зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1366973: Rename security flags to not contain DATA anymore r=geckoview-reviewers,ckerschb,snorp
Differential Revision: https://phabricator.services.mozilla.com/D83490
This commit is contained in:
Frederik Braun
Родитель
b769a57503
Коммит
a7153982e8
|
|
@ -1535,7 +1535,7 @@ class nsContextMenu {
|
|||
uri: makeURI(linkURL),
|
||||
loadingPrincipal: this.principal,
|
||||
contentPolicyType: Ci.nsIContentPolicy.TYPE_SAVEAS_DOWNLOAD,
|
||||
securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS,
|
||||
securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT,
|
||||
});
|
||||
|
||||
if (linkDownload) {
|
||||
|
|
|
|||
|
|
@ -112,7 +112,7 @@ class FaviconLoad {
|
|||
iconInfo.node,
|
||||
iconInfo.node.nodePrincipal,
|
||||
iconInfo.node.nodePrincipal,
|
||||
Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS |
|
||||
Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT |
|
||||
Ci.nsILoadInfo.SEC_ALLOW_CHROME |
|
||||
Ci.nsILoadInfo.SEC_DISALLOW_SCRIPT,
|
||||
Ci.nsIContentPolicy.TYPE_INTERNAL_IMAGE_FAVICON
|
||||
|
|
|
|||
|
|
@ -328,9 +328,11 @@ nsresult nsScriptSecurityManager::GetChannelResultPrincipal(
|
|||
// The data: inheritance flags should only apply to the initial load,
|
||||
// not to loads that it might have redirected to.
|
||||
if (loadInfo->RedirectChain().IsEmpty() &&
|
||||
(securityMode == nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS ||
|
||||
securityMode == nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS ||
|
||||
securityMode == nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS)) {
|
||||
(securityMode ==
|
||||
nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_INHERITS_SEC_CONTEXT ||
|
||||
securityMode ==
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT ||
|
||||
securityMode == nsILoadInfo::SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT)) {
|
||||
nsCOMPtr<nsIURI> uri;
|
||||
nsresult rv = NS_GetFinalChannelURI(aChannel, getter_AddRefs(uri));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
|
|
|||
|
|
@ -66,7 +66,7 @@ add_task(async function test_converter_abort_should_stop_data_sending() {
|
|||
const loadInfo = NetUtil.newChannel({
|
||||
uri: Services.io.newURI("data:text/plain,"),
|
||||
loadingPrincipal: nullP,
|
||||
securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
contentPolicyType: Ci.nsIContentPolicy.TYPE_OTHER,
|
||||
}).loadInfo;
|
||||
// Stub all the things.
|
||||
|
|
@ -124,7 +124,7 @@ add_task(async function test_converter_principal_needs_matching() {
|
|||
const loadInfo = NetUtil.newChannel({
|
||||
uri: Services.io.newURI("data:text/plain,"),
|
||||
loadingPrincipal: nullP,
|
||||
securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
contentPolicyType: Ci.nsIContentPolicy.TYPE_OTHER,
|
||||
}).loadInfo;
|
||||
// Stub all the things.
