Bug 1143922 - Add AsyncOpen2 to nsIChannel and perform security checks when opening a channel - channel changes (r=mcmanus,sicking)

2015-05-15 13:21:20 -07:00 · 2015-05-15 13:21:20 -07:00 · 2ddb4064ec
--- a/dom/ipc/TabParent.cpp
+++ b/dom/ipc/TabParent.cpp
@ -3145,7 +3145,9 @@ public:
  NS_IMETHOD GetContentLength(int64_t*) NO_IMPL
  NS_IMETHOD SetContentLength(int64_t) NO_IMPL
  NS_IMETHOD Open(nsIInputStream**) NO_IMPL
  NS_IMETHOD Open2(nsIInputStream**) NO_IMPL
  NS_IMETHOD AsyncOpen(nsIStreamListener*, nsISupports*) NO_IMPL
  NS_IMETHOD AsyncOpen2(nsIStreamListener*) NO_IMPL
  NS_IMETHOD GetContentDisposition(uint32_t*) NO_IMPL
  NS_IMETHOD SetContentDisposition(uint32_t) NO_IMPL
  NS_IMETHOD GetContentDispositionFilename(nsAString&) NO_IMPL
--- a/dom/jsurl/nsJSProtocolHandler.cpp
+++ b/dom/jsurl/nsJSProtocolHandler.cpp
@ -50,6 +50,7 @@
 #include "nsSandboxFlags.h"
 #include "mozilla/dom/ScriptSettings.h"
 #include "nsILoadInfo.h"
 #include "nsContentSecurityManager.h"
 #include "mozilla/ipc/URIUtils.h"
@ -552,6 +553,15 @@ nsJSChannel::Open(nsIInputStream **aResult)
    return mStreamChannel->Open(aResult);
 }
 NS_IMETHODIMP
 nsJSChannel::Open2(nsIInputStream** aStream)
 {
    nsCOMPtr<nsIStreamListener> listener;
    nsresult rv = nsContentSecurityManager::doContentSecurityCheck(this, listener);
    NS_ENSURE_SUCCESS(rv, rv);
    return Open(aStream);
 }
 NS_IMETHODIMP
 nsJSChannel::AsyncOpen(nsIStreamListener *aListener, nsISupports *aContext)
 {
@ -663,6 +673,15 @@ nsJSChannel::AsyncOpen(nsIStreamListener *aListener, nsISupports *aContext)
    return rv;
 }
 NS_IMETHODIMP
 nsJSChannel::AsyncOpen2(nsIStreamListener *aListener)
 {
  nsCOMPtr<nsIStreamListener> listener = aListener;
  nsresult rv = nsContentSecurityManager::doContentSecurityCheck(this, listener);
  NS_ENSURE_SUCCESS(rv, rv);
  return AsyncOpen(listener, nullptr);
 }
 void
 nsJSChannel::EvaluateScript()
 {
--- a/image/decoders/icon/mac/nsIconChannelCocoa.mm
+++ b/image/decoders/icon/mac/nsIconChannelCocoa.mm
@ -25,6 +25,7 @@
 #include "nsTArray.h"
 #include "nsObjCExceptions.h"
 #include "nsProxyRelease.h"
 #include "nsContentSecurityManager.h"
 #include <Cocoa/Cocoa.h>
@ -177,6 +178,15 @@ nsIconChannel::Open(nsIInputStream** _retval)
  return MakeInputStream(_retval, false);
 }
 NS_IMETHODIMP
 nsIconChannel::Open2(nsIInputStream** aStream)
 {
  nsCOMPtr<nsIStreamListener> listener;
  nsresult rv = nsContentSecurityManager::doContentSecurityCheck(this, listener);
  NS_ENSURE_SUCCESS(rv, rv);
  return Open(aStream);
 }
 nsresult
 nsIconChannel::ExtractIconInfoFromUrl(nsIFile** aLocalFile,
                                               uint32_t* aDesiredImageSize,
@ -236,6 +246,15 @@ nsIconChannel::AsyncOpen(nsIStreamListener* aListener,
  return rv;
 }
 NS_IMETHODIMP
 nsIconChannel::AsyncOpen2(nsIStreamListener* aListener)
 {
  nsCOMPtr<nsIStreamListener> listener = aListener;
  nsresult rv = nsContentSecurityManager::doContentSecurityCheck(this, listener);
  NS_ENSURE_SUCCESS(rv, rv);
  return AsyncOpen(listener, nullptr);
 }
 nsresult
 nsIconChannel::MakeInputStream(nsIInputStream** _retval,
                                        bool aNonBlocking)
--- a/image/decoders/icon/win/nsIconChannel.cpp
+++ b/image/decoders/icon/win/nsIconChannel.cpp
@ -26,6 +26,7 @@
 #include "nsCExternalHandlerService.h"
 #include "nsDirectoryServiceDefs.h"
 #include "nsProxyRelease.h"
 #include "nsContentSecurityManager.h"
 #ifdef _WIN32_WINNT
 #undef _WIN32_WINNT
@ -198,6 +199,15 @@ nsIconChannel::Open(nsIInputStream** _retval)
  return MakeInputStream(_retval, false);
 }
 NS_IMETHODIMP
 nsIconChannel::Open2(nsIInputStream** aStream)
 {
  nsCOMPtr<nsIStreamListener> listener;
  nsresult rv = nsContentSecurityManager::doContentSecurityCheck(this, listener);
  NS_ENSURE_SUCCESS(rv, rv);
  return Open(aStream);
 }
 nsresult
 nsIconChannel::ExtractIconInfoFromUrl(nsIFile** aLocalFile,
