зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1467852 Align LoadInfo::mServiceWorkerTaintingSynthesized handling with other service worker fields. r=valentin
This commit is contained in:
Родитель
3a149f2017
Коммит
6301585f22
|
@ -396,7 +396,8 @@ LoadInfo::LoadInfo(const LoadInfo& rhs)
|
|||
, mForcePreflight(rhs.mForcePreflight)
|
||||
, mIsPreflight(rhs.mIsPreflight)
|
||||
, mLoadTriggeredFromExternal(rhs.mLoadTriggeredFromExternal)
|
||||
, mServiceWorkerTaintingSynthesized(rhs.mServiceWorkerTaintingSynthesized)
|
||||
// mServiceWorkerTaintingSynthesized must be handled specially during redirect
|
||||
, mServiceWorkerTaintingSynthesized(false)
|
||||
{
|
||||
}
|
||||
|
||||
|
|
|
@ -83,14 +83,6 @@ public:
|
|||
// when a separate request is made with the same security properties.
|
||||
already_AddRefed<nsILoadInfo> CloneForNewRequest() const;
|
||||
|
||||
// The service worker and fetch specifications require returning the
|
||||
// exact tainting level of the Response passed to FetchEvent.respondWith().
|
||||
// This method allows us to override the tainting level in that case.
|
||||
//
|
||||
// NOTE: This should not be used outside of service worker code! Use
|
||||
// nsILoadInfo::MaybeIncreaseTainting() instead.
|
||||
void SynthesizeServiceWorkerTainting(LoadTainting aTainting);
|
||||
|
||||
void SetIsPreflight();
|
||||
void SetUpgradeInsecureRequests();
|
||||
void SetBrowserUpgradeInsecureRequests();
|
||||
|
|
|
@ -44,6 +44,7 @@ native OriginAttributes(mozilla::OriginAttributes);
|
|||
[ref] native const_ServiceWorkerDescriptorRef(const mozilla::dom::ServiceWorkerDescriptor);
|
||||
[ref] native const_MaybeServiceWorkerDescriptorRef(const mozilla::Maybe<mozilla::dom::ServiceWorkerDescriptor>);
|
||||
[ptr] native PerformanceStoragePtr(mozilla::dom::PerformanceStorage);
|
||||
native LoadTainting(mozilla::LoadTainting);
|
||||
|
||||
typedef unsigned long nsSecurityFlags;
|
||||
|
||||
|
@ -991,4 +992,14 @@ interface nsILoadInfo : nsISupports
|
|||
*/
|
||||
[noscript, nostdcall, notxpcom]
|
||||
PerformanceStoragePtr GetPerformanceStorage();
|
||||
|
||||
/* The service worker and fetch specifications require returning the
|
||||
* exact tainting level of the Response passed to FetchEvent.respondWith().
|
||||
* This method allows us to override the tainting level in that case.
|
||||
*
|
||||
* NOTE: This should not be used outside of service worker code! Use
|
||||
* nsILoadInfo::MaybeIncreaseTainting() instead.
|
||||
*/
|
||||
[noscript, nostdcall, notxpcom]
|
||||
void SynthesizeServiceWorkerTainting(in LoadTainting aTainting);
|
||||
};
|
||||
|
|
|
@ -1808,6 +1808,10 @@ HttpChannelChild::BeginNonIPCRedirect(nsIURI* responseURI,
|
|||
{
|
||||
LOG(("HttpChannelChild::BeginNonIPCRedirect [this=%p]\n", this));
|
||||
|
||||
// This method is only used by child-side service workers. It should not be
|
||||
// used by new code. We want to remove it in the future.
|
||||
MOZ_DIAGNOSTIC_ASSERT(mSynthesizedResponse);
|
||||
|
||||
// If the response has been redirected, propagate all the URLs to content.
|
||||
// Thus, the exact value of the redirect flag does not matter as long as it's
|
||||
// not REDIRECT_INTERNAL.
|
||||
|
@ -1833,6 +1837,20 @@ HttpChannelChild::BeginNonIPCRedirect(nsIURI* responseURI,
|
|||
httpChannelChild->OverrideSecurityInfoForNonIPCRedirect(mSecurityInfo);
|
||||
}
|
||||
|
||||
// Normally we don't propagate the LoadInfo's service worker tainting
|
||||
// synthesis flag on redirect. A real redirect normally will want to allow
|
||||
// normal tainting to proceed from its starting taint. For this particular
|
||||
// redirect, though, we are performing a redirect to communicate the URL of
|
||||
// the service worker synthetic response itself. This redirect still represents
|
||||
// the synthetic response, so we must preserve the flag.
|
||||
if (mLoadInfo && mLoadInfo->GetServiceWorkerTaintingSynthesized()) {
|
||||
nsCOMPtr<nsILoadInfo> newChannelLoadInfo;
|
||||
Unused << newChannel->GetLoadInfo(getter_AddRefs(newChannelLoadInfo));
|
||||
if (newChannelLoadInfo) {
|
||||
newChannelLoadInfo->SynthesizeServiceWorkerTainting(mLoadInfo->GetTainting());
|
||||
}
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIEventTarget> target = GetNeckoTarget();
|
||||
MOZ_ASSERT(target);
|
||||
|
||||
|
|
|
@ -272,6 +272,17 @@ InterceptedHttpChannel::RedirectForResponseURL(nsIURI* aResponseURI,
|
|||
newChannel->SetLoadInfo(redirectLoadInfo);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
// Normally we don't propagate the LoadInfo's service worker tainting
|
||||
// synthesis flag on redirect. A real redirect normally will want to allow
|
||||
// normal tainting to proceed from its starting taint. For this particular
|
||||
// redirect, though, we are performing a redirect to communicate the URL of
|
||||
// the service worker synthetic response itself. This redirect still represents
|
||||
// the synthetic response, so we must preserve the flag.
|
||||
if (redirectLoadInfo && mLoadInfo &&
|
||||
mLoadInfo->GetServiceWorkerTaintingSynthesized()) {
|
||||
redirectLoadInfo->SynthesizeServiceWorkerTainting(mLoadInfo->GetTainting());
|
||||
}
|
||||
|
||||
rv = SetupReplacementChannel(aResponseURI, newChannel, true, flags);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
|
|
Загрузка…
Ссылка в новой задаче