|
||||
|
|
|
|||
|
|
@ -460,7 +460,8 @@ StyleEditorUI.prototype = {
|
|||
{
|
||||
uri: NetUtil.newURI(selectedFile),
|
||||
loadingNode: this._window.document,
|
||||
securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS,
|
||||
securityFlags:
|
||||
Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT,
|
||||
contentPolicyType: Ci.nsIContentPolicy.TYPE_OTHER,
|
||||
},
|
||||
async (stream, status) => {
|
||||
|
|
|
|||
|
|
@ -1779,7 +1779,7 @@ const WebConsoleActor = ActorClassWithSpec(webconsoleSpec, {
|
|||
const channel = NetUtil.newChannel({
|
||||
uri: NetUtil.newURI(url),
|
||||
loadingNode: doc,
|
||||
securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
contentPolicyType:
|
||||
stringToCauseType(cause.type) || Ci.nsIContentPolicy.TYPE_OTHER,
|
||||
});
|
||||
|
|
|
|||
|
|
@ -677,7 +677,8 @@ function newChannelForURL(
|
|||
{ policy, window, principal },
|
||||
recursing = false
|
||||
) {
|
||||
const securityFlags = Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL;
|
||||
const securityFlags =
|
||||
Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL;
|
||||
|
||||
let uri;
|
||||
try {
|
||||
|
|
|
|||
|
|
@ -9495,7 +9495,7 @@ nsresult nsDocShell::DoURILoad(nsDocShellLoadState* aLoadState,
|
|||
|
||||
uint32_t sandboxFlags = mBrowsingContext->GetSandboxFlags();
|
||||
nsSecurityFlags securityFlags =
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL;
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL;
|
||||
|
||||
if (mLoadType == LOAD_ERROR_PAGE) {
|
||||
securityFlags |= nsILoadInfo::SEC_LOAD_ERROR_PAGE;
|
||||
|
|
|
|||
|
|
@ -97,7 +97,7 @@ static void SendPing(void* aClosure, nsIContent* aContent, nsIURI* aURI,
|
|||
NS_NewChannel(getter_AddRefs(chan), aURI, doc,
|
||||
info->requireSameHost
|
||||
? nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED
|
||||
: nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
: nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
nsIContentPolicy::TYPE_PING,
|
||||
nullptr, // PerformanceStorage
|
||||
nullptr, // aLoadGroup
|
||||
|
|
|
|||
|
|
@ -1044,7 +1044,7 @@ nsresult ExternalResourceMap::PendingLoad::StartLoad(
|
|||
nsresult rv = NS_OK;
|
||||
nsCOMPtr<nsIChannel> channel;
|
||||
rv = NS_NewChannel(getter_AddRefs(channel), aURI, aRequestingNode,
|
||||
nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS,
|
||||
nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_INHERITS_SEC_CONTEXT,
|
||||
nsIContentPolicy::TYPE_OTHER,
|
||||
nullptr, // aPerformanceStorage
|
||||
loadGroup);
|
||||
|
|
|
|||
|
|
@ -1029,7 +1029,8 @@ nsresult EventSourceImpl::InitChannelAndRequestEventSource() {
|
|||
|
||||
nsCOMPtr<Document> doc = mEventSource->GetDocumentIfCurrent();
|
||||
|
||||
nsSecurityFlags securityFlags = nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS;
|
||||
nsSecurityFlags securityFlags =
|
||||
nsILoadInfo::SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT;
|
||||
|
||||
if (mEventSource->mWithCredentials) {
|
||||
securityFlags |= nsILoadInfo::SEC_COOKIES_INCLUDE;
|
||||
|
|
|
|||
|
|
@ -1187,9 +1187,9 @@ bool Navigator::SendBeaconInternal(const nsAString& aUrl,
|
|||
if (aBody && !contentTypeWithCharset.IsVoid() &&
|
||||
!nsContentUtils::IsCORSSafelistedRequestHeader("content-type"_ns,
|
||||
contentTypeWithCharset)) {
|
||||
securityFlags |= nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS;
|
||||
securityFlags |= nsILoadInfo::SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT;
|
||||
} else {
|
||||
securityFlags |= nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS;
|
||||
securityFlags |= nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIChannel> channel;
|
||||
|
|
|
|||
|
|
@ -7271,7 +7271,7 @@ nsresult nsContentUtils::SlurpFileToString(nsIFile* aFile,
|
|||
nsCOMPtr<nsIChannel> channel;
|
||||
rv = NS_NewChannel(getter_AddRefs(channel), fileURI,
|
||||
nsContentUtils::GetSystemPrincipal(),
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
nsIContentPolicy::TYPE_OTHER);
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
|
|
|
|||
|
|
@ -1212,7 +1212,7 @@ void nsMessageManagerScriptExecutor::TryCacheLoadAndCompileScript(
|
|||
nsCOMPtr<nsIChannel> channel;
|
||||
NS_NewChannel(getter_AddRefs(channel), uri,
|
||||
nsContentUtils::GetSystemPrincipal(),
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
nsIContentPolicy::TYPE_OTHER);
|
||||
|
||||
if (!channel) {
|
||||
|
|
|
|||
|
|
@ -2272,7 +2272,7 @@ nsresult nsObjectLoadingContent::OpenChannel() {
|
|||
true, // aInheritForAboutBlank
|
||||
false); // aForceInherit
|
||||
nsSecurityFlags securityFlags =
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL;
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL;
|
||||
|
||||
bool isURIUniqueOrigin =
|
||||
StaticPrefs::security_data_uri_unique_opaque_origin() &&
|
||||
|
|
|
|||
|
|
@ -296,7 +296,7 @@ nsresult nsSyncLoadService::LoadDocument(
|
|||
|
||||
// if the load needs to enforce CORS, then force the load to be async
|
||||
bool isSync =
|
||||
