mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 1188637 - Use channel->ascynOpen2 in dom/base/EventSource.cpp (r=sicking)

This commit is contained in:
Christoph Kerschbaumer 2015-08-04 20:06:19 -07:00
Родитель e5e3756c82
Коммит 5dfe6ac07d
3 изменённых файлов: 36 добавлений и 77 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

100
dom/base/EventSource.cpp
Просмотреть файл

@ -552,9 +552,14 @@ EventSource::AsyncOnChannelRedirect(nsIChannel *aOldChannel,
rv = NS_GetFinalChannelURI(aNewChannel, getter_AddRefs(newURI));
NS_ENSURE_SUCCESS(rv, rv);
if (!CheckCanRequestSrc(newURI)) {
DispatchFailConnection();
return NS_ERROR_DOM_SECURITY_ERR;
bool isValidScheme =
(NS_SUCCEEDED(newURI->SchemeIs("http", &isValidScheme)) && isValidScheme) ||
(NS_SUCCEEDED(newURI->SchemeIs("https", &isValidScheme)) && isValidScheme);
rv = CheckInnerWindowCorrectness();
if (NS_FAILED(rv) || !isValidScheme) {
DispatchFailConnection();
return NS_ERROR_DOM_SECURITY_ERR;
}
// Prepare to receive callback
@ -745,9 +750,12 @@ EventSource::InitChannelAndRequestEventSource()
return NS_ERROR_ABORT;
}
// eventsource validation
bool isValidScheme =
(NS_SUCCEEDED(mSrc->SchemeIs("http", &isValidScheme)) && isValidScheme) ||
(NS_SUCCEEDED(mSrc->SchemeIs("https", &isValidScheme)) && isValidScheme);
if (!CheckCanRequestSrc()) {
nsresult rv = CheckInnerWindowCorrectness();
if (NS_FAILED(rv) || !isValidScheme) {
DispatchFailConnection();
return NS_ERROR_DOM_SECURITY_ERR;
}
@ -755,18 +763,24 @@ EventSource::InitChannelAndRequestEventSource()
nsLoadFlags loadFlags;
loadFlags = nsIRequest::LOAD_BACKGROUND | nsIRequest::LOAD_BYPASS_CACHE;
nsresult rv;
nsIScriptContext* sc = GetContextForEventHandlers(&rv);
nsCOMPtr<nsIDocument> doc =
nsContentUtils::GetDocumentFromScriptContext(sc);
nsSecurityFlags securityFlags =
nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS;
if (mWithCredentials) {
securityFlags |= nsILoadInfo::SEC_REQUIRE_CORS_WITH_CREDENTIALS;
}
nsCOMPtr<nsIChannel> channel;
// If we have the document, use it
if (doc) {
rv = NS_NewChannel(getter_AddRefs(channel),
mSrc,
doc,
nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL,
securityFlags,
nsIContentPolicy::TYPE_DATAREQUEST,
mLoadGroup, // loadGroup
nullptr, // aCallbacks
@ -776,7 +790,7 @@ EventSource::InitChannelAndRequestEventSource()
rv = NS_NewChannel(getter_AddRefs(channel),
mSrc,
mPrincipal,
nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL,
securityFlags,
nsIContentPolicy::TYPE_DATAREQUEST,
mLoadGroup, // loadGroup
nullptr, // aCallbacks
@ -798,16 +812,13 @@ EventSource::InitChannelAndRequestEventSource()
mHttpChannel->SetNotificationCallbacks(this);
}
nsRefPtr<nsCORSListenerProxy> listener =
new nsCORSListenerProxy(this, mPrincipal, mWithCredentials);
rv = listener->Init(mHttpChannel, DataURIHandling::Allow);
NS_ENSURE_SUCCESS(rv, rv);
// Start reading from the channel
rv = mHttpChannel->AsyncOpen(listener, nullptr);
if (NS_SUCCEEDED(rv)) {
mWaitingForOnStopRequest = true;
rv = mHttpChannel->AsyncOpen2(this);
if (NS_FAILED(rv)) {
DispatchFailConnection();
return rv;
}
mWaitingForOnStopRequest = true;
return rv;
}
@ -1078,63 +1089,6 @@ EventSource::FailConnection()
}
}
bool
EventSource::CheckCanRequestSrc(nsIURI* aSrc)
{
if (mReadyState == CLOSED) {
return false;
}
bool isValidURI = false;
bool isValidContentLoadPolicy = false;
bool isValidProtocol = false;
nsCOMPtr<nsIURI> srcToTest = aSrc ? aSrc : mSrc.get();
NS_ENSURE_TRUE(srcToTest, false);
uint32_t aCheckURIFlags =
nsIScriptSecurityManager::DISALLOW_INHERIT_PRINCIPAL |
nsIScriptSecurityManager::DISALLOW_SCRIPT;
nsresult rv = nsContentUtils::GetSecurityManager()->
CheckLoadURIWithPrincipal(mPrincipal,
srcToTest,
aCheckURIFlags);
isValidURI = NS_SUCCEEDED(rv);
// After the security manager, the content-policy check
nsIScriptContext* sc = GetContextForEventHandlers(&rv);
nsCOMPtr<nsIDocument> doc =
nsContentUtils::GetDocumentFromScriptContext(sc);
// mScriptContext should be initialized because of GetBaseURI() above.
// Still need to consider the case that doc is nullptr however.
rv = CheckInnerWindowCorrectness();
NS_ENSURE_SUCCESS(rv, false);
int16_t shouldLoad = nsIContentPolicy::ACCEPT;
rv = NS_CheckContentLoadPolicy(nsIContentPolicy::TYPE_DATAREQUEST,
srcToTest,
mPrincipal,
doc,
NS_LITERAL_CSTRING(TEXT_EVENT_STREAM),
nullptr, // extra
&shouldLoad,
nsContentUtils::GetContentPolicy(),
nsContentUtils::GetSecurityManager());
isValidContentLoadPolicy = NS_SUCCEEDED(rv) && NS_CP_ACCEPTED(shouldLoad);
nsAutoCString targetURIScheme;
rv = srcToTest->GetScheme(targetURIScheme);
if (NS_SUCCEEDED(rv)) {
// We only have the http support for now
isValidProtocol = targetURIScheme.EqualsLiteral("http") ||
targetURIScheme.EqualsLiteral("https");
}
return isValidURI && isValidContentLoadPolicy && isValidProtocol;
}
// static
void
EventSource::TimerCallback(nsITimer* aTimer, void* aClosure)

