Bug 1508609 - Add strict checking of principals into DocShell LoadURI. r=ckerschb

Differential Revision: https://phabricator.services.mozilla.com/D12425

--HG--
extra : moz-landing-system : lando

docshell/base/nsDocShell.cpp

@@ -679,6 +679,11 @@ nsDocShell::LoadURI(nsDocShellLoadState* aLoadState)
              "Should not have these flags set");
   MOZ_ASSERT(aLoadState->URI(), "Should have a valid URI to load");
 
+  if (mUseStrictSecurityChecks && !aLoadState->TriggeringPrincipal()) {
+    MOZ_ASSERT(false, "LoadURI must have a triggering principal");
+    return NS_ERROR_FAILURE;
+  }
+
   // Note: we allow loads to get through here even if mFiredUnloadEvent is
   // true; that case will get handled in LoadInternal or LoadHistoryEntry,
   // so we pass false as the second parameter to IsNavigationAllowed.

docshell/shistory/nsSHistory.cpp

@@ -8,6 +8,7 @@
 
 #include <algorithm>
 
+#include "nsContentUtils.h"
 #include "nsCOMArray.h"
 #include "nsComponentManagerUtils.h"
 #include "nsDocShell.h"
@@ -1594,6 +1595,8 @@ nsSHistory::InitiateLoad(nsISHEntry* aFrameEntry, nsIDocShell* aFrameDS,
   nsCOMPtr<nsIURI> newURI = aFrameEntry->GetURI();
   loadState->SetURI(newURI);
   loadState->SetLoadFlags(nsIWebNavigation::LOAD_FLAGS_NONE);
+  // TODO fix principal here in Bug 1508642
+  loadState->SetTriggeringPrincipal(nsContentUtils::GetSystemPrincipal());
   loadState->SetFirstParty(false);
 
   // Time to initiate a document load