                        uint32_t* aDesiredImageSize, nsCString& aContentType,
@ -253,6 +263,15 @@ nsIconChannel::AsyncOpen(nsIStreamListener* aListener,
  return rv;
 }
 NS_IMETHODIMP
 nsIconChannel::AsyncOpen2(nsIStreamListener* aListener)
 {
  nsCOMPtr<nsIStreamListener> listener = aListener;
  nsresult rv = nsContentSecurityManager::doContentSecurityCheck(this, listener);
  NS_ENSURE_SUCCESS(rv, rv);
  return AsyncOpen(listener, nullptr);
 }
 static DWORD
 GetSpecialFolderIcon(nsIFile* aFile, int aFolder,
                                  SHFILEINFOW* aSFI, UINT aInfoFlags)
--- a/modules/libjar/nsJARChannel.cpp
+++ b/modules/libjar/nsJARChannel.cpp
@ -15,6 +15,7 @@
 #include "nsIViewSourceChannel.h"
 #include "nsContentUtils.h"
 #include "nsProxyRelease.h"
 #include "nsContentSecurityManager.h"
 #include "nsIScriptSecurityManager.h"
 #include "nsIPrincipal.h"
@ -861,6 +862,15 @@ nsJARChannel::Open(nsIInputStream **stream)
    return NS_OK;
 }
 NS_IMETHODIMP
 nsJARChannel::Open2(nsIInputStream** aStream)
 {
    nsCOMPtr<nsIStreamListener> listener;
    nsresult rv = nsContentSecurityManager::doContentSecurityCheck(this, listener);
    NS_ENSURE_SUCCESS(rv, rv);
    return Open(aStream);
 }
 bool
 nsJARChannel::ShouldIntercept()
 {
@ -977,6 +987,20 @@ nsJARChannel::AsyncOpen(nsIStreamListener *listener, nsISupports *ctx)
    return ContinueAsyncOpen();
 }
 NS_IMETHODIMP
 nsJARChannel::AsyncOpen2(nsIStreamListener *aListener)
 {
  if (!mLoadInfo) {
    MOZ_ASSERT(mLoadInfo, "can not enforce security without loadInfo");
    return NS_ERROR_UNEXPECTED;
  }
  // setting the flag on the loadInfo indicates that the underlying
  // channel will be openend using AsyncOpen2() and hence performs
  // the necessary security checks.
  mLoadInfo->SetEnforceSecurity(true);
  return AsyncOpen(aListener, nullptr);
 }
 nsresult
 nsJARChannel::ContinueAsyncOpen()
 {
@ -995,8 +1019,6 @@ nsJARChannel::ContinueAsyncOpen()
        // Not a local file...
        // kick off an async download of the base URI...
        nsCOMPtr<nsIStreamListener> downloader = new MemoryDownloader(this);
        // Since we might not have a loadinfo on all channels yet
        // we have to provide default arguments in case mLoadInfo is null;
        uint32_t loadFlags =
            mLoadFlags & ~(LOAD_DOCUMENT_URI | LOAD_CALL_CONTENT_SNIFFERS);
        rv = NS_NewChannelInternal(getter_AddRefs(channel),
@ -1011,7 +1033,12 @@ nsJARChannel::ContinueAsyncOpen()
            mListener = nullptr;
            return rv;
        }
-        rv = channel->AsyncOpen(downloader, nullptr);
+        if (mLoadInfo && mLoadInfo->GetEnforceSecurity()) {
            rv = channel->AsyncOpen2(downloader);
        }
        else {
            rv = channel->AsyncOpen(downloader, nullptr);
        }
    } else if (mOpeningRemote) {
        // nothing to do: already asked parent to open file.
    } else {
--- a/netwerk/base/nsBaseChannel.cpp
+++ b/netwerk/base/nsBaseChannel.cpp
@ -20,6 +20,7 @@
 #include "nsAsyncRedirectVerifyHelper.h"
 #include "nsProxyRelease.h"
 #include "nsXULAppAPI.h"
 #include "nsContentSecurityManager.h"
 static PLDHashOperator
 CopyProperties(const nsAString &key, nsIVariant *data, void *closure)
@ -153,7 +154,14 @@ nsBaseChannel::ContinueRedirect()
  // with the redirect.
  if (mOpenRedirectChannel) {
-    nsresult rv = mRedirectChannel->AsyncOpen(mListener, mListenerContext);
+    nsresult rv = NS_OK;
    if (mLoadInfo && mLoadInfo->GetEnforceSecurity()) {
      MOZ_ASSERT(!mListenerContext, "mListenerContext should be null!");
      rv = mRedirectChannel->AsyncOpen2(mListener);
    }
    else {
      rv = mRedirectChannel->AsyncOpen(mListener, mListenerContext);
    }
    NS_ENSURE_SUCCESS(rv, rv);
    // Append the initial uri of the channel to the redirectChain
    // after the channel got openend successfully.
