mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 1715332 - correct ClientValidation for moz-safe-about scheme. r=dom-worker-reviewers,asuth 

Differential Revision: https://phabricator.services.mozilla.com/D140626
This commit is contained in:
Eden Chuang 2022-03-23 09:18:08 +00:00
Родитель 4d7bae5d9d
Коммит 7702c3483d
1 изменённых файлов: 22 добавлений и 0 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

22
dom/clients/manager/ClientValidation.cpp
Просмотреть файл

@ -50,12 +50,24 @@ bool ClientIsValidPrincipalInfo(const PrincipalInfo& aPrincipalInfo) {
nsAutoCString specOrigin; nsAutoCString specOrigin;
specURL->Origin(specOrigin); specURL->Origin(specOrigin);
// Linkable about URIs end up with a nested inner scheme of moz-safe-about
// which will have been captured in the originNoSuffix but the spec and
// its resulting specOrigin will not have this transformed scheme, so
// ignore the "moz-safe-" prefix when the originURL has that transformed
// scheme.
if (originURL->Scheme().Equals("moz-safe-about")) {
return specOrigin == originOrigin ||
specOrigin == Substring(originOrigin, 9 /*moz-safe-*/,
specOrigin.Length());
}
// For now require Clients to have a principal where both its // For now require Clients to have a principal where both its
// originNoSuffix and spec have the same origin. This will // originNoSuffix and spec have the same origin. This will
// exclude a variety of unusual combinations within the browser // exclude a variety of unusual combinations within the browser
// but its adequate for the features need to support right now. // but its adequate for the features need to support right now.
// If necessary we could expand this function to handle more // If necessary we could expand this function to handle more
// cases in the future. // cases in the future.
return specOrigin == originOrigin; return specOrigin == originOrigin;
} }
default: { default: {
@ -109,6 +121,16 @@ bool ClientIsValidCreationURL(const PrincipalInfo& aPrincipalInfo,
return true; return true;
} }
// Linkable about URIs end up with a nested inner scheme of moz-safe-about
// but the url and its resulting origin will not have this transformed
// scheme, so ignore the "moz-safe-" prefix when the principal has that
// transformed scheme.
if (principalURL->Scheme().Equals("moz-safe-about")) {
return origin == principalOrigin ||
origin ==
Substring(principalOrigin, 9 /*moz-safe-*/, origin.Length());
}
// Otherwise don't support this URL type in the clients sub-system for // Otherwise don't support this URL type in the clients sub-system for
// now. This will exclude a variety of internal browser clients, but // now. This will exclude a variety of internal browser clients, but
// currently we don't need to support those. This function can be // currently we don't need to support those. This function can be