!(aSecurityFlags & nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS) &&
|
||||
!(aSecurityFlags & nsILoadInfo::SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT) &&
|
||||
(aURI->SchemeIs("chrome") || aURI->SchemeIs("resource"));
|
||||
RefPtr<nsSyncLoader> loader = new nsSyncLoader();
|
||||
return loader->LoadDocument(channel, isSync, aForceToXML, aReferrerPolicy,
|
||||
|
|
|
|||
|
|
@ -37,7 +37,7 @@ function loadFileContent(aFile, aCharset) {
|
|||
null, // aLoadingNode
|
||||
SpecialPowers.Services.scriptSecurityManager.getSystemPrincipal(),
|
||||
null, // aTriggeringPrincipal
|
||||
SpecialPowers.Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
SpecialPowers.Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
SpecialPowers.Ci.nsIContentPolicy.TYPE_OTHER);
|
||||
|
||||
var cis = SpecialPowers.Ci.nsIConverterInputStream;
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@ function loadFileContent(aFile, aCharset) {
|
|||
null, // aLoadingNode
|
||||
SpecialPowers.Services.scriptSecurityManager.getSystemPrincipal(),
|
||||
null, // aTriggeringPrincipal
|
||||
SpecialPowers.Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
SpecialPowers.Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
SpecialPowers.Ci.nsIContentPolicy.TYPE_OTHER);
|
||||
|
||||
var cis = SpecialPowers.Ci.nsIConverterInputStream;
|
||||
|
|
|
|||
|
|
@ -37,7 +37,7 @@ function loadFileContent(aFile, aCharset) {
|
|||
null, // aLoadingNode
|
||||
SpecialPowers.Services.scriptSecurityManager.getSystemPrincipal(),
|
||||
null, // aTriggeringPrincipal
|
||||
SpecialPowers.Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
SpecialPowers.Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
SpecialPowers.Ci.nsIContentPolicy.TYPE_OTHER);
|
||||
|
||||
var cis = SpecialPowers.Ci.nsIConverterInputStream;
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@ function loadFileContent(aFile, aCharset) {
|
|||
null, // aLoadingNode
|
||||
SpecialPowers.Services.scriptSecurityManager.getSystemPrincipal(),
|
||||
null, // aTriggeringPrincipal
|
||||
SpecialPowers.Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
SpecialPowers.Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
SpecialPowers.Ci.nsIContentPolicy.TYPE_OTHER);
|
||||
|
||||
var cis = SpecialPowers.Ci.nsIConverterInputStream;
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@ function loadFileContent(aFile, aCharset) {
|
|||
null, // aLoadingNode
|
||||
SpecialPowers.Services.scriptSecurityManager.getSystemPrincipal(),
|
||||
null, // aTriggeringPrincipal
|
||||
SpecialPowers.Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
SpecialPowers.Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
SpecialPowers.Ci.nsIContentPolicy.TYPE_OTHER);
|
||||
|
||||
var cis = SpecialPowers.Ci.nsIConverterInputStream;
|
||||
|
|
|
|||
|
|
@ -574,12 +574,12 @@ nsresult FetchDriver::HttpFetch(
|
|||
|
||||
nsSecurityFlags secFlags = 0;
|
||||
if (mRequest->Mode() == RequestMode::Cors) {
|
||||
secFlags |= nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS;
|
||||
secFlags |= nsILoadInfo::SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT;
|
||||
} else if (mRequest->Mode() == RequestMode::Same_origin ||
|
||||
mRequest->Mode() == RequestMode::Navigate) {
|
||||
secFlags |= nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS;
|
||||
secFlags |= nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_INHERITS_SEC_CONTEXT;
|
||||
} else if (mRequest->Mode() == RequestMode::No_cors) {
|
||||
secFlags |= nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS;
|
||||
secFlags |= nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT;
|
||||
} else {
|
||||
MOZ_ASSERT_UNREACHABLE("Unexpected request mode!");
|
||||
return NS_ERROR_UNEXPECTED;
|
||||
|
|
|
|||
|
|
@ -382,13 +382,13 @@ RequestMode InternalRequest::MapChannelToRequestMode(nsIChannel* aChannel) {
|
|||
uint32_t securityMode = loadInfo->GetSecurityMode();
|
||||
|
||||
switch (securityMode) {
|
||||
case nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS:
|
||||
case nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_INHERITS_SEC_CONTEXT:
|
||||
case nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED:
|
||||
return RequestMode::Same_origin;
|
||||
case nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS:
|
||||
case nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL:
|
||||
case nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT:
|
||||
case nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL:
|
||||
return RequestMode::No_cors;
|
||||
case nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS:
|
||||
case nsILoadInfo::SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT:
|
||||
// TODO: Check additional flag force-preflight after bug 1199693 (bug
|
||||
// 1189945)
|
||||
return RequestMode::Cors;
|
||||
|
|
|
|||
|
|
@ -1710,8 +1710,8 @@ class HTMLMediaElement::ChannelLoader final {
|
|||
// determine what security checks need to be performed in AsyncOpen().