@ -606,6 +614,15 @@ nsBaseChannel::Open(nsIInputStream **result)
  return rv;
 }
 NS_IMETHODIMP
 nsBaseChannel::Open2(nsIInputStream** aStream)
 {
  nsCOMPtr<nsIStreamListener> listener;
  nsresult rv = nsContentSecurityManager::doContentSecurityCheck(this, listener);
  NS_ENSURE_SUCCESS(rv, rv);
  return Open(aStream);
 }
 NS_IMETHODIMP
 nsBaseChannel::AsyncOpen(nsIStreamListener *listener, nsISupports *ctxt)
 {
@ -653,6 +670,15 @@ nsBaseChannel::AsyncOpen(nsIStreamListener *listener, nsISupports *ctxt)
  return NS_OK;
 }
 NS_IMETHODIMP
 nsBaseChannel::AsyncOpen2(nsIStreamListener *aListener)
 {
  nsCOMPtr<nsIStreamListener> listener = aListener;
  nsresult rv = nsContentSecurityManager::doContentSecurityCheck(this, listener);
  NS_ENSURE_SUCCESS(rv, rv);
  return AsyncOpen(listener, nullptr);
 }
 //-----------------------------------------------------------------------------
 // nsBaseChannel::nsITransportEventSink
--- a/netwerk/base/nsIChannel.idl
+++ b/netwerk/base/nsIChannel.idl
@ -29,7 +29,7 @@ interface nsIStreamListener;
 *
 * This interface must be used only from the XPCOM main thread.
 */
-[scriptable, uuid(1bc48693-c45d-45f4-8ab1-46e323037fe1)]
+[scriptable, uuid(cc3bff29-324e-4704-9eeb-1b8a62c4a9dc)]
 interface nsIChannel : nsIRequest
 {
    /**
@ -146,6 +146,11 @@ interface nsIChannel : nsIRequest
     */
    nsIInputStream open();
    /**
     * Performs content security check and calls open()
     */
    nsIInputStream open2();
    /**
     * Asynchronously open this channel.  Data is fed to the specified stream
     * listener as it becomes available.  The stream listener's methods are
@ -179,6 +184,11 @@ interface nsIChannel : nsIRequest
     */
    void asyncOpen(in nsIStreamListener aListener, in nsISupports aContext);
    /**
     * Performs content security check and calls asyncOpen().
     */
    void asyncOpen2(in nsIStreamListener aListener);
    /**************************************************************************
     * Channel specific load flags:
     *
--- a/netwerk/protocol/app/AppProtocolHandler.cpp
+++ b/netwerk/protocol/app/AppProtocolHandler.cpp
@ -14,6 +14,7 @@
 #include "nsILoadInfo.h"
 #include "nsXULAppAPI.h"
 #include "nsPrincipal.h"
 #include "nsContentSecurityManager.h"
 #include "mozilla/dom/ScriptSettings.h"
 #include "mozilla/Preferences.h"
@ -99,6 +100,15 @@ NS_IMETHODIMP DummyChannel::Open(nsIInputStream**)
  return NS_ERROR_NOT_IMPLEMENTED;
 }
 NS_IMETHODIMP
 DummyChannel::Open2(nsIInputStream** aStream)
 {
  nsCOMPtr<nsIStreamListener> listener;
  nsresult rv = nsContentSecurityManager::doContentSecurityCheck(this, listener);
  NS_ENSURE_SUCCESS(rv, rv);
  return Open(aStream);
 }
 NS_IMETHODIMP DummyChannel::AsyncOpen(nsIStreamListener* aListener, nsISupports* aContext)
 {
  mListener = aListener;
@ -116,6 +126,15 @@ NS_IMETHODIMP DummyChannel::AsyncOpen(nsIStreamListener* aListener, nsISupports*
  return NS_OK;
 }
 NS_IMETHODIMP
 DummyChannel::AsyncOpen2(nsIStreamListener* aListener)
 {
  nsCOMPtr<nsIStreamListener> listener = aListener;
  nsresult rv = nsContentSecurityManager::doContentSecurityCheck(this, listener);
  NS_ENSURE_SUCCESS(rv, rv);
  return AsyncOpen(listener, nullptr);
 }
 // nsIJarChannel, needed for XHR to turn NS_ERROR_FILE_NOT_FOUND into
 // a 404 error.
