зеркало из https://github.com/mozilla/gecko-dev.git
Backed out changeset 16895673c015 (bug 1474842) for causing android geckoview failures. CLOSED TREE
This commit is contained in:
Родитель
7378e0cf79
Коммит
6cb8e9938e
|
@ -666,8 +666,8 @@ nsresult nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect,
|
|||
return NS_OK;
|
||||
}
|
||||
|
||||
// Check the parent scheme and window. If it is not an HTTPS page and not a
|
||||
// secure context then mixed content restrictions do not apply.
|
||||
// Check the parent scheme. If it is not an HTTPS page then mixed content
|
||||
// restrictions do not apply.
|
||||
nsCOMPtr<nsIURI> innerRequestingLocation =
|
||||
NS_GetInnermostURI(requestingLocation);
|
||||
if (!innerRequestingLocation) {
|
||||
|
@ -681,11 +681,7 @@ nsresult nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect,
|
|||
}
|
||||
|
||||
bool parentIsHttps = innerRequestingLocation->SchemeIs("https");
|
||||
bool parentIsSecureContext =
|
||||
requestingWindow && requestingWindow->GetIsSecureContext();
|
||||
// Extensions are exempt from mixed content restrictions.
|
||||
bool parentIsExtension = innerRequestingLocation->SchemeIs("moz-extension");
|
||||
if ((!parentIsHttps && !parentIsSecureContext) || parentIsExtension) {
|
||||
if (!parentIsHttps) {
|
||||
*aDecision = ACCEPT;
|
||||
MOZ_LOG(sMCBLog, LogLevel::Verbose,
|
||||
(" -> decision: Request will be allowed because the requesting "
|
||||
|
|
|
@ -1,10 +0,0 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<script
|
||||
onload="parent.postMessage({status:'loaded ' + document.URL}, '*')"
|
||||
onerror="parent.postMessage({status:'blocked ' + document.URL}, '*')"
|
||||
src="http://example.com/tests/dom/security/test/mixedcontentblocker/file_bug1474842.js"></script>
|
||||
</head>
|
||||
</html>
|
|
@ -1 +0,0 @@
|
|||
console.log("i should not be loaded");
|
|
@ -21,8 +21,6 @@ support-files =
|
|||
file_redirect.html
|
||||
file_redirect_handler.sjs
|
||||
file_bug1551886.html
|
||||
file_bug1474842.html
|
||||
file_bug1474842.js
|
||||
|
||||
[test_main.html]
|
||||
skip-if =
|
||||
|
@ -35,5 +33,3 @@ skip-if =
|
|||
webrender # Bug 1424752
|
||||
[test_redirect.html]
|
||||
[test_bug1551886.html]
|
||||
[test_bug1474842.html]
|
||||
scheme = https
|
||||
|
|
|
@ -1,37 +0,0 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<title>Bug 1474842: mixed content blocker bypass for localhost pages in iframe</title>
|
||||
<script src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
|
||||
|
||||
<script>
|
||||
ok(window.isSecureContext, "top level should be a secure context");
|
||||
SimpleTest.waitForExplicitFinish();
|
||||
SpecialPowers.pushPrefEnv({set: [
|
||||
["security.mixed_content.block_active_content", true],
|
||||
["network.proxy.allow_hijacking_localhost", true],
|
||||
["network.proxy.testing_localhost_is_secure_when_hijacked", true],
|
||||
]}, () => {
|
||||
info("security.mixed_content.upgrade_display_content " + SpecialPowers.getBoolPref("security.mixed_content.upgrade_display_content"));
|
||||
info("security.mixed_content.block_display_content " + SpecialPowers.getBoolPref("security.mixed_content.block_display_content"));
|
||||
info("security.mixed_content.block_active_content " + SpecialPowers.getBoolPref("security.mixed_content.block_active_content"));
|
||||
info("security.mixed_content.block_object_subrequest " + SpecialPowers.getBoolPref("security.mixed_content.block_object_subrequest"));
|
||||
window.addEventListener("message", function listener(event) {
|
||||
if(!event.data.status) {
|
||||
return;
|
||||
}
|
||||
ok(event.data.status.startsWith("blocked"), "http script loaded from http://localhost should be blocked");
|
||||
window.removeEventListener("message", listener);
|
||||
SimpleTest.finish();
|
||||
});
|
||||
let f = document.createElement("iframe");
|
||||
f.src = "http://localhost/tests/dom/security/test/mixedcontentblocker/file_bug1474842.html";
|
||||
document.body.appendChild(f);
|
||||
});
|
||||
</script>
|
||||
</head>
|
||||
|
||||
<body></body>
|
||||
</html>
|
|
@ -4,6 +4,6 @@
|
|||
<meta charset="utf-8">
|
||||
</head>
|
||||
<body>
|
||||
<script src="https://example.net/intercept_by_webRequest.js"></script>
|
||||
<script src="http://example.net/intercept_by_webRequest.js"></script>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
@ -165,7 +165,7 @@ add_task(async function webRequest_script_request_from_file_principals() {
|
|||
redirectUrl: `data:text/javascript,location.href='${redirectUrl}';`,
|
||||
};
|
||||
},
|
||||
{ urls: ["https://example.net/intercept_by_webRequest.js"] },
|
||||
{ urls: ["http://example.net/intercept_by_webRequest.js"] },
|
||||
["blocking"]
|
||||
);
|
||||
},
|
||||
|
|
Загрузка…
Ссылка в новой задаче