Bug 392322 - "XMLHttpRequest crashes on local file retrieval [@ nsCrossSiteListenerProxy::OnStartRequest]". r+sr=sicking, a=blocking1.9+.

content/base/public/nsIXMLHttpRequest.idl

@@ -37,10 +37,13 @@
 
 #include "nsISupports.idl"
 
+interface nsIChannel;
 interface nsIDOMDocument;
 interface nsIDOMEventListener;
-interface nsIChannel;
+interface nsIPrincipal;
+interface nsIScriptContext;
 interface nsIVariant;
+interface nsPIDOMWindow;
 
 /**
  * Mozilla's XMLHttpRequest is modelled after Microsoft's IXMLHttpRequest
@@ -297,6 +300,20 @@ interface nsIXMLHttpRequest : nsISupports
    * will be called as each part of the response is received.
    */
   attribute boolean multipart;
+
+  /**
+   * Initialize the object for use from C++ code with the principal, script
+   * context, and owner window that should be used.
+   *
+   * @param principal The principal to use for the request. This must not be
+   *                  null.
+   * @param scriptContext The script context to use for the request. May be
+   *                      null.
+   * @param ownerWindow The associated window for the request. May be null.
+   */
+  [noscript] void init(in nsIPrincipal principal,
+                       in nsIScriptContext scriptContext,
+                       in nsPIDOMWindow ownerWindow);
 };
 
 [scriptable, uuid(261676b4-d508-43bf-b099-74635a0ee2e9)]

content/base/src/nsXMLHttpRequest.cpp

@@ -579,6 +579,9 @@ nsXMLHttpRequest::~nsXMLHttpRequest()
   nsLayoutStatics::Release();
 }
 
+/**
+ * This Init method is called from the factory constructor.
+ */
 nsresult
 nsXMLHttpRequest::Init()
 {
@@ -618,7 +621,35 @@ nsXMLHttpRequest::Init()
 
   return NS_OK;
 }
+/**
+ * This Init method should only be called by C++ consumers.
+ */
+NS_IMETHODIMP
+nsXMLHttpRequest::Init(nsIPrincipal* aPrincipal,
+                       nsIScriptContext* aScriptContext,
+                       nsPIDOMWindow* aOwnerWindow)
+{
+  NS_ENSURE_ARG_POINTER(aPrincipal);
 
+  // This object may have already been initialized in the other Init call above
+  // if JS was on the stack. Clear the old values for mScriptContext and mOwner
+  // if new ones are not supplied here.
+
+  mPrincipal = aPrincipal;
+  mScriptContext = aScriptContext;
+  if (aOwnerWindow) {
+    mOwner = aOwnerWindow->GetCurrentInnerWindow();
+  }
+  else {
+    mOwner = nsnull;
+  }
+
+  return NS_OK;
+}
+
+/**
+ * This Initialize method is called from XPConnect via nsIJSNativeInitializer.
+ */
 NS_IMETHODIMP
 nsXMLHttpRequest::Initialize(nsISupports* aOwner, JSContext* cx, JSObject* obj,
                              PRUint32 argc, jsval *argv)
@@ -1363,19 +1394,26 @@ nsXMLHttpRequest::GetCurrentHttpChannel()
   return httpChannel;
 }
 
+inline PRBool
+IsSystemPrincipal(nsIPrincipal* aPrincipal)
+{
+  PRBool isSystem = PR_FALSE;
+  nsContentUtils::GetSecurityManager()->IsSystemPrincipal(aPrincipal,
+                                                          &isSystem);
+  return isSystem;
+}
+
 static PRBool
 IsSameOrigin(nsIPrincipal* aPrincipal, nsIChannel* aChannel)
 {
-  if (!aPrincipal) {
-    // XXX Until we got our principal story straight we have to do this to
-    // support C++ callers.
-    return PR_TRUE;
-  }
+  NS_ASSERTION(!IsSystemPrincipal(aPrincipal), "Shouldn't get here!");
 
   nsCOMPtr<nsIURI> codebase;
   nsresult rv = aPrincipal->GetURI(getter_AddRefs(codebase));
   NS_ENSURE_SUCCESS(rv, PR_FALSE);
 
+  NS_ASSERTION(codebase, "Must have a URI on aPrincipal!");
+
   nsCOMPtr<nsIURI> channelURI;
   rv = aChannel->GetURI(getter_AddRefs(channelURI));
   NS_ENSURE_SUCCESS(rv, PR_FALSE);
@@ -1434,6 +1472,8 @@ nsXMLHttpRequest::OpenRequest(const nsACString& method,
   NS_ENSURE_ARG(!method.IsEmpty());
   NS_ENSURE_ARG(!url.IsEmpty());
 
