Bug 1425156 - Fix bug in the http-auth dialog blocking. r=ckerschb

2017-12-14 20:22:56 +01:00 · 2017-12-14 20:22:56 +01:00 · 07543200e4
--- a/netwerk/protocol/http/nsHttpChannelAuthProvider.cpp
+++ b/netwerk/protocol/http/nsHttpChannelAuthProvider.cpp
@ -998,16 +998,19 @@ nsHttpChannelAuthProvider::BlockPrompt(bool proxyAuth)
    bool nonWebContent = false;

    if (loadInfo) {
-        nsCOMPtr<nsIPrincipal> triggeringPrinc =
-            loadInfo->TriggeringPrincipal();
-        if (nsContentUtils::IsSystemPrincipal(triggeringPrinc)) {
-            nonWebContent = true;
-        }
-
        if (loadInfo->GetExternalContentPolicyType() !=
            nsIContentPolicy::TYPE_DOCUMENT) {
            topDoc = false;
        }
+
+        if (!topDoc) {
+            nsCOMPtr<nsIPrincipal> triggeringPrinc =
+                loadInfo->TriggeringPrincipal();
+            if (nsContentUtils::IsSystemPrincipal(triggeringPrinc)) {
+                nonWebContent = true;
+            }
+        }
+
        if (loadInfo->GetExternalContentPolicyType() ==
            nsIContentPolicy::TYPE_XMLHTTPREQUEST) {
            xhr = true;
@ -1032,12 +1035,12 @@ nsHttpChannelAuthProvider::BlockPrompt(bool proxyAuth)
    }

    if (gHttpHandler->IsTelemetryEnabled()) {
-        if (nonWebContent) {
-            Telemetry::Accumulate(Telemetry::HTTP_AUTH_DIALOG_STATS_3,
-                                  HTTP_AUTH_DIALOG_NON_WEB_CONTENT);
-        } else if (topDoc) {
+        if (topDoc) {
            Telemetry::Accumulate(Telemetry::HTTP_AUTH_DIALOG_STATS_3,
                                  HTTP_AUTH_DIALOG_TOP_LEVEL_DOC);
+        } else if (nonWebContent) {
+            Telemetry::Accumulate(Telemetry::HTTP_AUTH_DIALOG_STATS_3,
+                                   HTTP_AUTH_DIALOG_NON_WEB_CONTENT);
        } else if (!mCrossOrigin) {
            if (xhr) {
                Telemetry::Accumulate(Telemetry::HTTP_AUTH_DIALOG_STATS_3,
@ -1052,7 +1055,7 @@ nsHttpChannelAuthProvider::BlockPrompt(bool proxyAuth)
        }
    }

-    if (!sNonWebContentTriggeredAuthAllow && nonWebContent) {
+    if (!topDoc && !sNonWebContentTriggeredAuthAllow && nonWebContent) {
        return true;
    }

@ -1070,7 +1073,8 @@ nsHttpChannelAuthProvider::BlockPrompt(bool proxyAuth)
        // If pref network.auth.subresource-img-cross-origin-http-auth-allow
        // is set, http-authentication dialog for image subresources is
        // blocked.
-        if (!sImgCrossOriginAuthAllowPref &&
+        if (mCrossOrigin &&
+            !sImgCrossOriginAuthAllowPref &&
            loadInfo &&
            ((loadInfo->GetExternalContentPolicyType() == nsIContentPolicy::TYPE_IMAGE) ||
             (loadInfo->GetExternalContentPolicyType() == nsIContentPolicy::TYPE_IMAGESET))) {