From 71b1d5722d184a39bed4ec11fce03a070bbc3e45 Mon Sep 17 00:00:00 2001 From: Christoph Kerschbaumer Date: Tue, 9 Feb 2021 18:54:28 +0000 Subject: [PATCH] Bug 1688815: Update GetSiteOriginNoSuffix() to handle view-source correctly. r=nika Differential Revision: https://phabricator.services.mozilla.com/D102200 --- caps/ContentPrincipal.cpp | 23 +++++++++++++++++++---- caps/tests/unit/test_site_origin.js | 22 ++++++++++++++++++++++ 2 files changed, 41 insertions(+), 4 deletions(-) diff --git a/caps/ContentPrincipal.cpp b/caps/ContentPrincipal.cpp index d17679e714fa..ea965b02f01c 100644 --- a/caps/ContentPrincipal.cpp +++ b/caps/ContentPrincipal.cpp @@ -441,16 +441,30 @@ ContentPrincipal::GetBaseDomain(nsACString& aBaseDomain) { NS_IMETHODIMP ContentPrincipal::GetSiteOriginNoSuffix(nsACString& aSiteOrigin) { + nsresult rv = GetOriginNoSuffix(aSiteOrigin); + NS_ENSURE_SUCCESS(rv, rv); + + // It is possible for two principals with the same origin to have different + // mURI values. In order to ensure that two principals with matching origins + // also have matching siteOrigins, we derive the siteOrigin entirely from the + // origin string and do not rely on mURI at all here. + nsCOMPtr origin; + if (NS_FAILED(NS_NewURI(getter_AddRefs(origin), aSiteOrigin))) { + // We got an error parsing the origin as a URI? siteOrigin == origin + // aSiteOrigin was already filled with `OriginNoSuffix` + return NS_OK; + } + // Handle some special URIs first. nsAutoCString baseDomain; bool handled; - nsresult rv = GetSpecialBaseDomain(mURI, &handled, baseDomain); + rv = GetSpecialBaseDomain(origin, &handled, baseDomain); NS_ENSURE_SUCCESS(rv, rv); if (handled) { // This is a special URI ("file:", "about:", "view-source:", etc). Just // return the origin. - return GetOriginNoSuffix(aSiteOrigin); + return NS_OK; } // For everything else, we ask the TLD service. Note that, unlike in @@ -465,7 +479,7 @@ ContentPrincipal::GetSiteOriginNoSuffix(nsACString& aSiteOrigin) { } bool gotBaseDomain = false; - rv = tldService->GetBaseDomain(mURI, 0, baseDomain); + rv = tldService->GetBaseDomain(origin, 0, baseDomain); if (NS_SUCCEEDED(rv)) { gotBaseDomain = true; } else { @@ -480,7 +494,7 @@ ContentPrincipal::GetSiteOriginNoSuffix(nsACString& aSiteOrigin) { // NOTE: Calling `SetHostPort` with a portless domain is insufficient to clear // the port, so an extra `SetPort` call has to be made. nsCOMPtr siteUri; - NS_MutateURI mutator(mURI); + NS_MutateURI mutator(origin); mutator.SetUserPass(""_ns).SetPort(-1); if (gotBaseDomain) { mutator.SetHost(baseDomain); @@ -489,6 +503,7 @@ ContentPrincipal::GetSiteOriginNoSuffix(nsACString& aSiteOrigin) { MOZ_ASSERT(NS_SUCCEEDED(rv), "failed to create siteUri"); NS_ENSURE_SUCCESS(rv, rv); + aSiteOrigin.Truncate(); rv = GenerateOriginNoSuffixFromURI(siteUri, aSiteOrigin); MOZ_ASSERT(NS_SUCCEEDED(rv), "failed to create siteOriginNoSuffix"); return rv; diff --git a/caps/tests/unit/test_site_origin.js b/caps/tests/unit/test_site_origin.js index 6ce2d0dfadb5..604cb4e87ce9 100644 --- a/caps/tests/unit/test_site_origin.js +++ b/caps/tests/unit/test_site_origin.js @@ -57,6 +57,28 @@ Assert.equal(aboutPrincipal.originNoSuffix, "about:preferences"); Assert.equal(aboutPrincipal.siteOrigin, "about:preferences^userContextId=66"); Assert.equal(aboutPrincipal.siteOriginNoSuffix, "about:preferences"); +let viewSourceURI = Services.io.newURI( + "view-source:https://test1.test2.example.com" +); +let viewSourcePrincipal = scriptSecMan.createContentPrincipal(viewSourceURI, { + userContextId: 101, +}); +Assert.ok(viewSourcePrincipal.isContentPrincipal); +Assert.ok(viewSourcePrincipal.schemeIs("view-source")); +Assert.equal( + viewSourcePrincipal.origin, + "https://test1.test2.example.com^userContextId=101" +); +Assert.equal( + viewSourcePrincipal.originNoSuffix, + "https://test1.test2.example.com" +); +Assert.equal( + viewSourcePrincipal.siteOrigin, + "https://example.com^userContextId=101" +); +Assert.equal(viewSourcePrincipal.siteOriginNoSuffix, "https://example.com"); + // NullPrincipal checks let nullPrincipal = scriptSecMan.createNullPrincipal({ userContextId: 33 }); Assert.ok(nullPrincipal.isNullPrincipal);