Add prefs to disable CORS, as well as fix compliance issue in Access-Control-Request-Headers header. r/sr/a=jst

This commit is contained in:
Jonas Sicking 2009-05-20 16:07:18 -07:00
Родитель 5da2e47dea
Коммит 124a6f937e
4 изменённых файлов: 31 добавлений и 7 удалений

Просмотреть файл

@ -55,7 +55,8 @@
#include "nsCommaSeparatedTokenizer.h"
#include "nsXMLHttpRequest.h"
static NS_DEFINE_CID(kCParserCID, NS_PARSER_CID);
static PRBool gDisableCORS = PR_FALSE;
static PRBool gDisableCORSPrivateData = PR_FALSE;
class nsChannelCanceller
{
@ -84,6 +85,14 @@ NS_IMPL_ISUPPORTS4(nsCrossSiteListenerProxy, nsIStreamListener,
nsIRequestObserver, nsIChannelEventSink,
nsIInterfaceRequestor)
/* static */
void
nsCrossSiteListenerProxy::Startup()
{
nsContentUtils::AddBoolPrefVarCache("content.cors.disable", &gDisableCORS);
nsContentUtils::AddBoolPrefVarCache("content.cors.no_private_data", &gDisableCORSPrivateData);
}
nsCrossSiteListenerProxy::nsCrossSiteListenerProxy(nsIStreamListener* aOuter,
nsIPrincipal* aRequestingPrincipal,
nsIChannel* aChannel,
@ -91,7 +100,7 @@ nsCrossSiteListenerProxy::nsCrossSiteListenerProxy(nsIStreamListener* aOuter,
nsresult* aResult)
: mOuterListener(aOuter),
mRequestingPrincipal(aRequestingPrincipal),
mWithCredentials(aWithCredentials),
mWithCredentials(aWithCredentials && !gDisableCORSPrivateData),
mRequestApproved(PR_FALSE),
mHasBeenCrossSite(PR_FALSE),
mIsPreflight(PR_FALSE)
@ -117,13 +126,18 @@ nsCrossSiteListenerProxy::nsCrossSiteListenerProxy(nsIStreamListener* aOuter,
nsresult* aResult)
: mOuterListener(aOuter),
mRequestingPrincipal(aRequestingPrincipal),
mWithCredentials(aWithCredentials),
mWithCredentials(aWithCredentials && !gDisableCORSPrivateData),
mRequestApproved(PR_FALSE),
mHasBeenCrossSite(PR_FALSE),
mIsPreflight(PR_TRUE),
mPreflightMethod(aPreflightMethod),
mPreflightHeaders(aPreflightHeaders)
{
for (PRUint32 i = 0; i < mPreflightHeaders.Length(); ++i) {
ToLowerCase(mPreflightHeaders[i]);
}
mPreflightHeaders.Sort();
aChannel->GetNotificationCallbacks(getter_AddRefs(mOuterNotificationCallbacks));
aChannel->SetNotificationCallbacks(this);
@ -211,6 +225,10 @@ nsCrossSiteListenerProxy::CheckRequestApproved(nsIRequest* aRequest,
return NS_OK;
}
if (gDisableCORS) {
return NS_ERROR_DOM_BAD_URI;
}
// Check if the request failed
nsresult status;
nsresult rv = aRequest->GetStatus(&status);

Просмотреть файл

@ -78,6 +78,9 @@ public:
NS_DECL_NSIINTERFACEREQUESTOR
NS_DECL_NSICHANNELEVENTSINK
// Must be called at startup.
static void Startup();
private:
nsresult UpdateChannel(nsIChannel* aChannel);
nsresult CheckRequestApproved(nsIRequest* aRequest, PRBool aIsRedirect);

Просмотреть файл

@ -460,10 +460,10 @@ function runTest() {
if ("headers" in test) {
req.url += "&headers=" + escape(test.headers.toSource());
reqHeaders =
escape([name for (name in test.headers)].filter(function(name)
name != "Content-Type" &&
name != "Accept" &&
name != "Accept-Language").join(","));
escape([name for (name in test.headers)].map(String.toLowerCase).filter(function(name)
name != "content-type" &&
name != "accept" &&
name != "accept-language").sort().join(","));
req.url += reqHeaders ? "&requestHeaders=" + reqHeaders : "";
}
if ("allowHeaders" in test)

Просмотреть файл

@ -83,6 +83,7 @@
#include "nsIFocusEventSuppressor.h"
#include "nsDOMThreadService.h"
#include "nsHTMLDNSPrefetch.h"
#include "nsCrossSiteListenerProxy.h"
#ifdef MOZ_XUL
#include "nsXULPopupManager.h"
@ -267,6 +268,8 @@ nsLayoutStatics::Initialize()
nsAudioStream::InitLibrary();
#endif
nsCrossSiteListenerProxy::Startup();
return NS_OK;
}