From 2c2ccd27979560e36028156765fd6dc3975731f9 Mon Sep 17 00:00:00 2001 From: Valentin Gosu Date: Tue, 4 Jun 2019 12:24:56 +0000 Subject: [PATCH] Bug 1533877 - Frame navigations should check their parent's Cross-Origin policy r=nika Differential Revision: https://phabricator.services.mozilla.com/D32972 --HG-- extra : moz-landing-system : lando --- docshell/base/BrowsingContext.cpp | 4 +++- docshell/base/BrowsingContextFieldList.h | 1 + netwerk/protocol/http/nsHttpChannel.cpp | 3 ++- .../tests/html/cross-origin/null.tentative.html | 8 ++++---- 4 files changed, 10 insertions(+), 6 deletions(-) diff --git a/docshell/base/BrowsingContext.cpp b/docshell/base/BrowsingContext.cpp index 98b79da4f671..9b1d8f200e6f 100644 --- a/docshell/base/BrowsingContext.cpp +++ b/docshell/base/BrowsingContext.cpp @@ -116,11 +116,13 @@ already_AddRefed BrowsingContext::Create( // using transactions to set them, as we haven't been attached yet. context->mName = aName; context->mOpenerId = aOpener ? aOpener->Id() : 0; + context->mCrossOriginPolicy = nsILoadInfo::CROSS_ORIGIN_POLICY_NULL; + context->mInheritedCrossOriginPolicy = nsILoadInfo::CROSS_ORIGIN_POLICY_NULL; BrowsingContext* inherit = aParent ? aParent : aOpener; if (inherit) { context->mOpenerPolicy = inherit->mOpenerPolicy; - context->mCrossOriginPolicy = inherit->mCrossOriginPolicy; + context->mInheritedCrossOriginPolicy = inherit->mCrossOriginPolicy; } Register(context); diff --git a/docshell/base/BrowsingContextFieldList.h b/docshell/base/BrowsingContextFieldList.h index 0bc1cb32891c..c0337c60e0a1 100644 --- a/docshell/base/BrowsingContextFieldList.h +++ b/docshell/base/BrowsingContextFieldList.h @@ -17,6 +17,7 @@ MOZ_BC_FIELD_RACY(Name, nsString) MOZ_BC_FIELD_RACY(Closed, bool) MOZ_BC_FIELD(CrossOriginPolicy, nsILoadInfo::CrossOriginPolicy) +MOZ_BC_FIELD(InheritedCrossOriginPolicy, nsILoadInfo::CrossOriginPolicy) MOZ_BC_FIELD(OpenerPolicy, nsILoadInfo::CrossOriginOpenerPolicy) // The current opener for this BrowsingContext. This is a weak reference, and diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp index 5e800c30c0b1..16acbbd112a4 100644 --- a/netwerk/protocol/http/nsHttpChannel.cpp +++ b/netwerk/protocol/http/nsHttpChannel.cpp @@ -7517,7 +7517,8 @@ nsresult nsHttpChannel::ProcessCrossOriginHeader() { return NS_OK; } - nsILoadInfo::CrossOriginPolicy documentPolicy = ctx->GetCrossOriginPolicy(); + nsILoadInfo::CrossOriginPolicy documentPolicy = + ctx->GetInheritedCrossOriginPolicy(); nsILoadInfo::CrossOriginPolicy resultPolicy = nsILoadInfo::CROSS_ORIGIN_POLICY_NULL; rv = GetResponseCrossOriginPolicy(&resultPolicy); diff --git a/testing/web-platform/tests/html/cross-origin/null.tentative.html b/testing/web-platform/tests/html/cross-origin/null.tentative.html index df9a2377b250..3cf57f47f4bf 100644 --- a/testing/web-platform/tests/html/cross-origin/null.tentative.html +++ b/testing/web-platform/tests/html/cross-origin/null.tentative.html @@ -23,13 +23,13 @@ async_test(t => { }); t.step_timeout(() => { assert_equals(firstNavOk, true, "The initial load should work"); - assert_equals(frame.contentDocument, null, "Navigation to null policy should fail"); + assert_not_equals(frame.contentDocument, null, "Navigation to null policy should fail"); t.done(); }, 500); frame.src = "resources/navigate_anonymous.sub.html?to=/common/blank.html"; document.body.append(frame); assert_equals(frame.contentDocument.body.localName, "body"); -}, "Top-level with null policy: navigating a frame from use-credentials policy to a null policy should fail."); +}, "Top-level with null policy: parent policy should apply to frame navigation from use-credentials policy to a null. Should succeed."); async_test(t => { const frame = document.createElement("iframe"); @@ -40,13 +40,13 @@ async_test(t => { }); t.step_timeout(() => { assert_equals(firstNavOk, true, "The initial load should work"); - assert_equals(frame.contentDocument, null, "Navigation to null policy should fail"); + assert_not_equals(frame.contentDocument, null, "Navigation to null policy should fail"); t.done(); }, 500); frame.src = "resources/navigate_anonymous.sub.html?to=/common/blank.html"; document.body.append(frame); assert_equals(frame.contentDocument.body.localName, "body"); -}, "Top-level with null policy: navigating a frame from anonymous policy to a null policy should fail."); +}, "Top-level with null policy: parent policy should apply to frame navigation from anonymous policy to a null. Should succeed."); async_test(t => { let w = window.open(`resources/navigate_null.sub.html?to=navigate_anonymous.sub.html`, "window_name");