зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1674343 - Check for secure context when deciding to intercept r=asuth,nika,ckerschb
Differential Revision: https://phabricator.services.mozilla.com/D96179
This commit is contained in:
Родитель
446acb4cea
Коммит
1282d8af41
|
@ -9068,8 +9068,9 @@ bool nsContentUtils::ComputeIsSecureContext(nsIChannel* aChannel) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
const RefPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
|
||||||
|
|
||||||
if (principal->IsSystemPrincipal()) {
|
if (principal->IsSystemPrincipal()) {
|
||||||
nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
|
|
||||||
// If the load would've been sandboxed, treat this load as an untrusted
|
// If the load would've been sandboxed, treat this load as an untrusted
|
||||||
// load, as system code considers sandboxed resources insecure.
|
// load, as system code considers sandboxed resources insecure.
|
||||||
return !loadInfo->GetLoadingSandboxed();
|
return !loadInfo->GetLoadingSandboxed();
|
||||||
|
@ -9079,6 +9080,13 @@ bool nsContentUtils::ComputeIsSecureContext(nsIChannel* aChannel) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (const RefPtr<WindowContext> windowContext =
|
||||||
|
WindowContext::GetById(loadInfo->GetInnerWindowID())) {
|
||||||
|
if (!windowContext->GetIsSecureContext()) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return principal->GetIsOriginPotentiallyTrustworthy();
|
return principal->GetIsOriginPotentiallyTrustworthy();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -76,6 +76,11 @@ ServiceWorkerInterceptController::ShouldPrepareForIntercept(
|
||||||
return NS_OK;
|
return NS_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Check if we're in a secure context
|
||||||
|
if (!nsContentUtils::ComputeIsSecureContext(aChannel)) {
|
||||||
|
return NS_OK;
|
||||||
|
}
|
||||||
|
|
||||||
// Then check to see if we are allowed to control the window.
|
// Then check to see if we are allowed to control the window.
|
||||||
// It is important to check for the availability of the service worker first
|
// It is important to check for the availability of the service worker first
|
||||||
// to avoid showing warnings about the use of third-party cookies in the UI
|
// to avoid showing warnings about the use of third-party cookies in the UI
|
||||||
|
|
Загрузка…
Ссылка в новой задаче