Bug 248052 Add a contract ID for a global channeleventsink. Make the

scriptsecuritymanager register for that and implement nsIChannelEventSink. Veto
redirects if CheckLoadURI fails. Remove the explicit usage of
nsIScriptSecurityManager from nsHttpChannel.cpp.

This eliminates js and xpconnect from REQUIRES, and brings us closer to remove
caps.

r=darin sr=bz


git-svn-id: svn://10.0.0.236/trunk@184313 18797224-902f-48f8-a5cc-f745e15eee43

mozilla/caps/src/nsScriptSecurityManager.cpp

@@ -428,10 +428,11 @@ DeleteDomainEntry(nsHashKey *aKey, void *aData, void* closure)
 ////////////////////////////////////
 // Methods implementing ISupports //
 ////////////////////////////////////
-NS_IMPL_ISUPPORTS4(nsScriptSecurityManager,
+NS_IMPL_ISUPPORTS5(nsScriptSecurityManager,
                    nsIScriptSecurityManager,
                    nsIXPCSecurityManager,
                    nsIPrefSecurityCheck,
+                   nsIChannelEventSink,
                    nsIObserver)
 
 ///////////////////////////////////////////////////
@@ -2872,6 +2873,25 @@ nsScriptSecurityManager::CanAccessSecurityPreferences(PRBool* _retval)
     return IsCapabilityEnabled("CapabilityPreferencesAccess", _retval);  
 }
 
+/////////////////////////////////////////////
+// Method implementing nsIChannelEventSink //
+/////////////////////////////////////////////
+NS_IMETHODIMP
+nsScriptSecurityManager::OnChannelRedirect(nsIChannel* oldChannel, 
+                                           nsIChannel* newChannel,
+                                           PRUint32 redirFlags)
+{
+    nsCOMPtr<nsIURI> oldURI, newURI;
+    oldChannel->GetURI(getter_AddRefs(oldURI));
+    newChannel->GetURI(getter_AddRefs(newURI));
+
+    NS_ENSURE_STATE(oldURI && newURI);
+
+    const PRUint32 flags = nsIScriptSecurityManager::DISALLOW_FROM_MAIL |
+                           nsIScriptSecurityManager::DISALLOW_SCRIPT_OR_DATA;
+    return CheckLoadURI(oldURI, newURI, flags);
+}
+
 
 /////////////////////////////////////
 // Method implementing nsIObserver //