 NS_IMETHODIMP DummyChannel::GetIsUnsafe(bool *aResult)
--- a/netwerk/protocol/http/HttpBaseChannel.cpp
+++ b/netwerk/protocol/http/HttpBaseChannel.cpp
@ -39,6 +39,7 @@
 #include "nsINetworkInterceptController.h"
 #include "mozIThirdPartyUtil.h"
 #include "nsStreamUtils.h"
 #include "nsContentSecurityManager.h"
 #include <algorithm>
@ -510,6 +511,15 @@ HttpBaseChannel::Open(nsIInputStream **aResult)
  return NS_ImplementChannelOpen(this, aResult);
 }
 NS_IMETHODIMP
 HttpBaseChannel::Open2(nsIInputStream** aStream)
 {
  nsCOMPtr<nsIStreamListener> listener;
  nsresult rv = nsContentSecurityManager::doContentSecurityCheck(this, listener);
  NS_ENSURE_SUCCESS(rv, rv);
  return Open(aStream);
 }
 //-----------------------------------------------------------------------------
 // HttpBaseChannel::nsIUploadChannel
 //-----------------------------------------------------------------------------
--- a/netwerk/protocol/http/HttpBaseChannel.h
+++ b/netwerk/protocol/http/HttpBaseChannel.h
@ -118,6 +118,7 @@ public:
  NS_IMETHOD GetContentLength(int64_t *aContentLength) override;
  NS_IMETHOD SetContentLength(int64_t aContentLength) override;
  NS_IMETHOD Open(nsIInputStream **aResult) override;
  NS_IMETHOD Open2(nsIInputStream **aResult) override;
  // nsIEncodedChannel
  NS_IMETHOD GetApplyConversion(bool *value) override;
--- a/netwerk/protocol/http/HttpChannelChild.cpp
+++ b/netwerk/protocol/http/HttpChannelChild.cpp
@ -33,6 +33,7 @@
 #include "InterceptedChannel.h"
 #include "nsPerformance.h"
 #include "mozIThirdPartyUtil.h"
 #include "nsContentSecurityManager.h"
 #ifdef OS_POSIX
 #include "chrome/common/file_descriptor_set_posix.h"
@ -1556,6 +1557,15 @@ HttpChannelChild::AsyncOpen(nsIStreamListener *listener, nsISupports *aContext)
  return ContinueAsyncOpen();
 }
 NS_IMETHODIMP
 HttpChannelChild::AsyncOpen2(nsIStreamListener *aListener)
 {
  nsCOMPtr<nsIStreamListener> listener = aListener;
  nsresult rv = nsContentSecurityManager::doContentSecurityCheck(this, listener);
  NS_ENSURE_SUCCESS(rv, rv);
  return AsyncOpen(listener, nullptr);
 }
 nsresult
 HttpChannelChild::ContinueAsyncOpen()
 {
--- a/netwerk/protocol/http/HttpChannelChild.h
+++ b/netwerk/protocol/http/HttpChannelChild.h
@ -74,6 +74,8 @@ public:
  // nsIChannel
  NS_IMETHOD GetSecurityInfo(nsISupports **aSecurityInfo) override;
  NS_IMETHOD AsyncOpen(nsIStreamListener *listener, nsISupports *aContext) override;
  NS_IMETHOD AsyncOpen2(nsIStreamListener *aListener) override;
  // HttpBaseChannel::nsIHttpChannel
  NS_IMETHOD SetRequestHeader(const nsACString& aHeader,
                              const nsACString& aValue,
--- a/netwerk/protocol/http/NullHttpChannel.cpp
+++ b/netwerk/protocol/http/NullHttpChannel.cpp
@ -4,6 +4,7 @@
 #include "NullHttpChannel.h"
 #include "nsContentUtils.h"
 #include "nsContentSecurityManager.h"
 #include "nsIScriptSecurityManager.h"
 namespace mozilla {
@ -302,12 +303,30 @@ NullHttpChannel::Open(nsIInputStream * *_retval)
  return NS_ERROR_NOT_IMPLEMENTED;
 }
 NS_IMETHODIMP
 NullHttpChannel::Open2(nsIInputStream** aStream)
 {
  nsCOMPtr<nsIStreamListener> listener;
  nsresult rv = nsContentSecurityManager::doContentSecurityCheck(this, listener);
  NS_ENSURE_SUCCESS(rv, rv);
  return Open(aStream);
 }
 NS_IMETHODIMP
 NullHttpChannel::AsyncOpen(nsIStreamListener *aListener, nsISupports *aContext)
 {
  return NS_ERROR_NOT_IMPLEMENTED;
 }
 NS_IMETHODIMP
 NullHttpChannel::AsyncOpen2(nsIStreamListener *aListener)
 {
  nsCOMPtr<nsIStreamListener> listener = aListener;
  nsresult rv = nsContentSecurityManager::doContentSecurityCheck(this, listener);
  NS_ENSURE_SUCCESS(rv, rv);
