|
||||
|
@ -166,7 +166,9 @@ static const char kNetworkActiveChanged[] = "network-active-changed";
|
||||
uint32_t nsIOService::gDefaultSegmentSize = 4096;
|
||||
uint32_t nsIOService::gDefaultSegmentCount = 24;
|
||||
|
||||
bool nsIOService::sTelemetryEnabled = false;
|
||||
bool nsIOService::sIsDataURIUniqueOpaqueOrigin = false;
|
||||
|
||||
//bool nsIOService::sTelemetryEnabled = false;
|
||||
|
||||
NS_IMPL_ISUPPORTS(nsAppOfflineInfo, nsIAppOfflineInfo)
|
||||
|
||||
@ -250,7 +252,8 @@ nsIOService::Init()
|
||||
else
|
||||
NS_WARNING("failed to get observer service");
|
||||
|
||||
Preferences::AddBoolVarCache(&sTelemetryEnabled, "toolkit.telemetry.enabled", false);
|
||||
//Preferences::AddBoolVarCache(&sTelemetryEnabled, "toolkit.telemetry.enabled", false);
|
||||
Preferences::AddBoolVarCache(&sIsDataURIUniqueOpaqueOrigin, "security.data_uri.unique_opaque_origin", true);
|
||||
Preferences::AddBoolVarCache(&mOfflineMirrorsConnectivity, OFFLINE_MIRRORS_CONNECTIVITY, true);
|
||||
|
||||
gIOService = this;
|
||||
@ -715,6 +718,7 @@ nsIOService::NewChannelFromURIWithProxyFlagsInternal(nsIURI* aURI,
|
||||
if (NS_FAILED(rv))
|
||||
return rv;
|
||||
|
||||
#if(0)
|
||||
if (sTelemetryEnabled) {
|
||||
nsAutoCString path;
|
||||
aURI->GetPath(path);
|
||||
@ -736,6 +740,7 @@ nsIOService::NewChannelFromURIWithProxyFlagsInternal(nsIURI* aURI,
|
||||
Telemetry::Accumulate(Telemetry::URL_PATH_CONTAINS_EXCLAMATION_DOUBLE_SLASH,
|
||||
hasBangDoubleSlash);
|
||||
}
|
||||
#endif
|
||||
|
||||
nsCOMPtr<nsIProtocolHandler> handler;
|
||||
rv = GetProtocolHandler(scheme.get(), getter_AddRefs(handler));
|
||||
@ -2066,3 +2071,9 @@ nsIOService::IsAppOffline(uint32_t aAppId, bool* aResult)
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
/*static*/ bool
|
||||
nsIOService::IsDataURIUniqueOpaqueOrigin()
|
||||
{
|
||||
return sIsDataURIUniqueOpaqueOrigin;
|
||||
}
|
||||
|
@ -87,6 +87,8 @@ public:
|
||||
bool IsShutdown() { return mShutdown; }
|
||||
bool IsLinkUp();
|
||||
|
||||
static bool IsDataURIUniqueOpaqueOrigin();
|
||||
|
||||
// Should only be called from NeckoChild. Use SetAppOffline instead.
|
||||
void SetAppOfflineInternal(uint32_t appId, int32_t status);
|
||||
|
||||
@ -174,7 +176,8 @@ private:
|
||||
// that is used especially in IsAppOffline
|
||||
nsDataHashtable<nsUint32HashKey, int32_t> mAppsOfflineStatus;
|
||||
|
||||
static bool sTelemetryEnabled;
|
||||
//static bool sTelemetryEnabled;
|
||||
static bool sIsDataURIUniqueOpaqueOrigin;
|
||||
|
||||
// These timestamps are needed for collecting telemetry on PR_Connect,
|
||||
// PR_ConnectContinue and PR_Close blocking time. If we spend very long
|
||||
|
@ -55,9 +55,16 @@ nsDataHandler::GetDefaultPort(int32_t *result) {
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsDataHandler::GetProtocolFlags(uint32_t *result) {
|
||||
*result = URI_NORELATIVE | URI_NOAUTH | URI_INHERITS_SECURITY_CONTEXT |
|
||||
*result = URI_NORELATIVE | URI_NOAUTH |
|
||||
URI_LOADABLE_BY_ANYONE | URI_NON_PERSISTABLE | URI_IS_LOCAL_RESOURCE |
|
||||
URI_SYNC_LOAD_IS_OK;
|
||||
|
||||
// From bug 1324406:
|
||||
// data: URIs inherit the security context.
|
||||
if (!nsIOService::IsDataURIUniqueOpaqueOrigin()) {
|
||||
*result |= URI_INHERITS_SECURITY_CONTEXT;
|
||||
}
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user