+  NS_ENSURE_TRUE(mPrincipal, NS_ERROR_NOT_INITIALIZED);
+
   // Disallow HTTP/1.1 TRACE method (see bug 302489)
   // and MS IIS equivalent TRACK (see bug 381264)
   if (method.LowerCaseEqualsLiteral("trace") ||
@@ -1534,13 +1574,15 @@ nsXMLHttpRequest::OpenRequest(const nsACString& method,
   if (NS_FAILED(rv)) return rv;
 
   // Check if we're doing a cross-origin request.
-  if (!(mState & XML_HTTP_REQUEST_XSITEENABLED) &&
-      !IsSameOrigin(mPrincipal, mChannel)) {
+  if (IsSystemPrincipal(mPrincipal)) {
+    // Chrome callers are always allowed to read from different origins.
+    mState |= XML_HTTP_REQUEST_XSITEENABLED;
+  }
+  else if (!(mState & XML_HTTP_REQUEST_XSITEENABLED) &&
+           !IsSameOrigin(mPrincipal, mChannel)) {
     mState |= XML_HTTP_REQUEST_USE_XSITE_AC;
   }
 
-  //mChannel->SetAuthTriedWithPrehost(authp);
-
   nsCOMPtr<nsIHttpChannel> httpChannel(do_QueryInterface(mChannel));
   if (httpChannel) {
     rv = httpChannel->SetRequestMethod(method);
@@ -2062,6 +2104,8 @@ nsXMLHttpRequest::SendAsBinary(const nsAString &aBody)
 NS_IMETHODIMP
 nsXMLHttpRequest::Send(nsIVariant *aBody)
 {
+  NS_ENSURE_TRUE(mPrincipal, NS_ERROR_NOT_INITIALIZED);
+
   nsresult rv = CheckInnerWindowCorrectness();
   NS_ENSURE_SUCCESS(rv, rv);
 
@@ -2087,12 +2131,10 @@ nsXMLHttpRequest::Send(nsIVariant *aBody)
   if (httpChannel) {
     httpChannel->GetRequestMethod(method); // If GET, method name will be uppercase
 
-    if (mPrincipal) {
-      nsCOMPtr<nsIURI> codebase;
-      mPrincipal->GetURI(getter_AddRefs(codebase));
+    nsCOMPtr<nsIURI> codebase;
+    mPrincipal->GetURI(getter_AddRefs(codebase));
 
-      httpChannel->SetReferrer(codebase);
-    }
+    httpChannel->SetReferrer(codebase);
   }
 
   if (aBody && httpChannel && !method.EqualsLiteral("GET")) {

content/base/test/Makefile.in

@@ -42,6 +42,26 @@ VPATH		= @srcdir@
 relativesrcdir  = content/base/test
 
 include $(DEPTH)/config/autoconf.mk
+
+CPP_UNIT_TESTS = TestNativeXMLHttpRequest.cpp
+
+LOCAL_INCLUDES += -I$(topsrcdir)/xpcom/tests
+
+REQUIRES += \
+  caps \
+  content \
+  dom \
+  js \
+  netwerk \
+  string \
+  xpcom \
+  xpconnect \
+  $(NULL)
+
+CPPSRCS += $(CPP_UNIT_TESTS)
+SIMPLE_PROGRAMS += $(CPP_UNIT_TESTS:.cpp=$(BIN_SUFFIX))
+LIBS += $(XPCOM_GLUE_LDOPTS) $(NSPR_LIBS)
+
 include $(topsrcdir)/config/rules.mk
 
 _TEST_FILES = 	test_bug5141.html \
@@ -147,3 +167,9 @@ _TEST_FILES = 	test_bug5141.html \
 
 libs:: $(_TEST_FILES)
 	$(INSTALL) $(foreach f,$^,"$f") $(DEPTH)/_tests/testing/mochitest/tests/$(relativesrcdir)
+
+check::
+	@$(EXIT_ON_ERROR) \
+	for f in $(subst .cpp,,$(CPP_UNIT_TESTS)); do \
+	  XPCOM_DEBUG_BREAK=stack-and-abort $(RUN_TEST_PROGRAM) $(DIST)/bin/$$f; \
+	done

