Bug 413161: Make nsIPrincipal::Origin ignore changes to document.domain. r/sr=dveditz
git-svn-id: svn://10.0.0.236/trunk@248160 18797224-902f-48f8-a5cc-f745e15eee43
This commit is contained in:
jonas%sicking.cc
parent
2a3bc76ce8
commit
fc747a50f2
@ -51,7 +51,7 @@ interface nsIURI;
|
|||||||
[ptr] native JSContext(JSContext);
|
[ptr] native JSContext(JSContext);
|
||||||
[ptr] native JSPrincipals(JSPrincipals);
|
[ptr] native JSPrincipals(JSPrincipals);
|
||||||
|
|
||||||
[scriptable, uuid(7292475e-2821-4602-9d00-228476696428)]
|
[scriptable, uuid(b8268b9a-2403-44ed-81e3-614075c92034)]
|
||||||
interface nsIPrincipal : nsISerializable
|
interface nsIPrincipal : nsISerializable
|
||||||
{
|
{
|
||||||
/**
|
/**
|
||||||
@ -142,9 +142,8 @@ interface nsIPrincipal : nsISerializable
|
|||||||
[noscript] attribute nsIURI domain;
|
[noscript] attribute nsIURI domain;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The origin of this principal's domain, if non-null, or its
|
* The origin of this principal's codebase URI.
|
||||||
* codebase URI otherwise. An origin is defined as:
|
* An origin is defined as: scheme + host + port.
|
||||||
* scheme + host + port.
|
|
||||||
*/
|
*/
|
||||||
// XXXcaa this should probably be turned into an nsIURI.
|
// XXXcaa this should probably be turned into an nsIURI.
|
||||||
// The system principal's origin should be some caps namespace
|
// The system principal's origin should be some caps namespace
|
||||||
|
|||||||
@ -140,7 +140,6 @@ protected:
|
|||||||
|
|
||||||
nsCOMPtr<nsIURI> mCodebase;
|
nsCOMPtr<nsIURI> mCodebase;
|
||||||
nsCOMPtr<nsIURI> mDomain;
|
nsCOMPtr<nsIURI> mDomain;
|
||||||
nsCOMPtr<nsIURI> mOrigin;
|
|
||||||
PRPackedBool mTrusted;
|
PRPackedBool mTrusted;
|
||||||
PRPackedBool mInitialized;
|
PRPackedBool mInitialized;
|
||||||
// If mCodebaseImmutable is true, mCodebase is non-null and immutable
|
// If mCodebaseImmutable is true, mCodebase is non-null and immutable
|
||||||
|
|||||||
@ -128,9 +128,6 @@ nsPrincipal::Init(const nsACString& aCertFingerprint,
|
|||||||
mCodebase = NS_TryToMakeImmutable(aCodebase);
|
mCodebase = NS_TryToMakeImmutable(aCodebase);
|
||||||
mCodebaseImmutable = URIIsImmutable(mCodebase);
|
mCodebaseImmutable = URIIsImmutable(mCodebase);
|
||||||
|
|
||||||
// Invalidate our cached origin
|
|
||||||
mOrigin = nsnull;
|
|
||||||
|
|
||||||
nsresult rv;
|
nsresult rv;
|
||||||
if (!aCertFingerprint.IsEmpty()) {
|
if (!aCertFingerprint.IsEmpty()) {
|
||||||
rv = SetCertificate(aCertFingerprint, aSubjectName, aPrettyName, aCert);
|
rv = SetCertificate(aCertFingerprint, aSubjectName, aPrettyName, aCert);
|
||||||
@ -172,14 +169,12 @@ nsPrincipal::GetOrigin(char **aOrigin)
|
|||||||
{
|
{
|
||||||
*aOrigin = nsnull;
|
*aOrigin = nsnull;
|
||||||
|
|
||||||
if (!mOrigin) {
|
nsCOMPtr<nsIURI> origin;
|
||||||
nsIURI* uri = mDomain ? mDomain : mCodebase;
|
if (mCodebase) {
|
||||||
if (uri) {
|
origin = NS_GetInnermostURI(mCodebase);
|
||||||
mOrigin = NS_GetInnermostURI(uri);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!mOrigin) {
|
if (!origin) {
|
||||||
NS_ASSERTION(mCert, "No Domain or Codebase for a non-cert principal");
|
NS_ASSERTION(mCert, "No Domain or Codebase for a non-cert principal");
|
||||||
return NS_ERROR_FAILURE;
|
return NS_ERROR_FAILURE;
|
||||||
}
|
}
|
||||||
@ -191,14 +186,14 @@ nsPrincipal::GetOrigin(char **aOrigin)
|
|||||||
// XXX this should be removed in favor of the solution in
|
// XXX this should be removed in favor of the solution in
|
||||||
// bug 160042.
|
// bug 160042.
