зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1508609 - Add strict checking of principals into DocShell LoadURI. r=ckerschb
Differential Revision: https://phabricator.services.mozilla.com/D12425 --HG-- extra : moz-landing-system : lando
This commit is contained in:
Родитель
55cef5b2ab
Коммит
02cef3103a
|
@ -679,6 +679,11 @@ nsDocShell::LoadURI(nsDocShellLoadState* aLoadState)
|
|||
"Should not have these flags set");
|
||||
MOZ_ASSERT(aLoadState->URI(), "Should have a valid URI to load");
|
||||
|
||||
if (mUseStrictSecurityChecks && !aLoadState->TriggeringPrincipal()) {
|
||||
MOZ_ASSERT(false, "LoadURI must have a triggering principal");
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
|
||||
// Note: we allow loads to get through here even if mFiredUnloadEvent is
|
||||
// true; that case will get handled in LoadInternal or LoadHistoryEntry,
|
||||
// so we pass false as the second parameter to IsNavigationAllowed.
|
||||
|
|
|
@ -8,6 +8,7 @@
|
|||
|
||||
#include <algorithm>
|
||||
|
||||
#include "nsContentUtils.h"
|
||||
#include "nsCOMArray.h"
|
||||
#include "nsComponentManagerUtils.h"
|
||||
#include "nsDocShell.h"
|
||||
|
@ -1594,6 +1595,8 @@ nsSHistory::InitiateLoad(nsISHEntry* aFrameEntry, nsIDocShell* aFrameDS,
|
|||
nsCOMPtr<nsIURI> newURI = aFrameEntry->GetURI();
|
||||
loadState->SetURI(newURI);
|
||||
loadState->SetLoadFlags(nsIWebNavigation::LOAD_FLAGS_NONE);
|
||||
// TODO fix principal here in Bug 1508642
|
||||
loadState->SetTriggeringPrincipal(nsContentUtils::GetSystemPrincipal());
|
||||
loadState->SetFirstParty(false);
|
||||
|
||||
// Time to initiate a document load
|
||||
|
|
Загрузка…
Ссылка в новой задаче