From eaf06b898353030cf06f8a72d834b2cb640360be Mon Sep 17 00:00:00 2001 From: "cbiesinger%web.de" Date: Tue, 8 Nov 2005 20:47:16 +0000 Subject: [PATCH] Bug 248052 Add a contract ID for a global channeleventsink. Make the scriptsecuritymanager register for that and implement nsIChannelEventSink. Veto redirects if CheckLoadURI fails. Remove the explicit usage of nsIScriptSecurityManager from nsHttpChannel.cpp. This eliminates js and xpconnect from REQUIRES, and brings us closer to remove caps. r=darin sr=bz git-svn-id: svn://10.0.0.236/trunk@184313 18797224-902f-48f8-a5cc-f745e15eee43 --- .../caps/include/nsScriptSecurityManager.h | 3 ++ mozilla/caps/src/nsScriptSecurityManager.cpp | 22 ++++++++++++- mozilla/caps/src/nsSecurityManagerFactory.cpp | 15 +++++++++ mozilla/netwerk/build/nsNetCID.h | 12 +++++++ mozilla/netwerk/protocol/http/src/Makefile.in | 2 -- .../protocol/http/src/nsHttpChannel.cpp | 32 +++++++++---------- 6 files changed, 66 insertions(+), 20 deletions(-) diff --git a/mozilla/caps/include/nsScriptSecurityManager.h b/mozilla/caps/include/nsScriptSecurityManager.h index 62288387388..84f321baf29 100644 --- a/mozilla/caps/include/nsScriptSecurityManager.h +++ b/mozilla/caps/include/nsScriptSecurityManager.h @@ -52,6 +52,7 @@ #include "nsCOMPtr.h" #include "nsIPrefService.h" #include "nsISecurityPref.h" +#include "nsIChannelEventSink.h" #include "nsIJSContextStack.h" #include "nsIObserver.h" #include "pldhash.h" @@ -346,6 +347,7 @@ private: class nsScriptSecurityManager : public nsIScriptSecurityManager, public nsIPrefSecurityCheck, + public nsIChannelEventSink, public nsIObserver { public: @@ -357,6 +359,7 @@ public: NS_DECL_NSISCRIPTSECURITYMANAGER NS_DECL_NSIXPCSECURITYMANAGER NS_DECL_NSIPREFSECURITYCHECK + NS_DECL_NSICHANNELEVENTSINK NS_DECL_NSIOBSERVER static nsScriptSecurityManager* diff --git a/mozilla/caps/src/nsScriptSecurityManager.cpp b/mozilla/caps/src/nsScriptSecurityManager.cpp index 98e040e518d..c3cb69ac4b2 100644 --- a/mozilla/caps/src/nsScriptSecurityManager.cpp +++ b/mozilla/caps/src/nsScriptSecurityManager.cpp @@ -428,10 +428,11 @@ DeleteDomainEntry(nsHashKey *aKey, void *aData, void* closure) //////////////////////////////////// // Methods implementing ISupports // //////////////////////////////////// -NS_IMPL_ISUPPORTS4(nsScriptSecurityManager, +NS_IMPL_ISUPPORTS5(nsScriptSecurityManager, nsIScriptSecurityManager, nsIXPCSecurityManager, nsIPrefSecurityCheck, + nsIChannelEventSink, nsIObserver) /////////////////////////////////////////////////// @@ -2872,6 +2873,25 @@ nsScriptSecurityManager::CanAccessSecurityPreferences(PRBool* _retval) return IsCapabilityEnabled("CapabilityPreferencesAccess", _retval); } +///////////////////////////////////////////// +// Method implementing nsIChannelEventSink // +///////////////////////////////////////////// +NS_IMETHODIMP +nsScriptSecurityManager::OnChannelRedirect(nsIChannel* oldChannel, + nsIChannel* newChannel, + PRUint32 redirFlags) +{ + nsCOMPtr oldURI, newURI; + oldChannel->GetURI(getter_AddRefs(oldURI)); + newChannel->GetURI(getter_AddRefs(newURI)); + + NS_ENSURE_STATE(oldURI && newURI); + + const PRUint32 flags = nsIScriptSecurityManager::DISALLOW_FROM_MAIL | + nsIScriptSecurityManager::DISALLOW_SCRIPT_OR_DATA; + return CheckLoadURI(oldURI, newURI, flags); +} + ///////////////////////////////////// // Method implementing nsIObserver // diff --git a/mozilla/caps/src/nsSecurityManagerFactory.cpp b/mozilla/caps/src/nsSecurityManagerFactory.cpp index 67fff2c4247..ff249e5e352 100644 --- a/mozilla/caps/src/nsSecurityManagerFactory.cpp +++ b/mozilla/caps/src/nsSecurityManagerFactory.cpp @@ -53,6 +53,7 @@ #include "nsIServiceManager.h" #include "nsString.h" #include "nsPrefsCID.h" +#include "nsNetCID.h" /////////////////////// // nsSecurityNameSet // @@ -422,6 +423,20 @@ static const nsModuleComponentInfo