|
||||||
PRBool isChrome;
|
PRBool isChrome;
|
||||||
nsresult rv = mOrigin->SchemeIs("chrome", &isChrome);
|
nsresult rv = origin->SchemeIs("chrome", &isChrome);
|
||||||
if (NS_SUCCEEDED(rv) && !isChrome) {
|
if (NS_SUCCEEDED(rv) && !isChrome) {
|
||||||
rv = mOrigin->GetHostPort(hostPort);
|
rv = origin->GetHostPort(hostPort);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (NS_SUCCEEDED(rv) && !isChrome) {
|
if (NS_SUCCEEDED(rv) && !isChrome) {
|
||||||
nsCAutoString scheme;
|
nsCAutoString scheme;
|
||||||
rv = mOrigin->GetScheme(scheme);
|
rv = origin->GetScheme(scheme);
|
||||||
NS_ENSURE_SUCCESS(rv, rv);
|
NS_ENSURE_SUCCESS(rv, rv);
|
||||||
*aOrigin = ToNewCString(scheme + NS_LITERAL_CSTRING("://") + hostPort);
|
*aOrigin = ToNewCString(scheme + NS_LITERAL_CSTRING("://") + hostPort);
|
||||||
}
|
}
|
||||||
@ -206,7 +201,7 @@ nsPrincipal::GetOrigin(char **aOrigin)
|
|||||||
// Some URIs (e.g., nsSimpleURI) don't support host. Just
|
// Some URIs (e.g., nsSimpleURI) don't support host. Just
|
||||||
// get the full spec.
|
// get the full spec.
|
||||||
nsCAutoString spec;
|
nsCAutoString spec;
|
||||||
rv = mOrigin->GetSpec(spec);
|
rv = origin->GetSpec(spec);
|
||||||
NS_ENSURE_SUCCESS(rv, rv);
|
NS_ENSURE_SUCCESS(rv, rv);
|
||||||
*aOrigin = ToNewCString(spec);
|
*aOrigin = ToNewCString(spec);
|
||||||
}
|
}
|
||||||
@ -565,9 +560,6 @@ nsPrincipal::SetURI(nsIURI* aURI)
|
|||||||
{
|
{
|
||||||
mCodebase = NS_TryToMakeImmutable(aURI);
|
mCodebase = NS_TryToMakeImmutable(aURI);
|
||||||
mCodebaseImmutable = URIIsImmutable(mCodebase);
|
mCodebaseImmutable = URIIsImmutable(mCodebase);
|
||||||
|
|
||||||
// Invalidate our cached origin
|
|
||||||
mOrigin = nsnull;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -676,9 +668,6 @@ nsPrincipal::SetDomain(nsIURI* aDomain)
|
|||||||
// Domain has changed, forget cached security policy
|
// Domain has changed, forget cached security policy
|
||||||
SetSecurityPolicy(nsnull);
|
SetSecurityPolicy(nsnull);
|
||||||
|
|
||||||
// Invalidate our cached origin
|
|
||||||
mOrigin = nsnull;
|
|
||||||
|
|
||||||
return NS_OK;
|
return NS_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -720,9 +709,6 @@ nsPrincipal::InitFromPersistent(const char* aPrefName,
|
|||||||
mCodebaseImmutable = URIIsImmutable(mCodebase);
|
mCodebaseImmutable = URIIsImmutable(mCodebase);
|
||||||
|
|
||||||
mTrusted = aTrusted;
|
mTrusted = aTrusted;
|
||||||
|
|
||||||
// Invalidate our cached origin
|
|
||||||
mOrigin = nsnull;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
rv = mJSPrincipals.Init(this, aToken);
|
rv = mJSPrincipals.Init(this, aToken);
|
||||||
@ -1094,8 +1080,6 @@ nsPrincipal::Write(nsIObjectOutputStream* aStream)
|
|||||||
return rv;
|
return rv;
|
||||||
}
|
}
|
||||||
|
|
||||||
// mOrigin is an optimization; don't bother serializing it.