|
||||
nsSecurityFlags securityFlags =
|
||||
aElement->ShouldCheckAllowOrigin()
|
||||
? nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS
|
||||
: nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS;
|
||||
? nsILoadInfo::SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT
|
||||
: nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT;
|
||||
|
||||
if (aElement->GetCORSMode() == CORS_USE_CREDENTIALS) {
|
||||
securityFlags |= nsILoadInfo::SEC_COOKIES_INCLUDE;
|
||||
|
|
|
|||
|
|
@ -314,16 +314,16 @@ void HTMLTrackElement::LoadResource(RefPtr<WebVTTListener>&& aWebVTTListener) {
|
|||
nsSecurityFlags secFlags;
|
||||
if (CORS_NONE == corsMode) {
|
||||
// Same-origin is required for track element.
|
||||
secFlags = nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS;
|
||||
secFlags = nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_INHERITS_SEC_CONTEXT;
|
||||
} else {
|
||||
secFlags = nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS;
|
||||
secFlags = nsILoadInfo::SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT;
|
||||
if (CORS_ANONYMOUS == corsMode) {
|
||||
secFlags |= nsILoadInfo::SEC_COOKIES_SAME_ORIGIN;
|
||||
} else if (CORS_USE_CREDENTIALS == corsMode) {
|
||||
secFlags |= nsILoadInfo::SEC_COOKIES_INCLUDE;
|
||||
} else {
|
||||
NS_WARNING("Unknown CORS mode.");
|
||||
secFlags = nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS;
|
||||
secFlags = nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_INHERITS_SEC_CONTEXT;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -735,8 +735,8 @@ nsresult ChannelMediaResource::RecreateChannel() {
|
|||
|
||||
nsSecurityFlags securityFlags =
|
||||
element->ShouldCheckAllowOrigin()
|
||||
? nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS
|
||||
: nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS;
|
||||
? nsILoadInfo::SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT
|
||||
: nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT;
|
||||
|
||||
if (element->GetCORSMode() == CORS_USE_CREDENTIALS) {
|
||||
securityFlags |= nsILoadInfo::SEC_COOKIES_INCLUDE;
|
||||
|
|
|
|||
|
|
@ -40,7 +40,7 @@ ResourceLoader.load = function(uri, doc) {
|
|||
let ioChannel = NetUtil.newChannel({
|
||||
uri,
|
||||
loadingNode: doc,
|
||||
securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
contentPolicyType: Ci.nsIContentPolicy.TYPE_INTERNAL_SCRIPT,
|
||||
});
|
||||
|
||||
|
|
|
|||
|
|
@ -289,8 +289,8 @@ already_AddRefed<nsIPrincipal> HLSDecoder::GetContentPrincipal(
|
|||
NS_ENSURE_SUCCESS(rv, nullptr);
|
||||
nsSecurityFlags securityFlags =
|
||||
element->ShouldCheckAllowOrigin()
|
||||
? nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS
|
||||
: nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS;
|
||||
? nsILoadInfo::SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT
|
||||
: nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT;
|
||||
if (element->GetCORSMode() == CORS_USE_CREDENTIALS) {
|
||||
