Bug 1657916 allow extensions to see view-source requests r=robwu

View source prefixes urls with a view-source scheme.  Somewhere along
the way a request is made for the un-prefixed url but we do not intercept.  This
removes the prefix for webrequest and proxy APIs prior to checking access rules
and filters, allowing the APIs to intercept those requests that the otherwise
could.

Differential Revision: https://phabricator.services.mozilla.com/D89068
This commit is contained in:
Shane Caraveo 2020-10-15 21:57:35 +00:00
Родитель 05ce764c82
Коммит 785c75dc53
3 изменённых файлов: 105 добавлений и 0 удалений

Просмотреть файл

@ -0,0 +1,95 @@
"use strict";
const server = createHttpServer({ hosts: ["example.com"] });
server.registerPathHandler("/dummy", (request, response) => {
response.setStatusLine(request.httpVersion, 200, "OK");
response.write("ok");
});
add_task(async function test_webRequest_viewsource() {
function background(serverPort) {
browser.proxy.onRequest.addListener(
details => {
if (details.url === `http://example.com:${serverPort}/dummy`) {
browser.test.assertTrue(
true,
"viewsource protocol worked in proxy request"
);
browser.test.sendMessage("proxied");
}
},
{ urls: ["<all_urls>"] }
);
browser.webRequest.onBeforeRequest.addListener(
details => {
browser.test.assertEq(
`http://example.com:${serverPort}/redirect`,
details.url,
"viewsource protocol worked in webRequest"
);
browser.test.sendMessage("viewed");
return { redirectUrl: `http://example.com:${serverPort}/dummy` };
},
{ urls: ["http://example.com/redirect"] },
["blocking"]
);
browser.webRequest.onBeforeRequest.addListener(
details => {
browser.test.assertEq(
`http://example.com:${serverPort}/dummy`,
details.url,
"viewsource protocol worked in webRequest"
);
browser.test.sendMessage("redirected");
return { cancel: true };
},
{ urls: ["http://example.com/dummy"] },
["blocking"]
);
browser.webRequest.onCompleted.addListener(
details => {
// If cancel fails we get onCompleted.
browser.test.fail("onCompleted received");
},
{ urls: ["http://example.com/dummy"] }
);
browser.webRequest.onErrorOccurred.addListener(
details => {
browser.test.assertEq(
details.error,
"NS_ERROR_ABORT",
"request cancelled"
);
browser.test.sendMessage("cancelled");
},
{ urls: ["http://example.com/dummy"] }
);
}
let extension = ExtensionTestUtils.loadExtension({
manifest: {
permissions: ["proxy", "webRequest", "webRequestBlocking", "<all_urls>"],
},
background: `(${background})(${server.identity.primaryPort})`,
});
await extension.startup();
let contentPage = await ExtensionTestUtils.loadContentPage(
`view-source:http://example.com:${server.identity.primaryPort}/redirect`
);
await Promise.all([
extension.awaitMessage("proxied"),
extension.awaitMessage("viewed"),
extension.awaitMessage("redirected"),
extension.awaitMessage("cancelled"),
]);
await contentPage.close();
await extension.unload();
});

Просмотреть файл

@ -214,6 +214,7 @@ skip-if = appname == "thunderbird" || (os == "android" && debug)
[test_ext_webRequest_style_cache.js] [test_ext_webRequest_style_cache.js]
[test_ext_webRequest_suspend.js] [test_ext_webRequest_suspend.js]
[test_ext_webRequest_userContextId.js] [test_ext_webRequest_userContextId.js]
[test_ext_webRequest_viewsource.js]
[test_ext_webRequest_webSocket.js] [test_ext_webRequest_webSocket.js]
skip-if = appname == "thunderbird" skip-if = appname == "thunderbird"
[test_ext_xhr_capabilities.js] [test_ext_xhr_capabilities.js]

Просмотреть файл

@ -538,6 +538,15 @@ const URLInfo& ChannelWrapper::FinalURLInfo() const {
ErrorResult rv; ErrorResult rv;
nsCOMPtr<nsIURI> uri = FinalURI(); nsCOMPtr<nsIURI> uri = FinalURI();
MOZ_ASSERT(uri); MOZ_ASSERT(uri);
// If this is a view-source scheme, get the nested uri.
while (uri && uri->SchemeIs("view-source")) {
nsCOMPtr<nsINestedURI> nested = do_QueryInterface(uri);
if (!nested) {
break;
}
nested->GetInnerURI(getter_AddRefs(uri));
}
mFinalURLInfo.emplace(uri.get(), true); mFinalURLInfo.emplace(uri.get(), true);
// If this is a WebSocket request, mangle the URL so that the scheme is // If this is a WebSocket request, mangle the URL so that the scheme is