From 1ef1cfa9485b0e1d63ff9f245248db1c6dff0bef Mon Sep 17 00:00:00 2001 From: Nicholas Nethercote Date: Thu, 9 Jun 2016 16:11:00 +1000 Subject: [PATCH] Bug 1279148 - Clarify non-nullness of nsHeaderVisitor::{mXHR,mHttpChannel}. r=baku. --HG-- extra : rebase_source : 9bdd59d568c92bd465671f894a07603c75aa182c --- dom/base/nsXMLHttpRequest.cpp | 21 +++++++++++---------- dom/base/nsXMLHttpRequest.h | 17 ++++++++++------- 2 files changed, 21 insertions(+), 17 deletions(-) diff --git a/dom/base/nsXMLHttpRequest.cpp b/dom/base/nsXMLHttpRequest.cpp index b0bec82e4499..7b2ea37bd326 100644 --- a/dom/base/nsXMLHttpRequest.cpp +++ b/dom/base/nsXMLHttpRequest.cpp @@ -995,7 +995,7 @@ nsXMLHttpRequest::GetResponse(JSContext* aCx, } bool -nsXMLHttpRequest::IsCrossSiteCORSRequest() +nsXMLHttpRequest::IsCrossSiteCORSRequest() const { if (!mChannel) { return false; @@ -1197,10 +1197,10 @@ nsXMLHttpRequest::SlowAbort() /*Method that checks if it is safe to expose a header value to the client. It is used to check what headers are exposed for CORS requests.*/ bool -nsXMLHttpRequest::IsSafeHeader(const nsACString& header, nsIHttpChannel* httpChannel) +nsXMLHttpRequest::IsSafeHeader(const nsACString& aHeader, NotNull aHttpChannel) const { // See bug #380418. Hide "Set-Cookie" headers from non-chrome scripts. - if (!IsSystemXHR() && nsContentUtils::IsForbiddenResponseHeader(header)) { + if (!IsSystemXHR() && nsContentUtils::IsForbiddenResponseHeader(aHeader)) { NS_WARNING("blocked access to response header"); return false; } @@ -1223,14 +1223,14 @@ nsXMLHttpRequest::IsSafeHeader(const nsACString& header, nsIHttpChannel* httpCha "last-modified", "pragma" }; for (uint32_t i = 0; i < ArrayLength(kCrossOriginSafeHeaders); ++i) { - if (header.LowerCaseEqualsASCII(kCrossOriginSafeHeaders[i])) { + if (aHeader.LowerCaseEqualsASCII(kCrossOriginSafeHeaders[i])) { return true; } } nsAutoCString headerVal; // The "Access-Control-Expose-Headers" header contains a comma separated // list of method names. - httpChannel-> + aHttpChannel-> GetResponseHeader(NS_LITERAL_CSTRING("Access-Control-Expose-Headers"), headerVal); nsCCharSeparatedTokenizer exposeTokens(headerVal, ','); @@ -1243,7 +1243,7 @@ nsXMLHttpRequest::IsSafeHeader(const nsACString& header, nsIHttpChannel* httpCha if (!NS_IsValidHTTPToken(token)) { return false; } - if (header.Equals(token, nsCaseInsensitiveCStringComparator())) { + if (aHeader.Equals(token, nsCaseInsensitiveCStringComparator())) { isSafe = true; } } @@ -1264,7 +1264,8 @@ nsXMLHttpRequest::GetAllResponseHeaders(nsCString& aResponseHeaders) } if (nsCOMPtr httpChannel = GetCurrentHttpChannel()) { - RefPtr visitor = new nsHeaderVisitor(this, httpChannel); + RefPtr visitor = + new nsHeaderVisitor(*this, WrapNotNull(httpChannel)); if (NS_SUCCEEDED(httpChannel->VisitResponseHeaders(visitor))) { aResponseHeaders = visitor->Headers(); } @@ -1358,7 +1359,7 @@ nsXMLHttpRequest::GetResponseHeader(const nsACString& header, } // Check for dangerous headers - if (!IsSafeHeader(header, httpChannel)) { + if (!IsSafeHeader(header, WrapNotNull(httpChannel))) { return; } @@ -1458,7 +1459,7 @@ nsXMLHttpRequest::GetCurrentJARChannel() } bool -nsXMLHttpRequest::IsSystemXHR() +nsXMLHttpRequest::IsSystemXHR() const { return mIsSystem || nsContentUtils::IsSystemPrincipal(mPrincipal); } @@ -3648,7 +3649,7 @@ NS_IMPL_ISUPPORTS(nsXMLHttpRequest::nsHeaderVisitor, nsIHttpHeaderVisitor) NS_IMETHODIMP nsXMLHttpRequest:: nsHeaderVisitor::VisitHeader(const nsACString &header, const nsACString &value) { - if (mXHR->IsSafeHeader(header, mHttpChannel)) { + if (mXHR.IsSafeHeader(header, mHttpChannel)) { mHeaders.Append(header); mHeaders.AppendLiteral(": "); mHeaders.Append(value); diff --git a/dom/base/nsXMLHttpRequest.h b/dom/base/nsXMLHttpRequest.h index c3c50b29fc1f..50905b743072 100644 --- a/dom/base/nsXMLHttpRequest.h +++ b/dom/base/nsXMLHttpRequest.h @@ -7,7 +7,6 @@ #ifndef nsXMLHttpRequest_h__ #define nsXMLHttpRequest_h__ -#include "mozilla/Attributes.h" #include "nsIXMLHttpRequest.h" #include "nsISupportsUtils.h" #include "nsString.h" @@ -30,8 +29,10 @@ #include "nsIXPConnect.h" #include "nsIInputStream.h" #include "mozilla/Assertions.h" +#include "mozilla/Attributes.h" #include "mozilla/DOMEventTargetHelper.h" #include "mozilla/MemoryReporting.h" +#include "mozilla/NotNull.h" #include "mozilla/dom/TypedArray.h" #include "mozilla/dom/XMLHttpRequestBinding.h" @@ -423,7 +424,7 @@ private: return Send(Nullable(aBody)); } - bool IsCrossSiteCORSRequest(); + bool IsCrossSiteCORSRequest() const; bool IsDeniedCrossSiteCORSRequest(); // Tell our channel what network interface ID we were told to use. @@ -515,7 +516,8 @@ public: } } void GetAllResponseHeaders(nsCString& aResponseHeaders); - bool IsSafeHeader(const nsACString& aHeaderName, nsIHttpChannel* aHttpChannel); + bool IsSafeHeader(const nsACString& aHeaderName, + mozilla::NotNull aHttpChannel) const; void OverrideMimeType(const nsAString& aMimeType) { // XXX Should we do some validation here? @@ -615,7 +617,7 @@ protected: already_AddRefed GetCurrentHttpChannel(); already_AddRefed GetCurrentJARChannel(); - bool IsSystemXHR(); + bool IsSystemXHR() const; void ChangeStateToDone(); @@ -643,15 +645,16 @@ protected: public: NS_DECL_ISUPPORTS NS_DECL_NSIHTTPHEADERVISITOR - nsHeaderVisitor(nsXMLHttpRequest* aXMLHttpRequest, nsIHttpChannel* aHttpChannel) + nsHeaderVisitor(const nsXMLHttpRequest& aXMLHttpRequest, + mozilla::NotNull aHttpChannel) : mXHR(aXMLHttpRequest), mHttpChannel(aHttpChannel) {} const nsACString &Headers() { return mHeaders; } private: virtual ~nsHeaderVisitor() {} nsCString mHeaders; - nsXMLHttpRequest* mXHR; - nsCOMPtr mHttpChannel; + const nsXMLHttpRequest& mXHR; + mozilla::NotNull> mHttpChannel; }; // The bytes of our response body. Only used for DEFAULT, ARRAYBUFFER and