1
dom/base/EventSource.h
Просмотреть файл

@ -145,7 +145,6 @@ protected:
nsresult ResetEvent();
nsresult DispatchCurrentMessageEvent();
nsresult ParseCharacter(char16_t aChr);
bool CheckCanRequestSrc(nsIURI* aSrc = nullptr); // if null, it tests mSrc
nsresult CheckHealthOfRequestCallback(nsIRequest *aRequestCallback);
nsresult OnRedirectVerifyCallback(nsresult result);

12
dom/security/nsContentSecurityManager.cpp
Просмотреть файл

@ -132,13 +132,19 @@ DoContentSecurityChecks(nsIURI* aURI, nsILoadInfo* aLoadInfo)
case nsIContentPolicy::TYPE_SUBDOCUMENT:
case nsIContentPolicy::TYPE_REFRESH:
case nsIContentPolicy::TYPE_XBL:
case nsIContentPolicy::TYPE_PING:
case nsIContentPolicy::TYPE_XMLHTTPREQUEST: {
// alias nsIContentPolicy::TYPE_DATAREQUEST:
case nsIContentPolicy::TYPE_PING: {
MOZ_ASSERT(false, "contentPolicyType not supported yet");
break;
}
case nsIContentPolicy::TYPE_XMLHTTPREQUEST: {
// alias nsIContentPolicy::TYPE_DATAREQUEST:
mimeTypeGuess = NS_LITERAL_CSTRING(TEXT_EVENT_STREAM);
requestingContext = aLoadInfo->LoadingNode();
break;
}
case nsIContentPolicy::TYPE_OBJECT_SUBREQUEST: {
mimeTypeGuess = EmptyCString();
requestingContext = aLoadInfo->LoadingNode();