securityFlags |= nsILoadInfo::SEC_COOKIES_INCLUDE;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -100,9 +100,10 @@ nsresult FetchImageHelper::ImageFetchListener::FetchDecodedImageFromURI(
|
|||
RefPtr<nsIPrincipal> nullPrincipal =
|
||||
NullPrincipal::CreateWithoutOriginAttributes();
|
||||
nsCOMPtr<nsIChannel> channel;
|
||||
nsresult rv = NS_NewChannel(getter_AddRefs(channel), aURI, nullPrincipal,
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
nsIContentPolicy::TYPE_INTERNAL_IMAGE);
|
||||
nsresult rv =
|
||||
NS_NewChannel(getter_AddRefs(channel), aURI, nullPrincipal,
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
nsIContentPolicy::TYPE_INTERNAL_IMAGE);
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -313,7 +313,7 @@ void OnlineSpeechRecognitionService::DoSTT() {
|
|||
return;
|
||||
}
|
||||
|
||||
nsSecurityFlags secFlags = nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS;
|
||||
nsSecurityFlags secFlags = nsILoadInfo::SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT;
|
||||
nsLoadFlags loadFlags =
|
||||
nsIRequest::LOAD_NORMAL | nsIChannel::LOAD_BYPASS_SERVICE_WORKER;
|
||||
nsContentPolicyType contentPolicy =
|
||||
|
|
|
|||
|
|
@ -2263,7 +2263,7 @@ nsresult nsPluginHost::NewPluginURLStream(
|
|||
// form |nsDocShell::OnLinkClickSync| bug 166613
|
||||
rv = NS_NewChannel(
|
||||
getter_AddRefs(channel), url, element,
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS |
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT |
|
||||
nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL,
|
||||
nsIContentPolicy::TYPE_OBJECT_SUBREQUEST,
|
||||
nullptr, // aPerformanceStorage
|
||||
|
|
|
|||
|
|
@ -733,11 +733,12 @@ nsresult PrototypeDocumentContentSink::LoadScript(
|
|||
|
||||
// Note: the loader will keep itself alive while it's loading.
|
||||
nsCOMPtr<nsIStreamLoader> loader;
|
||||
rv = NS_NewStreamLoader(getter_AddRefs(loader), aScriptProto->mSrcURI,
|
||||
this, // aObserver
|
||||
mDocument, // aRequestingContext
|
||||
nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS,
|
||||
nsIContentPolicy::TYPE_INTERNAL_SCRIPT, group);
|
||||
rv = NS_NewStreamLoader(
|
||||
getter_AddRefs(loader), aScriptProto->mSrcURI,
|
||||
this, // aObserver
|
||||
mDocument, // aRequestingContext
|
||||
nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_INHERITS_SEC_CONTEXT,
|
||||
nsIContentPolicy::TYPE_INTERNAL_SCRIPT, group);
|
||||
|
||||
if (NS_FAILED(rv)) {
|
||||
mCurrentScriptProto = nullptr;
|
||||
|
|
|
|||
|
|
@ -497,7 +497,7 @@ var PushServiceWebSocket = {
|
|||
null, // aLoadingNode
|
||||
Services.scriptSecurityManager.getSystemPrincipal(),
|
||||
null, // aTriggeringPrincipal
|
||||
Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
Ci.nsIContentPolicy.TYPE_WEBSOCKET
|
||||
);
|
||||
// Allow deprecated HTTP request from SystemPrincipal
|
||||
|
|
|
|||
|
|
@ -1343,9 +1343,9 @@ nsresult ScriptLoader::StartLoad(ScriptLoadRequest* aRequest) {
|
|||
// scripts and always use CORS. Only exception: Non linkable about: pages
|
||||
// which load local module scripts.
