diff --git a/dom/base/test/mochitest.ini b/dom/base/test/mochitest.ini index 90a172fa0a81..4004ff39e912 100644 --- a/dom/base/test/mochitest.ini +++ b/dom/base/test/mochitest.ini @@ -630,6 +630,7 @@ skip-if = buildapp == 'b2g' [test_bug1274806.html] [test_bug1281963.html] [test_bug1295852.html] +[test_bug1307730.html] [test_caretPositionFromPoint.html] [test_change_policy.html] skip-if = buildapp == 'b2g' #no ssl support diff --git a/dom/base/test/test_bug1307730.html b/dom/base/test/test_bug1307730.html new file mode 100644 index 000000000000..54ba8ac99910 --- /dev/null +++ b/dom/base/test/test_bug1307730.html @@ -0,0 +1,44 @@ + + + +
++ ++ + diff --git a/netwerk/protocol/http/nsCORSListenerProxy.cpp b/netwerk/protocol/http/nsCORSListenerProxy.cpp index bd2e2484b75a..c2a624330588 100644 --- a/netwerk/protocol/http/nsCORSListenerProxy.cpp +++ b/netwerk/protocol/http/nsCORSListenerProxy.cpp @@ -602,6 +602,7 @@ nsCORSListenerProxy::CheckRequestApproved(nsIRequest* aRequest) } if (mWithCredentials || !allowedOriginHeader.EqualsLiteral("*")) { + MOZ_ASSERT(!nsContentUtils::IsExpandedPrincipal(mOriginHeaderPrincipal)); nsAutoCString origin; nsContentUtils::GetASCIIOrigin(mOriginHeaderPrincipal, origin); @@ -950,6 +951,12 @@ nsCORSListenerProxy::UpdateChannel(nsIChannel* aChannel, uri->GetUserPass(userpass); NS_ENSURE_TRUE(userpass.IsEmpty(), NS_ERROR_DOM_BAD_URI); + // If we have an expanded principal here, we'll reject the CORS request, + // because we can't send a useful Origin header which is required for CORS. + if (nsContentUtils::IsExpandedPrincipal(mOriginHeaderPrincipal)) { + return NS_ERROR_DOM_BAD_URI; + } + // Add the Origin header nsAutoCString origin; rv = nsContentUtils::GetASCIIOrigin(mOriginHeaderPrincipal, origin);