  return AsyncOpen(listener, nullptr);
 }
 NS_IMETHODIMP
 NullHttpChannel::GetContentDisposition(uint32_t *aContentDisposition)
 {
--- a/netwerk/protocol/http/nsHttpChannel.cpp
+++ b/netwerk/protocol/http/nsHttpChannel.cpp
@ -52,6 +52,7 @@
 #include "nsISSLSocketControl.h"
 #include "sslt.h"
 #include "nsContentUtils.h"
 #include "nsContentSecurityManager.h"
 #include "nsIClassOfService.h"
 #include "nsIPermissionManager.h"
 #include "nsIPrincipal.h"
@ -1961,10 +1962,14 @@ nsHttpChannel::OpenRedirectChannel(nsresult rv)
    }
    // open new channel
-    rv = mRedirectChannel->AsyncOpen(mListener, mListenerContext);
+    if (mLoadInfo && mLoadInfo->GetEnforceSecurity()) {
-    if (NS_FAILED(rv)) {
+        MOZ_ASSERT(!mListenerContext, "mListenerContext should be null!");
-        return rv;
+        rv = mRedirectChannel->AsyncOpen2(mListener);
    }
    else {
        rv = mRedirectChannel->AsyncOpen(mListener, mListenerContext);
    }
    NS_ENSURE_SUCCESS(rv, rv);
    mStatus = NS_BINDING_REDIRECTED;
@ -2024,9 +2029,14 @@ nsHttpChannel::ContinueDoReplaceWithProxy(nsresult rv)
    mRedirectChannel->SetOriginalURI(mOriginalURI);
    // open new channel
-    rv = mRedirectChannel->AsyncOpen(mListener, mListenerContext);
+    if (mLoadInfo && mLoadInfo->GetEnforceSecurity()) {
-    if (NS_FAILED(rv))
+        MOZ_ASSERT(!mListenerContext, "mListenerContext should be null!");
-        return rv;
+        rv = mRedirectChannel->AsyncOpen2(mListener);
    }
    else {
        rv = mRedirectChannel->AsyncOpen(mListener, mListenerContext);
    }
    NS_ENSURE_SUCCESS(rv, rv);
    mStatus = NS_BINDING_REDIRECTED;
@ -2685,9 +2695,14 @@ nsHttpChannel::ContinueProcessFallback(nsresult rv)
    // Make sure to do this _after_ calling OnChannelRedirect
    mRedirectChannel->SetOriginalURI(mOriginalURI);
-    rv = mRedirectChannel->AsyncOpen(mListener, mListenerContext);
+    if (mLoadInfo && mLoadInfo->GetEnforceSecurity()) {
-    if (NS_FAILED(rv))
+        MOZ_ASSERT(!mListenerContext, "mListenerContext should be null!");
-        return rv;
+        rv = mRedirectChannel->AsyncOpen2(mListener);
    }
    else {
        rv = mRedirectChannel->AsyncOpen(mListener, mListenerContext);
    }
    NS_ENSURE_SUCCESS(rv, rv);
    if (mLoadFlags & LOAD_INITIAL_DOCUMENT_URI) {
        Telemetry::Accumulate(Telemetry::HTTP_OFFLINE_CACHE_DOCUMENT_LOAD,
@ -4633,10 +4648,14 @@ nsHttpChannel::ContinueProcessRedirection(nsresult rv)
    // should really be handled by the event sink implementation.
    // begin loading the new channel
-    rv = mRedirectChannel->AsyncOpen(mListener, mListenerContext);
+    if (mLoadInfo && mLoadInfo->GetEnforceSecurity()) {
-
+        MOZ_ASSERT(!mListenerContext, "mListenerContext should be null!");
-    if (NS_FAILED(rv))
+        rv = mRedirectChannel->AsyncOpen2(mListener);
-        return rv;
+    }
    else {
        rv = mRedirectChannel->AsyncOpen(mListener, mListenerContext);
    }
    NS_ENSURE_SUCCESS(rv, rv);
    // close down this channel
    Cancel(NS_BINDING_REDIRECTED);
@ -4913,6 +4932,15 @@ nsHttpChannel::AsyncOpen(nsIStreamListener *listener, nsISupports *context)
    return rv;
 }
 NS_IMETHODIMP
 nsHttpChannel::AsyncOpen2(nsIStreamListener *aListener)
 {
  nsCOMPtr<nsIStreamListener> listener = aListener;
  nsresult rv = nsContentSecurityManager::doContentSecurityCheck(this, listener);
  NS_ENSURE_SUCCESS(rv, rv);
  return AsyncOpen(listener, nullptr);
 }
 // BeginConnect() will not call AsyncAbort() on an error and if AsyncAbort needs
 // to be called the function calling BeginConnect will need to call AsyncAbort.