content/base/test/TestNativeXMLHttpRequest.cpp

@@ -0,0 +1,143 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is Mozilla XMLHttpRequest Tests.
+ *
+ * The Initial Developer of the Original Code is
+ * Ben Turner <bent.mozilla@gmail.com>.
+ * Portions created by the Initial Developer are Copyright (C) 2008
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#include "TestHarness.h"
+
+#include "nsIDOMDocument.h"
+#include "nsIPrincipal.h"
+#include "nsIScriptSecurityManager.h"
+#include "nsIXMLHttpRequest.h"
+
+#include "nsServiceManagerUtils.h"
+#include "nsStringGlue.h"
+
+#define REPORT_ERROR(_msg)                  \
+  printf("FAIL " _msg "\n")
+
+#define TEST_FAIL(_msg)                     \
+  PR_BEGIN_MACRO                            \
+    REPORT_ERROR(_msg);                     \
+    return NS_ERROR_FAILURE;                \
+  PR_END_MACRO
+
+#define TEST_ENSURE_BASE(_test, _msg)       \
+  PR_BEGIN_MACRO                            \
+    if (_test) {                            \
+      TEST_FAIL(_msg);                      \
+    }                                       \
+  PR_END_MACRO
+
+#define TEST_ENSURE_SUCCESS(_rv, _msg)      \
+  TEST_ENSURE_BASE(NS_FAILED(_rv), _msg)
+
+#define TEST_ENSURE_FAILED(_rv, _msg)       \
+  TEST_ENSURE_BASE(NS_SUCCEEDED(_rv), _msg)
+
+#define TEST_URL_PREFIX                     \
+  "data:text/xml,"
+#define TEST_URL_CONTENT                    \
+  "<foo><bar></bar></foo>"
+
+#define TEST_URL                            \
+  TEST_URL_PREFIX TEST_URL_CONTENT
+
+nsresult TestNativeXMLHttpRequest()
+{
+  nsresult rv;
+
+  nsCOMPtr<nsIXMLHttpRequest> xhr =
+    do_CreateInstance(NS_XMLHTTPREQUEST_CONTRACTID, &rv);
+  TEST_ENSURE_SUCCESS(rv, "Couldn't create nsIXMLHttpRequest instance!");
+
+  NS_NAMED_LITERAL_CSTRING(getString, "GET");
+  NS_NAMED_LITERAL_CSTRING(testURL, TEST_URL);
+  const nsAString& empty = EmptyString();
+  
+  printf("*** About to see an expected warning about mPrincipal:\n");
+  rv = xhr->OpenRequest(getString, testURL, PR_FALSE, empty, empty);
+  printf("*** End of expected warning output.\n");
+  TEST_ENSURE_FAILED(rv, "OpenRequest should have failed!");
+
+  nsCOMPtr<nsIScriptSecurityManager> secman =
+    do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
+  TEST_ENSURE_SUCCESS(rv, "Couldn't get script security manager!");
+
+  nsCOMPtr<nsIPrincipal> systemPrincipal;
+  rv = secman->GetSystemPrincipal(getter_AddRefs(systemPrincipal));
+  TEST_ENSURE_SUCCESS(rv, "Couldn't get system principal!");
+
+  rv = xhr->Init(systemPrincipal, nsnull, nsnull);
+  TEST_ENSURE_SUCCESS(rv, "Couldn't initialize the XHR!");
+
+  rv = xhr->OpenRequest(getString, testURL, PR_FALSE, empty, empty);
+  TEST_ENSURE_SUCCESS(rv, "OpenRequest failed!");
+
+  rv = xhr->Send(nsnull);
+  TEST_ENSURE_SUCCESS(rv, "Send failed!");
+
+  nsAutoString response;
+  rv = xhr->GetResponseText(response);
+  TEST_ENSURE_SUCCESS(rv, "GetResponse failed!");
+
+  if (!response.EqualsLiteral(TEST_URL_CONTENT)) {
+    TEST_FAIL("Response text does not match!");
+  }
+
+  nsCOMPtr<nsIDOMDocument> dom;
+  rv = xhr->GetResponseXML(getter_AddRefs(dom));
+  TEST_ENSURE_SUCCESS(rv, "GetResponseXML failed!");
+
+  if (!dom) {
+    TEST_FAIL("No DOM document constructed!");
+  }
+
+  printf("Native XMLHttpRequest PASSED!\n");
+  return NS_OK;
+}
+
+int main(int argc, char** argv)
+{
+  ScopedXPCOM xpcom("XMLHttpRequest");
+  if (xpcom.failed())
+    return 1;
+
+  int retval = 0;
+  if (NS_FAILED(TestNativeXMLHttpRequest())) {
+    retval = 1;
+  }
+
+  return retval;
+}