Bug 1307730 - Disallow CORS fetches when we have an expanded principal; r=bzbarsky

It's not possible to construct a useful Origin header when we have an expanded principal and are about to perform a CORS fetch. Therefore, instead of sending a CORS fetch with an |Origin: null| header, we must fail the request.
2016-10-06 15:59:16 -04:00 · 2016-10-06 15:59:16 -04:00 · 7cbf03adb5
--- a/dom/base/test/mochitest.ini
+++ b/dom/base/test/mochitest.ini
@ -630,6 +630,7 @@ skip-if = buildapp == 'b2g'
 [test_bug1274806.html]
 [test_bug1281963.html]
 [test_bug1295852.html]
+[test_bug1307730.html]
 [test_caretPositionFromPoint.html]
 [test_change_policy.html]
 skip-if = buildapp == 'b2g' #no ssl support
--- a/dom/base/test/test_bug1307730.html
+++ b/dom/base/test/test_bug1307730.html
@ -0,0 +1,44 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+https://bugzilla.mozilla.org/show_bug.cgi?id=1307730
+-->
+<head>
+  <title>Test for Bug 1307730</title>
+  <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
+</head>
+<body>
+<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1307730">Mozilla Bug 1307730</a>
+<p id="display"></p>
+<div id="content" style="display: none">
+</div>
+<pre id="test">
+<script type="application/javascript">
+
+const Cu = SpecialPowers.Cu;
+
+function runTest() {
+  var xhr = new XMLHttpRequest();
+  xhr.open("GET", "https://example.com", false);
+  try {
+    xhr.send();
+  } catch (e) {
+    return e.name;
+  }
+  return 'XHR succeeded';
+}
+
+function evalInSandbox(sandbox, func) {
+  return SpecialPowers.unwrap(Cu.evalInSandbox(`(${func.toString()})()`, sandbox));
+}
+
+let sandbox = Cu.Sandbox([window, "https://example.org"],
+                         {wantGlobalProperties: ['XMLHttpRequest']});
+is(evalInSandbox(sandbox, runTest), 'NetworkError',
+   "Shouldn't be able to make a CORS request with an expanded principal");
+
+</script>
+</pre>
+</body>
+</html>
--- a/netwerk/protocol/http/nsCORSListenerProxy.cpp
+++ b/netwerk/protocol/http/nsCORSListenerProxy.cpp
@ -602,6 +602,7 @@ nsCORSListenerProxy::CheckRequestApproved(nsIRequest* aRequest)
  }

  if (mWithCredentials || !allowedOriginHeader.EqualsLiteral("*")) {
+    MOZ_ASSERT(!nsContentUtils::IsExpandedPrincipal(mOriginHeaderPrincipal));
    nsAutoCString origin;
    nsContentUtils::GetASCIIOrigin(mOriginHeaderPrincipal, origin);

@ -950,6 +951,12 @@ nsCORSListenerProxy::UpdateChannel(nsIChannel* aChannel,
  uri->GetUserPass(userpass);
  NS_ENSURE_TRUE(userpass.IsEmpty(), NS_ERROR_DOM_BAD_URI);

+  // If we have an expanded principal here, we'll reject the CORS request,
+  // because we can't send a useful Origin header which is required for CORS.
+  if (nsContentUtils::IsExpandedPrincipal(mOriginHeaderPrincipal)) {
+    return NS_ERROR_DOM_BAD_URI;
+  }
+
  // Add the Origin header
  nsAutoCString origin;
  rv = nsContentUtils::GetASCIIOrigin(mOriginHeaderPrincipal, origin);