зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1626486 - Use structured field value parser for COOP and COEP r=kershaw,annevk,necko-reviewers
Differential Revision: https://phabricator.services.mozilla.com/D88003
This commit is contained in:
Родитель
9ca7347e3c
Коммит
685ab937f8
|
@ -102,6 +102,7 @@
|
|||
#include "nsResProtocolHandler.h"
|
||||
#include "mozilla/net/ExtensionProtocolHandler.h"
|
||||
#include "mozilla/net/PageThumbProtocolHandler.h"
|
||||
#include "mozilla/net/SFVService.h"
|
||||
#include <limits>
|
||||
|
||||
#if defined(MOZ_THUNDERBIRD) || defined(MOZ_SUITE)
|
||||
|
@ -2549,6 +2550,38 @@ nsresult NS_MaybeOpenChannelUsingAsyncOpen(nsIChannel* aChannel,
|
|||
return aChannel->AsyncOpen(aListener);
|
||||
}
|
||||
|
||||
nsILoadInfo::CrossOriginEmbedderPolicy
|
||||
NS_GetCrossOriginEmbedderPolicyFromHeader(const nsACString& aHeader) {
|
||||
nsCOMPtr<nsISFVService> sfv = GetSFVService();
|
||||
|
||||
nsCOMPtr<nsISFVItem> item;
|
||||
nsresult rv = sfv->ParseItem(aHeader, getter_AddRefs(item));
|
||||
if (NS_FAILED(rv)) {
|
||||
return nsILoadInfo::EMBEDDER_POLICY_NULL;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsISFVBareItem> value;
|
||||
rv = item->GetValue(getter_AddRefs(value));
|
||||
if (NS_FAILED(rv)) {
|
||||
return nsILoadInfo::EMBEDDER_POLICY_NULL;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsISFVToken> token = do_QueryInterface(value);
|
||||
if (!token) {
|
||||
return nsILoadInfo::EMBEDDER_POLICY_NULL;
|
||||
}
|
||||
|
||||
nsAutoCString embedderPolicy;
|
||||
rv = token->GetValue(embedderPolicy);
|
||||
if (NS_FAILED(rv)) {
|
||||
return nsILoadInfo::EMBEDDER_POLICY_NULL;
|
||||
}
|
||||
|
||||
return embedderPolicy.EqualsLiteral("require-corp")
|
||||
? nsILoadInfo::EMBEDDER_POLICY_REQUIRE_CORP
|
||||
: nsILoadInfo::EMBEDDER_POLICY_NULL;
|
||||
}
|
||||
|
||||
/** Given the first (disposition) token from a Content-Disposition header,
|
||||
* tell whether it indicates the content is inline or attachment
|
||||
* @param aDispToken the disposition token from the content-disposition header
|
||||
|
|
|
@ -797,12 +797,8 @@ nsresult NS_MaybeOpenChannelUsingAsyncOpen(nsIChannel* aChannel,
|
|||
*
|
||||
* See: https://mikewest.github.io/corpp/#parsing
|
||||
*/
|
||||
inline nsILoadInfo::CrossOriginEmbedderPolicy
|
||||
NS_GetCrossOriginEmbedderPolicyFromHeader(const nsACString& aHeader) {
|
||||
return aHeader.EqualsLiteral("require-corp")
|
||||
? nsILoadInfo::EMBEDDER_POLICY_REQUIRE_CORP
|
||||
: nsILoadInfo::EMBEDDER_POLICY_NULL;
|
||||
}
|
||||
nsILoadInfo::CrossOriginEmbedderPolicy
|
||||
NS_GetCrossOriginEmbedderPolicyFromHeader(const nsACString& aHeader);
|
||||
|
||||
/** Given the first (disposition) token from a Content-Disposition header,
|
||||
* tell whether it indicates the content is inline or attachment
|
||||
|
|
|
@ -83,6 +83,7 @@
|
|||
#include "nsURLHelper.h"
|
||||
#include "mozilla/RemoteLazyInputStreamChild.h"
|
||||
#include "mozilla/RemoteLazyInputStreamUtils.h"
|
||||
#include "mozilla/net/SFVService.h"
|
||||
|
||||
namespace mozilla {
|
||||
namespace net {
|
||||
|
@ -4790,6 +4791,30 @@ NS_IMETHODIMP HttpBaseChannel::ComputeCrossOriginOpenerPolicy(
|
|||
// %s"same-origin-allow-popups" /
|
||||
// %s"unsafe-none"; case-sensitive
|
||||
|
||||
nsCOMPtr<nsISFVService> sfv = GetSFVService();
|
||||
|
||||
nsCOMPtr<nsISFVItem> item;
|
||||
nsresult rv = sfv->ParseItem(openerPolicy, getter_AddRefs(item));
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsISFVBareItem> value;
|
||||
rv = item->GetValue(getter_AddRefs(value));
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsISFVToken> token = do_QueryInterface(value);
|
||||
if (!token) {
|
||||
return NS_ERROR_UNEXPECTED;
|
||||
}
|
||||
|
||||
rv = token->GetValue(openerPolicy);
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
|
||||
nsILoadInfo::CrossOriginOpenerPolicy policy =
|
||||
nsILoadInfo::OPENER_POLICY_UNSAFE_NONE;
|
||||
|
||||
|
|
|
@ -1,7 +0,0 @@
|
|||
[header-parsing.https.html]
|
||||
[unspecified document opening popup to https://web-platform.test:8443 with COOP: "same-origin;same-origin"]
|
||||
expected: FAIL
|
||||
|
||||
[unspecified document opening popup to https://web-platform.test:8443 with COOP: "same-origin; foo=bar"]
|
||||
expected: FAIL
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
[popup-with-structured-header.https.html]
|
||||
[same-origin with structured headers document opening popup to https://web-platform.test:8443 with COOP: "same-origin; report-to=endpoint"]
|
||||
expected: FAIL
|
||||
|
Загрузка…
Ссылка в новой задаче