mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 413161: Make nsIPrincipal::Origin ignore changes to document.domain. r/sr=dveditz

This commit is contained in:
jonas@sicking.cc 2008-03-18 17:27:56 -07:00
Родитель 4ea82b5215
Коммит 9552bd91fc
4 изменённых файлов: 52 добавлений и 36 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

7
caps/idl/nsIPrincipal.idl
Просмотреть файл

@ -51,7 +51,7 @@ interface nsIURI;
[ptr] native JSContext(JSContext);
[ptr] native JSPrincipals(JSPrincipals);
[scriptable, uuid(7292475e-2821-4602-9d00-228476696428)]
[scriptable, uuid(b8268b9a-2403-44ed-81e3-614075c92034)]
interface nsIPrincipal : nsISerializable
{
/**
@ -142,9 +142,8 @@ interface nsIPrincipal : nsISerializable
[noscript] attribute nsIURI domain;
/**
* The origin of this principal's domain, if non-null, or its
* codebase URI otherwise. An origin is defined as:
* scheme + host + port.
* The origin of this principal's codebase URI.
* An origin is defined as: scheme + host + port.
*/
// XXXcaa this should probably be turned into an nsIURI.
// The system principal's origin should be some caps namespace

1
caps/include/nsPrincipal.h
Просмотреть файл

@ -140,7 +140,6 @@ protected:
nsCOMPtr<nsIURI> mCodebase;
nsCOMPtr<nsIURI> mDomain;
nsCOMPtr<nsIURI> mOrigin;
PRPackedBool mTrusted;
PRPackedBool mInitialized;
// If mCodebaseImmutable is true, mCodebase is non-null and immutable

32
caps/src/nsPrincipal.cpp
Просмотреть файл

@ -128,9 +128,6 @@ nsPrincipal::Init(const nsACString& aCertFingerprint,
mCodebase = NS_TryToMakeImmutable(aCodebase);
mCodebaseImmutable = URIIsImmutable(mCodebase);
// Invalidate our cached origin
mOrigin = nsnull;
nsresult rv;
if (!aCertFingerprint.IsEmpty()) {
rv = SetCertificate(aCertFingerprint, aSubjectName, aPrettyName, aCert);
@ -172,14 +169,12 @@ nsPrincipal::GetOrigin(char **aOrigin)
{
*aOrigin = nsnull;
if (!mOrigin) {
nsIURI* uri = mDomain ? mDomain : mCodebase;
if (uri) {
mOrigin = NS_GetInnermostURI(uri);
}
nsCOMPtr<nsIURI> origin;
if (mCodebase) {
origin = NS_GetInnermostURI(mCodebase);
}
if (!mOrigin) {
if (!origin) {
NS_ASSERTION(mCert, "No Domain or Codebase for a non-cert principal");
return NS_ERROR_FAILURE;
}
@ -191,14 +186,14 @@ nsPrincipal::GetOrigin(char **aOrigin)
// XXX this should be removed in favor of the solution in
// bug 160042.
PRBool isChrome;
nsresult rv = mOrigin->SchemeIs("chrome", &isChrome);
nsresult rv = origin->SchemeIs("chrome", &isChrome);
if (NS_SUCCEEDED(rv) && !isChrome) {
rv = mOrigin->GetHostPort(hostPort);
rv = origin->GetHostPort(hostPort);
}
if (NS_SUCCEEDED(rv) && !isChrome) {
nsCAutoString scheme;
rv = mOrigin->GetScheme(scheme);
rv = origin->GetScheme(scheme);
NS_ENSURE_SUCCESS(rv, rv);
*aOrigin = ToNewCString(scheme + NS_LITERAL_CSTRING("://") + hostPort);
}
@ -206,7 +201,7 @@ nsPrincipal::GetOrigin(char **aOrigin)
// Some URIs (e.g., nsSimpleURI) don't support host. Just
// get the full spec.
nsCAutoString spec;
rv = mOrigin->GetSpec(spec);
rv = origin->GetSpec(spec);
NS_ENSURE_SUCCESS(rv, rv);
*aOrigin = ToNewCString(spec);
}
@ -565,9 +560,6 @@ nsPrincipal::SetURI(nsIURI* aURI)
{
mCodebase = NS_TryToMakeImmutable(aURI);
mCodebaseImmutable = URIIsImmutable(mCodebase);
// Invalidate our cached origin
mOrigin = nsnull;
}
@ -676,9 +668,6 @@ nsPrincipal::SetDomain(nsIURI* aDomain)
// Domain has changed, forget cached security policy
SetSecurityPolicy(nsnull);
// Invalidate our cached origin
mOrigin = nsnull;
return NS_OK;
}
@ -720,9 +709,6 @@ nsPrincipal::InitFromPersistent(const char* aPrefName,
mCodebaseImmutable = URIIsImmutable(mCodebase);
mTrusted = aTrusted;
// Invalidate our cached origin
mOrigin = nsnull;
}
rv = mJSPrincipals.Init(this, aToken);
@ -1094,8 +1080,6 @@ nsPrincipal::Write(nsIObjectOutputStream* aStream)
return rv;
}
// mOrigin is an optimization; don't bother serializing it.
rv = aStream->Write8(mTrusted);
if (NS_FAILED(rv)) {
return rv;