 // If BeginConnect is called from AsyncOpen, AsyncnAbort doesn't need to be
--- a/netwerk/protocol/http/nsHttpChannel.h
+++ b/netwerk/protocol/http/nsHttpChannel.h
@ -126,6 +126,7 @@ public:
    // nsIChannel
    NS_IMETHOD GetSecurityInfo(nsISupports **aSecurityInfo) override;
    NS_IMETHOD AsyncOpen(nsIStreamListener *listener, nsISupports *aContext) override;
    NS_IMETHOD AsyncOpen2(nsIStreamListener *aListener) override;
    // nsIHttpChannelInternal
    NS_IMETHOD SetupFallbackChannel(const char *aFallbackKey) override;
    // nsISupportsPriority
--- a/netwerk/protocol/rtsp/RtspChannelChild.cpp
+++ b/netwerk/protocol/rtsp/RtspChannelChild.cpp
@ -4,6 +4,7 @@
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 #include "nsContentSecurityManager.h"
 #include "RtspChannelChild.h"
 #include "mozilla/ipc/URIUtils.h"
 #include "nsServiceManagerUtils.h"
@ -135,6 +136,15 @@ RtspChannelChild::AsyncOpen(nsIStreamListener *aListener, nsISupports *aContext)
  return NS_OK;
 }
 NS_IMETHODIMP
 RtspChannelChild::AsyncOpen2(nsIStreamListener *aListener)
 {
  nsCOMPtr<nsIStreamListener> listener = aListener;
  nsresult rv = nsContentSecurityManager::doContentSecurityCheck(this, listener);
  NS_ENSURE_SUCCESS(rv, rv);
  return AsyncOpen(listener, nullptr);
 }
 //-----------------------------------------------------------------------------
 // nsBaseChannel::nsIStreamListener::nsIRequestObserver
 //-----------------------------------------------------------------------------
--- a/netwerk/protocol/rtsp/RtspChannelChild.h
+++ b/netwerk/protocol/rtsp/RtspChannelChild.h
@ -42,6 +42,7 @@ public:
  NS_IMETHOD GetContentType(nsACString & aContentType) override final;
  NS_IMETHOD AsyncOpen(nsIStreamListener *listener, nsISupports *aContext)
                       override final;
  NS_IMETHOD AsyncOpen2(nsIStreamListener *listener) override final;
  // nsBaseChannel::nsIStreamListener::nsIRequestObserver
  NS_IMETHOD OnStartRequest(nsIRequest *aRequest, nsISupports *aContext)
--- a/netwerk/protocol/rtsp/RtspChannelParent.cpp
+++ b/netwerk/protocol/rtsp/RtspChannelParent.cpp
@ -5,6 +5,7 @@
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 #include "RtspChannelParent.h"
 #include "nsContentSecurityManager.h"
 using namespace mozilla::ipc;
@ -72,6 +73,12 @@ RtspChannelParent::AsyncOpen(nsIStreamListener *aListener, nsISupports *aContext
  return NS_OK;
 }
 NS_IMETHODIMP
 RtspChannelParent::AsyncOpen2(nsIStreamListener *aListener)
 {
  return NS_OK;
 }
 //-----------------------------------------------------------------------------
 // nsBaseChannel::nsIStreamListener::nsIRequestObserver
 //-----------------------------------------------------------------------------
--- a/netwerk/protocol/rtsp/RtspChannelParent.h
+++ b/netwerk/protocol/rtsp/RtspChannelParent.h
@ -39,6 +39,7 @@ public:
  NS_IMETHOD GetContentType(nsACString & aContentType) override final;
  NS_IMETHOD AsyncOpen(nsIStreamListener *listener,
                       nsISupports *aContext) override final;
  NS_IMETHOD AsyncOpen2(nsIStreamListener *listener) override final;
  // nsBaseChannel::nsIStreamListener::nsIRequestObserver
  NS_IMETHOD OnStartRequest(nsIRequest *aRequest,
--- a/netwerk/protocol/viewsource/nsViewSourceChannel.cpp
+++ b/netwerk/protocol/viewsource/nsViewSourceChannel.cpp
@ -10,6 +10,7 @@
 #include "nsNetUtil.h"
 #include "nsContentUtils.h"
 #include "nsIHttpHeaderVisitor.h"
 #include "nsContentSecurityManager.h"
 #include "nsNullPrincipal.h"
 #include "nsServiceManagerUtils.h"
@ -224,14 +225,36 @@ nsViewSourceChannel::Open(nsIInputStream **_retval)
 {
    NS_ENSURE_TRUE(mChannel, NS_ERROR_FAILURE);
-    nsresult rv = mChannel->Open(_retval);
+    nsresult rv = NS_OK;
    nsCOMPtr<nsILoadInfo> loadInfo = mChannel->GetLoadInfo();
    if (loadInfo && loadInfo->GetEnforceSecurity()) {
        mChannel->Open2(_retval);
    }
    else {
        mChannel->Open(_retval);
    }
    if (NS_SUCCEEDED(rv)) {
        mOpened = true;
    }
    return rv;
 }
 NS_IMETHODIMP
 nsViewSourceChannel::Open2(nsIInputStream** aStream)
 {
    NS_ENSURE_TRUE(mChannel, NS_ERROR_FAILURE);
    nsCOMPtr<nsILoadInfo> loadInfo = mChannel->GetLoadInfo();
    if(!loadInfo) {
        MOZ_ASSERT(loadInfo, "can not enforce security without loadInfo");
        return NS_ERROR_UNEXPECTED;
    }
    // setting the flag on the loadInfo indicates that the underlying
    // channel will be openend using Open2() and hence performs
    // the necessary security checks.
