зеркало из https://github.com/mozilla/gecko-dev.git
Bug 515460 - enforce CSP during XHR redirects, r=jst, a=dholbert_sheriff
This commit is contained in:
Родитель
78b1ffc343
Коммит
2265b71345
|
@ -96,6 +96,9 @@
|
||||||
#include "nsIWindowWatcher.h"
|
#include "nsIWindowWatcher.h"
|
||||||
#include "nsCommaSeparatedTokenizer.h"
|
#include "nsCommaSeparatedTokenizer.h"
|
||||||
#include "nsIConsoleService.h"
|
#include "nsIConsoleService.h"
|
||||||
|
#include "nsIChannelPolicy.h"
|
||||||
|
#include "nsChannelPolicy.h"
|
||||||
|
#include "nsIContentSecurityPolicy.h"
|
||||||
|
|
||||||
#define LOAD_STR "load"
|
#define LOAD_STR "load"
|
||||||
#define ERROR_STR "error"
|
#define ERROR_STR "error"
|
||||||
|
@ -1751,8 +1754,22 @@ nsXMLHttpRequest::OpenRequest(const nsACString& method,
|
||||||
} else {
|
} else {
|
||||||
loadFlags = nsIRequest::LOAD_BACKGROUND;
|
loadFlags = nsIRequest::LOAD_BACKGROUND;
|
||||||
}
|
}
|
||||||
rv = NS_NewChannel(getter_AddRefs(mChannel), uri, nsnull, loadGroup, nsnull,
|
// get Content Security Policy from principal to pass into channel
|
||||||
loadFlags);
|
nsCOMPtr<nsIChannelPolicy> channelPolicy;
|
||||||
|
nsCOMPtr<nsIContentSecurityPolicy> csp;
|
||||||
|
mPrincipal->GetCsp(getter_AddRefs(csp));
|
||||||
|
if (csp) {
|
||||||
|
channelPolicy = do_CreateInstance("@mozilla.org/nschannelpolicy;1");
|
||||||
|
channelPolicy->SetContentSecurityPolicy(csp);
|
||||||
|
channelPolicy->SetLoadType(nsIContentPolicy::TYPE_XMLHTTPREQUEST);
|
||||||
|
}
|
||||||
|
rv = NS_NewChannel(getter_AddRefs(mChannel),
|
||||||
|
uri,
|
||||||
|
nsnull, // ioService
|
||||||
|
loadGroup,
|
||||||
|
nsnull, // callbacks
|
||||||
|
loadFlags,
|
||||||
|
channelPolicy);
|
||||||
if (NS_FAILED(rv)) return rv;
|
if (NS_FAILED(rv)) return rv;
|
||||||
|
|
||||||
// Check if we're doing a cross-origin request.
|
// Check if we're doing a cross-origin request.
|
||||||
|
|
Загрузка…
Ссылка в новой задаче