|
|
||||||
|
|
||||||
rv = aStream->Write8(mTrusted);
|
rv = aStream->Write8(mTrusted);
|
||||||
if (NS_FAILED(rv)) {
|
if (NS_FAILED(rv)) {
|
||||||
return rv;
|
return rv;
|
||||||
|
|||||||
@ -1068,6 +1068,40 @@ nsScriptSecurityManager::CheckSameOriginDOMProp(nsIPrincipal* aSubject,
|
|||||||
return NS_ERROR_DOM_PROP_ACCESS_DENIED;
|
return NS_ERROR_DOM_PROP_ACCESS_DENIED;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static
|
||||||
|
nsresult
|
||||||
|
GetPrincipalDomainOrigin(nsIPrincipal* aPrincipal,
|
||||||
|
nsACString& aOrigin)
|
||||||
|
{
|
||||||
|
aOrigin.Truncate();
|
||||||
|
|
||||||
|
nsCOMPtr<nsIURI> uri;
|
||||||
|
aPrincipal->GetDomain(getter_AddRefs(uri));
|
||||||
|
if (!uri) {
|
||||||
|
aPrincipal->GetURI(getter_AddRefs(uri));
|
||||||
|
}
|
||||||
|
|
||||||
|
NS_ENSURE_TRUE(uri, NS_ERROR_UNEXPECTED);
|
||||||
|
|
||||||
|
nsCAutoString hostPort;
|
||||||
|
|
||||||
|
nsresult rv = uri->GetHostPort(hostPort);
|
||||||
|
if (NS_SUCCEEDED(rv)) {
|
||||||
|
nsCAutoString scheme;
|
||||||
|
rv = uri->GetScheme(scheme);
|
||||||
|
NS_ENSURE_SUCCESS(rv, rv);
|
||||||
|
aOrigin = scheme + NS_LITERAL_CSTRING("://") + hostPort;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
// Some URIs (e.g., nsSimpleURI) don't support host. Just
|
||||||
|
// get the full spec.
|
||||||
|
rv = uri->GetSpec(aOrigin);
|
||||||
|
NS_ENSURE_SUCCESS(rv, rv);
|
||||||
|
}
|
||||||
|
|
||||||
|
return NS_OK;
|
||||||
|
}
|
||||||
|
|
||||||
nsresult
|
nsresult
|
||||||
nsScriptSecurityManager::LookupPolicy(nsIPrincipal* aPrincipal,
|
nsScriptSecurityManager::LookupPolicy(nsIPrincipal* aPrincipal,
|
||||||
ClassInfoData& aClassData,
|
ClassInfoData& aClassData,
|
||||||
@ -1099,9 +1133,9 @@ nsScriptSecurityManager::LookupPolicy(nsIPrincipal* aPrincipal,
|
|||||||
printf("DomainLookup ");
|
printf("DomainLookup ");
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
nsXPIDLCString origin;
|
nsCAutoString origin;
|
||||||
if (NS_FAILED(rv = aPrincipal->GetOrigin(getter_Copies(origin))))
|
rv = GetPrincipalDomainOrigin(aPrincipal, origin);
|
||||||
return rv;
|
NS_ENSURE_SUCCESS(rv, rv);
|
||||||
|
|
||||||
char *start = origin.BeginWriting();
|
char *start = origin.BeginWriting();
|
||||||
const char *nextToLastDot = nsnull;
|
const char *nextToLastDot = nsnull;
|
||||||
@ -2670,13 +2704,13 @@ nsScriptSecurityManager::CheckConfirmDialog(JSContext* cx, nsIPrincipal* aPrinci
|
|||||||
if (NS_FAILED(rv))
|
if (NS_FAILED(rv))
|
||||||
return PR_FALSE;
|
return PR_FALSE;
|
||||||
|
|
||||||
nsXPIDLCString val;
|
nsCAutoString val;
|
||||||
PRBool hasCert;
|
PRBool hasCert;
|
||||||
aPrincipal->GetHasCertificate(&hasCert);
|
aPrincipal->GetHasCertificate(&hasCert);
|
||||||
if (hasCert)
|
if (hasCert)
|
||||||
rv = aPrincipal->GetPrettyName(val);
|
rv = aPrincipal->GetPrettyName(val);
|
||||||
else
|
else
|
||||||
rv = aPrincipal->GetOrigin(getter_Copies(val));
|
rv = GetPrincipalDomainOrigin(aPrincipal, val);
|
||||||
|
|
||||||
if (NS_FAILED(rv))
|
if (NS_FAILED(rv))
|
||||||
return PR_FALSE;
|
return PR_FALSE;
|
||||||
@ -2791,14 +2825,14 @@ nsScriptSecurityManager::EnableCapability(const char *capability)
|
|||||||
|
|
||||||
if (canEnable != nsIPrincipal::ENABLE_GRANTED)
|
if (canEnable != nsIPrincipal::ENABLE_GRANTED)
|
||||||
{
|
{
|
||||||
nsXPIDLCString val;
|
nsCAutoString val;
|
||||||
PRBool hasCert;
|
PRBool hasCert;
|
||||||
nsresult rv;
|
nsresult rv;
|
||||||
principal->GetHasCertificate(&hasCert);
|
principal->GetHasCertificate(&hasCert);
|
||||||
if (hasCert)
|
if (hasCert)
|
||||||
rv = principal->GetPrettyName(val);
|
rv = principal->GetPrettyName(val);
|
||||||
else
|
else
|
||||||
rv = principal->GetOrigin(getter_Copies(val));
|
rv = GetPrincipalDomainOrigin(principal, val);
|
||||||
|
|
||||||
if (NS_FAILED(rv))
|
if (NS_FAILED(rv))
|
||||||
return rv;
|
return rv;
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user