From 2265b71345a48a02837fabbf2efde1786b017eb4 Mon Sep 17 00:00:00 2001
From: Brandon Sterne <bsterne@mozilla.com>
Date: Fri, 23 Apr 2010 12:54:09 -0700
Subject: [PATCH] Bug 515460 - enforce CSP during XHR redirects, r=jst,
 a=dholbert_sheriff

---
 content/base/src/nsXMLHttpRequest.cpp | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/content/base/src/nsXMLHttpRequest.cpp b/content/base/src/nsXMLHttpRequest.cpp
index e209408147da..8e70e1fee6ce 100644
--- a/content/base/src/nsXMLHttpRequest.cpp
+++ b/content/base/src/nsXMLHttpRequest.cpp
@@ -96,6 +96,9 @@
 #include "nsIWindowWatcher.h"
 #include "nsCommaSeparatedTokenizer.h"
 #include "nsIConsoleService.h"
+#include "nsIChannelPolicy.h"
+#include "nsChannelPolicy.h"
+#include "nsIContentSecurityPolicy.h"
 
 #define LOAD_STR "load"
 #define ERROR_STR "error"
@@ -1751,8 +1754,22 @@ nsXMLHttpRequest::OpenRequest(const nsACString& method,
   } else {
     loadFlags = nsIRequest::LOAD_BACKGROUND;
   }
-  rv = NS_NewChannel(getter_AddRefs(mChannel), uri, nsnull, loadGroup, nsnull,
-                     loadFlags);
+  // get Content Security Policy from principal to pass into channel
+  nsCOMPtr<nsIChannelPolicy> channelPolicy;
+  nsCOMPtr<nsIContentSecurityPolicy> csp;
+  mPrincipal->GetCsp(getter_AddRefs(csp));
+  if (csp) {
+    channelPolicy = do_CreateInstance("@mozilla.org/nschannelpolicy;1");
+    channelPolicy->SetContentSecurityPolicy(csp);
+    channelPolicy->SetLoadType(nsIContentPolicy::TYPE_XMLHTTPREQUEST);
+  }
+  rv = NS_NewChannel(getter_AddRefs(mChannel),
+                     uri,
+                     nsnull,                    // ioService
+                     loadGroup,
+                     nsnull,                    // callbacks
+                     loadFlags,
+                     channelPolicy);
   if (NS_FAILED(rv)) return rv;
 
   // Check if we're doing a cross-origin request.