    loadInfo->SetEnforceSecurity(true);
    return Open(aStream);
 }
 NS_IMETHODIMP
 nsViewSourceChannel::AsyncOpen(nsIStreamListener *aListener, nsISupports *ctxt)
 {
@ -251,7 +274,14 @@ nsViewSourceChannel::AsyncOpen(nsIStreamListener *aListener, nsISupports *ctxt)
        loadGroup->AddRequest(static_cast<nsIViewSourceChannel*>
                                         (this), nullptr);
-    nsresult rv = mChannel->AsyncOpen(this, ctxt);
+    nsresult rv = NS_OK;
    nsCOMPtr<nsILoadInfo> loadInfo = mChannel->GetLoadInfo();
    if (loadInfo && loadInfo->GetEnforceSecurity()) {
        rv = mChannel->AsyncOpen2(this);
    }
    else {
        rv = mChannel->AsyncOpen(this, ctxt);
    }
    if (NS_FAILED(rv) && loadGroup)
        loadGroup->RemoveRequest(static_cast<nsIViewSourceChannel*>
@ -265,6 +295,20 @@ nsViewSourceChannel::AsyncOpen(nsIStreamListener *aListener, nsISupports *ctxt)
    return rv;
 }
 NS_IMETHODIMP
 nsViewSourceChannel::AsyncOpen2(nsIStreamListener *aListener)
 {
  nsCOMPtr<nsILoadInfo> loadInfo = mChannel->GetLoadInfo();
  if(!loadInfo) {
    MOZ_ASSERT(loadInfo, "can not enforce security without loadInfo");
    return NS_ERROR_UNEXPECTED;
  }
  // setting the flag on the loadInfo indicates that the underlying
  // channel will be openend using AsyncOpen2() and hence performs
  // the necessary security checks.
  loadInfo->SetEnforceSecurity(true);
  return AsyncOpen(aListener, nullptr);
 }
 /*
 * Both the view source channel and mChannel are added to the
 * loadgroup.  There should never be more than one request in the
--- a/netwerk/protocol/wyciwyg/WyciwygChannelChild.cpp
+++ b/netwerk/protocol/wyciwyg/WyciwygChannelChild.cpp
@ -21,6 +21,7 @@
 #include "SerializedLoadContext.h"
 #include "mozilla/ipc/BackgroundUtils.h"
 #include "nsProxyRelease.h"
 #include "nsContentSecurityManager.h"
 using namespace mozilla::ipc;
 using namespace mozilla::dom;
@ -622,6 +623,15 @@ WyciwygChannelChild::Open(nsIInputStream **_retval)
  return NS_ERROR_NOT_IMPLEMENTED;
 }
 NS_IMETHODIMP
 WyciwygChannelChild::Open2(nsIInputStream** aStream)
 {
  nsCOMPtr<nsIStreamListener> listener;
  nsresult rv = nsContentSecurityManager::doContentSecurityCheck(this, listener);
  NS_ENSURE_SUCCESS(rv, rv);
  return Open(aStream);
 }
 static mozilla::dom::TabChild*
 GetTabChild(nsIChannel* aChannel)
 {
@ -672,6 +682,15 @@ WyciwygChannelChild::AsyncOpen(nsIStreamListener *aListener, nsISupports *aConte
  return NS_OK;
 }
 NS_IMETHODIMP
 WyciwygChannelChild::AsyncOpen2(nsIStreamListener *aListener)
 {
  nsCOMPtr<nsIStreamListener> listener = aListener;
  nsresult rv = nsContentSecurityManager::doContentSecurityCheck(this, listener);
  NS_ENSURE_SUCCESS(rv, rv);
  return AsyncOpen(listener, nullptr);
 }
 //-----------------------------------------------------------------------------
 // nsIWyciwygChannel
 //-----------------------------------------------------------------------------
--- a/netwerk/protocol/wyciwyg/nsWyciwygChannel.cpp
+++ b/netwerk/protocol/wyciwyg/nsWyciwygChannel.cpp
@ -27,6 +27,7 @@
 #include "mozilla/DebugOnly.h"
 #include "mozilla/unused.h"
 #include "nsProxyRelease.h"
 #include "nsContentSecurityManager.h"
 typedef mozilla::net::LoadContextInfo LoadContextInfo;
@ -418,6 +419,15 @@ nsWyciwygChannel::Open(nsIInputStream ** aReturn)
  return NS_ERROR_NOT_IMPLEMENTED;
 }
 NS_IMETHODIMP
 nsWyciwygChannel::Open2(nsIInputStream** aStream)
 {
  nsCOMPtr<nsIStreamListener> listener;
  nsresult rv = nsContentSecurityManager::doContentSecurityCheck(this, listener);
  NS_ENSURE_SUCCESS(rv, rv);
  return Open(aStream);
 }
 NS_IMETHODIMP
 nsWyciwygChannel::AsyncOpen(nsIStreamListener *listener, nsISupports *ctx)
 {
@ -454,6 +464,15 @@ nsWyciwygChannel::AsyncOpen(nsIStreamListener *listener, nsISupports *ctx)
  return NS_OK;
 }
 NS_IMETHODIMP