capsComponentInfo[] = nsIClassInfo::MAIN_THREAD_ONLY }, + { NS_SCRIPTSECURITYMANAGER_CLASSNAME, + NS_SCRIPTSECURITYMANAGER_CID, + NS_GLOBAL_CHANNELEVENTSINK_CONTRACTID, + Construct_nsIScriptSecurityManager, + RegisterSecurityNameSet, + nsnull, + nsnull, + nsnull, + nsnull, + nsnull, + nsIClassInfo::MAIN_THREAD_ONLY + }, + + { NS_PRINCIPAL_CLASSNAME, NS_PRINCIPAL_CID, diff --git a/mozilla/netwerk/build/nsNetCID.h b/mozilla/netwerk/build/nsNetCID.h index 9cabc1ce0cd..0b59f5a4375 100644 --- a/mozilla/netwerk/build/nsNetCID.h +++ b/mozilla/netwerk/build/nsNetCID.h @@ -746,4 +746,16 @@ {0xa1, 0x6c, 0x00, 0x50, 0x04, 0x1c, 0xaf, 0x44} \ } +/****************************************************************************** + * Contracts that can be implemented by necko users. + */ + +/** + * This contract ID will be gotten as a service and gets the opportunity to look + * at and veto all redirects that are processed by necko. + */ +#define NS_GLOBAL_CHANNELEVENTSINK_CONTRACTID \ + "@mozilla.org/netwerk/global-channel-event-sink;1" + + #endif // nsNetCID_h__ diff --git a/mozilla/netwerk/protocol/http/src/Makefile.in b/mozilla/netwerk/protocol/http/src/Makefile.in index d2069270cac..e101cebca6d 100644 --- a/mozilla/netwerk/protocol/http/src/Makefile.in +++ b/mozilla/netwerk/protocol/http/src/Makefile.in @@ -54,8 +54,6 @@ REQUIRES = xpcom \ intl \ unicharutil \ caps \ - xpconnect \ - js \ uconv \ $(NULL) diff --git a/mozilla/netwerk/protocol/http/src/nsHttpChannel.cpp b/mozilla/netwerk/protocol/http/src/nsHttpChannel.cpp index 7d445903047..ddb267bb55a 100644 --- a/mozilla/netwerk/protocol/http/src/nsHttpChannel.cpp +++ b/mozilla/netwerk/protocol/http/src/nsHttpChannel.cpp @@ -52,7 +52,6 @@ #include "nsXPCOM.h" #include "nsISupportsPrimitives.h" #include "nsIURL.h" -#include "nsIScriptSecurityManager.h" #include "nsIIDNService.h" #include "nsIStreamListenerTee.h" #include "nsISeekableStream.h" @@ -2036,16 +2035,6 @@ nsHttpChannel::ProcessRedirection(PRUint32 redirectType) getter_AddRefs(newURI)); if (NS_FAILED(rv)) return rv; - // verify that this is a legal redirect - nsCOMPtr securityManager = - do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID); - if (securityManager) { - rv = securityManager->CheckLoadURI(mURI, newURI, - nsIScriptSecurityManager::DISALLOW_FROM_MAIL | - nsIScriptSecurityManager::DISALLOW_SCRIPT_OR_DATA); - if (NS_FAILED(rv)) return rv; - } - // Kill the current cache entry if we are redirecting // back to ourself. PRBool redirectingBackToSameURI = PR_FALSE; @@ -2083,6 +2072,20 @@ nsHttpChannel::ProcessRedirection(PRUint32 redirectType) rv = SetupReplacementChannel(newURI, newChannel, preserveMethod); if (NS_FAILED(rv)) return rv; + PRUint32 redirectFlags; + if (redirectType == 301) // Moved Permanently + redirectFlags = nsIChannelEventSink::REDIRECT_PERMANENT; + else + redirectFlags = nsIChannelEventSink::REDIRECT_TEMPORARY; + + // verify that this is a legal redirect + nsCOMPtr globalObserver = + do_GetService(NS_GLOBAL_CHANNELEVENTSINK_CONTRACTID); + if (globalObserver) { + rv = globalObserver->OnChannelRedirect(this, newChannel, redirectFlags); + if (NS_FAILED(rv)) return rv; + } + // call out to the event sink to notify it of this redirection. nsCOMPtr httpEventSink; GetCallback(httpEventSink); @@ -2095,12 +2098,7 @@ nsHttpChannel::ProcessRedirection(PRUint32 redirectType) nsCOMPtr channelEventSink; GetCallback(channelEventSink); if (channelEventSink) { - PRUint32 flags; - if (redirectType == 301) // Moved Permanently - flags = nsIChannelEventSink::REDIRECT_PERMANENT; - else - flags = nsIChannelEventSink::REDIRECT_TEMPORARY; - rv = channelEventSink->OnChannelRedirect(this, newChannel, flags); + rv = channelEventSink->OnChannelRedirect(this, newChannel, redirectFlags); if (NS_FAILED(rv)) return rv; } // XXX we used to talk directly with the script security manager, but that