Bug 1088617 - Remove nsIScriptSecurityManager::CheckSameOrigin. r=me

2014-10-29 09:21:18 +01:00 · 2014-10-29 09:21:18 +01:00 · 08be6709e0
--- a/caps/nsIScriptSecurityManager.idl
+++ b/caps/nsIScriptSecurityManager.idl
@ -19,7 +19,7 @@ interface nsILoadContext;
 [ptr] native JSContextPtr(JSContext);
 [ptr] native JSObjectPtr(JSObject);

-[scriptable, uuid(3b021962-975e-43b5-8a93-9fc2d20346e9)]
+[scriptable, uuid(f649959d-dae3-4027-83fd-5b7f8c8a8815)]
 interface nsIScriptSecurityManager : nsISupports
 {
    /**
@ -178,13 +178,6 @@ interface nsIScriptSecurityManager : nsISupports
     */
    [deprecated] nsIPrincipal getCodebasePrincipal(in nsIURI uri);

-    /**
-     * Returns OK if aJSContext and target have the same "origin"
-     * (scheme, host, and port).
-     */
-    [noscript] void checkSameOrigin(in JSContextPtr aJSContext,
-                                    in nsIURI aTargetURI);
-
    /**
     * Returns OK if aSourceURI and target have the same "origin"
     * (scheme, host, and port).
--- a/caps/nsScriptSecurityManager.cpp
+++ b/caps/nsScriptSecurityManager.cpp
@ -441,39 +441,6 @@ nsScriptSecurityManager::JSPrincipalsSubsume(JSPrincipals *first,
    return nsJSPrincipals::get(first)->Subsumes(nsJSPrincipals::get(second));
 }

-NS_IMETHODIMP
-nsScriptSecurityManager::CheckSameOrigin(JSContext* cx,
-                                         nsIURI* aTargetURI)
-{
-    MOZ_ASSERT_IF(cx, cx == nsContentUtils::GetCurrentJSContext());
-
-    // Get a principal from the context
-    nsIPrincipal* sourcePrincipal = nsContentUtils::SubjectPrincipal();
-    if (sourcePrincipal == mSystemPrincipal)
-    {
-        // This is a system (chrome) script, so allow access
-        return NS_OK;
-    }
-
-    // Get the original URI from the source principal.
-    // This has the effect of ignoring any change to document.domain
-    // which must be done to avoid DNS spoofing (bug 154930)
-    nsCOMPtr<nsIURI> sourceURI;
-    sourcePrincipal->GetDomain(getter_AddRefs(sourceURI));
-    if (!sourceURI) {
-      sourcePrincipal->GetURI(getter_AddRefs(sourceURI));
-      NS_ENSURE_TRUE(sourceURI, NS_ERROR_FAILURE);
-    }
-
-    // Compare origins
-    if (!SecurityCompareURIs(sourceURI, aTargetURI))
-    {
-         ReportError(cx, NS_LITERAL_STRING("CheckSameOriginError"), sourceURI, aTargetURI);
-         return NS_ERROR_DOM_BAD_URI;
-    }
-    return NS_OK;
-}
-
 NS_IMETHODIMP
 nsScriptSecurityManager::CheckSameOriginURI(nsIURI* aSourceURI,
                                            nsIURI* aTargetURI,