48
caps/src/nsScriptSecurityManager.cpp
Просмотреть файл

@ -1068,6 +1068,40 @@ nsScriptSecurityManager::CheckSameOriginDOMProp(nsIPrincipal* aSubject,
return NS_ERROR_DOM_PROP_ACCESS_DENIED;
}
static
nsresult
GetPrincipalDomainOrigin(nsIPrincipal* aPrincipal,
nsACString& aOrigin)
{
aOrigin.Truncate();
nsCOMPtr<nsIURI> uri;
aPrincipal->GetDomain(getter_AddRefs(uri));
if (!uri) {
aPrincipal->GetURI(getter_AddRefs(uri));
}
NS_ENSURE_TRUE(uri, NS_ERROR_UNEXPECTED);
nsCAutoString hostPort;
nsresult rv = uri->GetHostPort(hostPort);
if (NS_SUCCEEDED(rv)) {
nsCAutoString scheme;
rv = uri->GetScheme(scheme);
NS_ENSURE_SUCCESS(rv, rv);
aOrigin = scheme + NS_LITERAL_CSTRING("://") + hostPort;
}
else {
// Some URIs (e.g., nsSimpleURI) don't support host. Just
// get the full spec.
rv = uri->GetSpec(aOrigin);
NS_ENSURE_SUCCESS(rv, rv);
}
return NS_OK;
}
nsresult
nsScriptSecurityManager::LookupPolicy(nsIPrincipal* aPrincipal,
ClassInfoData& aClassData,
@ -1099,9 +1133,9 @@ nsScriptSecurityManager::LookupPolicy(nsIPrincipal* aPrincipal,
printf("DomainLookup ");
#endif
nsXPIDLCString origin;
if (NS_FAILED(rv = aPrincipal->GetOrigin(getter_Copies(origin))))
return rv;
nsCAutoString origin;
rv = GetPrincipalDomainOrigin(aPrincipal, origin);
NS_ENSURE_SUCCESS(rv, rv);
char *start = origin.BeginWriting();
const char *nextToLastDot = nsnull;
@ -2670,13 +2704,13 @@ nsScriptSecurityManager::CheckConfirmDialog(JSContext* cx, nsIPrincipal* aPrinci
if (NS_FAILED(rv))
return PR_FALSE;
nsXPIDLCString val;
nsCAutoString val;
PRBool hasCert;
aPrincipal->GetHasCertificate(&hasCert);
if (hasCert)
rv = aPrincipal->GetPrettyName(val);
else
rv = aPrincipal->GetOrigin(getter_Copies(val));
rv = GetPrincipalDomainOrigin(aPrincipal, val);
if (NS_FAILED(rv))
return PR_FALSE;
@ -2791,14 +2825,14 @@ nsScriptSecurityManager::EnableCapability(const char *capability)
if (canEnable != nsIPrincipal::ENABLE_GRANTED)
{
nsXPIDLCString val;
nsCAutoString val;
PRBool hasCert;
nsresult rv;
principal->GetHasCertificate(&hasCert);
if (hasCert)
rv = principal->GetPrettyName(val);
else
rv = principal->GetOrigin(getter_Copies(val));
rv = GetPrincipalDomainOrigin(principal, val);
if (NS_FAILED(rv))
return rv;