 nsWyciwygChannel::AsyncOpen2(nsIStreamListener *aListener)
 {
  nsCOMPtr<nsIStreamListener> listener = aListener;
  nsresult rv = nsContentSecurityManager::doContentSecurityCheck(this, listener);
  NS_ENSURE_SUCCESS(rv, rv);
  return AsyncOpen(listener, nullptr);
 }
 //////////////////////////////////////////////////////////////////////////////
 // nsIWyciwygChannel
 //////////////////////////////////////////////////////////////////////////////
--- a/netwerk/streamconv/converters/nsMultiMixedConv.cpp
+++ b/netwerk/streamconv/converters/nsMultiMixedConv.cpp
@ -15,6 +15,7 @@
 #include "nsIStreamConverterService.h"
 #include "nsIPackagedAppService.h"
 #include <algorithm>
 #include "nsContentSecurityManager.h"
 #include "nsHttp.h"
 //
@ -204,6 +205,15 @@ nsPartChannel::Open(nsIInputStream **result)
    return NS_ERROR_FAILURE;
 }
 NS_IMETHODIMP
 nsPartChannel::Open2(nsIInputStream** aStream)
 {
    nsCOMPtr<nsIStreamListener> listener;
    nsresult rv = nsContentSecurityManager::doContentSecurityCheck(this, listener);
    NS_ENSURE_SUCCESS(rv, rv);
    return Open(aStream);
 }
 NS_IMETHODIMP
 nsPartChannel::AsyncOpen(nsIStreamListener *aListener, nsISupports *aContext)
 {
@ -211,6 +221,15 @@ nsPartChannel::AsyncOpen(nsIStreamListener *aListener, nsISupports *aContext)
    return NS_ERROR_FAILURE;
 }
 NS_IMETHODIMP
 nsPartChannel::AsyncOpen2(nsIStreamListener *aListener)
 {
  nsCOMPtr<nsIStreamListener> listener = aListener;
  nsresult rv = nsContentSecurityManager::doContentSecurityCheck(this, listener);
  NS_ENSURE_SUCCESS(rv, rv);
  return AsyncOpen(listener, nullptr);
 }
 NS_IMETHODIMP
 nsPartChannel::GetLoadFlags(nsLoadFlags *aLoadFlags)
 {
--- a/uriloader/exthandler/ExternalHelperAppParent.cpp
+++ b/uriloader/exthandler/ExternalHelperAppParent.cpp
@ -274,6 +274,12 @@ ExternalHelperAppParent::Open(nsIInputStream **aResult)
  return NS_ERROR_NOT_IMPLEMENTED;
 }
 NS_IMETHODIMP
 ExternalHelperAppParent::Open2(nsIInputStream** aStream)
 {
  return NS_ERROR_NOT_IMPLEMENTED;
 }
 NS_IMETHODIMP
 ExternalHelperAppParent::AsyncOpen(nsIStreamListener *aListener,
                                   nsISupports *aContext)
@ -281,6 +287,12 @@ ExternalHelperAppParent::AsyncOpen(nsIStreamListener *aListener,
  return NS_ERROR_NOT_IMPLEMENTED;
 }
 NS_IMETHODIMP
 ExternalHelperAppParent::AsyncOpen2(nsIStreamListener *aListener)
 {
  return NS_ERROR_NOT_IMPLEMENTED;
 }
 NS_IMETHODIMP
 ExternalHelperAppParent::GetLoadFlags(nsLoadFlags *aLoadFlags)
--- a/uriloader/exthandler/nsExternalProtocolHandler.cpp
+++ b/uriloader/exthandler/nsExternalProtocolHandler.cpp
@ -19,6 +19,7 @@
 #include "nsIPrefService.h"
 #include "nsIPrompt.h"
 #include "nsNetUtil.h"
 #include "nsContentSecurityManager.h"
 #include "nsExternalHelperAppService.h"
 // used to dispatch urls to default protocol handlers
@ -175,6 +176,14 @@ NS_IMETHODIMP nsExtProtocolChannel::Open(nsIInputStream **_retval)
  return OpenURL();
 }
 NS_IMETHODIMP nsExtProtocolChannel::Open2(nsIInputStream** aStream)
 {
  nsCOMPtr<nsIStreamListener> listener;
  nsresult rv = nsContentSecurityManager::doContentSecurityCheck(this, listener);
  NS_ENSURE_SUCCESS(rv, rv);
  return Open(aStream);
 }
 NS_IMETHODIMP nsExtProtocolChannel::AsyncOpen(nsIStreamListener *listener, nsISupports *ctxt)
 {
  NS_ENSURE_ARG_POINTER(listener);
@ -185,6 +194,14 @@ NS_IMETHODIMP nsExtProtocolChannel::AsyncOpen(nsIStreamListener *listener, nsISu
  return OpenURL();
 }
 NS_IMETHODIMP nsExtProtocolChannel::AsyncOpen2(nsIStreamListener *aListener)
 {
  nsCOMPtr<nsIStreamListener> listener = aListener;
  nsresult rv = nsContentSecurityManager::doContentSecurityCheck(this, listener);
  NS_ENSURE_SUCCESS(rv, rv);
  return AsyncOpen(listener, nullptr);
 }
 NS_IMETHODIMP nsExtProtocolChannel::GetLoadFlags(nsLoadFlags *aLoadFlags)
 {
  *aLoadFlags = mLoadFlags;