|
||||
if (IsAboutPageLoadingChromeURI(aRequest)) {
|
||||
securityFlags = nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL;
|
||||
securityFlags = nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL;
|
||||
} else {
|
||||
securityFlags = nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS;
|
||||
securityFlags = nsILoadInfo::SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT;
|
||||
if (aRequest->CORSMode() == CORS_NONE ||
|
||||
aRequest->CORSMode() == CORS_ANONYMOUS) {
|
||||
securityFlags |= nsILoadInfo::SEC_COOKIES_SAME_ORIGIN;
|
||||
|
|
@ -1355,9 +1355,10 @@ nsresult ScriptLoader::StartLoad(ScriptLoadRequest* aRequest) {
|
|||
}
|
||||
}
|
||||
} else {
|
||||
securityFlags = aRequest->CORSMode() == CORS_NONE
|
||||
? nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL
|
||||
: nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS;
|
||||
securityFlags =
|
||||
aRequest->CORSMode() == CORS_NONE
|
||||
? nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL
|
||||
: nsILoadInfo::SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT;
|
||||
if (aRequest->CORSMode() == CORS_ANONYMOUS) {
|
||||
securityFlags |= nsILoadInfo::SEC_COOKIES_SAME_ORIGIN;
|
||||
} else if (aRequest->CORSMode() == CORS_USE_CREDENTIALS) {
|
||||
|
|
|
|||
|
|
@ -236,17 +236,21 @@ void SecFetch::AddSecFetchMode(nsIHttpChannel* aHTTPChannel) {
|
|||
uint32_t securityMode = loadInfo->GetSecurityMode();
|
||||
nsContentPolicyType externalType = loadInfo->GetExternalContentPolicyType();
|
||||
|
||||
if (securityMode == nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS ||
|
||||
if (securityMode ==
|
||||
nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_INHERITS_SEC_CONTEXT ||
|
||||
securityMode == nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED) {
|
||||
mode = "same-origin"_ns;
|
||||
} else if (securityMode == nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS) {
|
||||
} else if (securityMode ==
|
||||
nsILoadInfo::SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT) {
|
||||
mode = "cors"_ns;
|
||||
} else {
|
||||
// If it's not one of the security modes above, then we ensure it's
|
||||
// at least one of the others defined in nsILoadInfo
|
||||
MOZ_ASSERT(
|
||||
securityMode == nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS ||
|
||||
securityMode == nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
securityMode ==
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT ||
|
||||
securityMode ==
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
"unhandled security mode");
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1181,14 +1181,15 @@ nsresult nsCSPContext::SendReports(
|
|||
|
||||
// try to create a new channel for every report-uri
|
||||
if (doc) {
|
||||
rv = NS_NewChannel(getter_AddRefs(reportChannel), reportURI, doc,
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
nsIContentPolicy::TYPE_CSP_REPORT);
|
||||
rv =
|
||||
NS_NewChannel(getter_AddRefs(reportChannel), reportURI, doc,
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
nsIContentPolicy::TYPE_CSP_REPORT);
|
||||
} else {
|
||||
rv = NS_NewChannel(getter_AddRefs(reportChannel), reportURI,
|
||||
mLoadingPrincipal,
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
nsIContentPolicy::TYPE_CSP_REPORT);
|
||||
rv = NS_NewChannel(
|
||||
getter_AddRefs(reportChannel), reportURI, mLoadingPrincipal,
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
nsIContentPolicy::TYPE_CSP_REPORT);
|
||||
}
|
||||
|
||||
if (NS_FAILED(rv)) {
|
||||
|
|
|
|||
|
|
@ -234,11 +234,13 @@ static nsresult ValidateSecurityFlags(nsILoadInfo* aLoadInfo) {
|
|||
// SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK, because that is only used for
|
||||
// temporary loadInfos used for explicit nsIContentPolicy checks, but never be
|
||||
// set as a security flag on an actual channel.
|
||||
if (securityMode != nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS &&
|
||||
if (securityMode !=
|
||||
nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_INHERITS_SEC_CONTEXT &&
|
||||
securityMode != nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED &&
|
||||
securityMode != nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS &&
|
||||
securityMode != nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL &&
|
||||
securityMode != nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS) {
|
||||
securityMode !=
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT &&
|
||||
securityMode != nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL &&
|
||||
securityMode != nsILoadInfo::SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT) {
|
||||
MOZ_ASSERT(
|
||||
false,
|
||||
"need one securityflag from nsILoadInfo to perform security checks");
|
||||
|
|
@ -651,16 +653,16 @@ static void LogSecurityFlags(nsSecurityFlags securityFlags) {
|
|||
static const DebugSecFlagType secTypes[] = {
|
||||
{nsILoadInfo::SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK,
|
||||
"SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK"},
|
||||
{nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS,
|
||||
"SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS"},
|
||||
{nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_INHERITS_SEC_CONTEXT,
|
||||
"SEC_REQUIRE_SAME_ORIGIN_INHERITS_SEC_CONTEXT"},
|
||||
{nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED,
|
||||
"SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED"},
|
||||
{nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS,
|
||||
"SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS"},
|
||||
{nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
"SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL"},
|
||||
{nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS,
|
||||
"SEC_REQUIRE_CORS_DATA_INHERITS"},
|
||||
{nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT,
|
||||
"SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT"},
|
||||
{nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
"SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL"},
|
||||
{nsILoadInfo::SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT,
|
||||
"SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT"},
|
||||
{nsILoadInfo::SEC_COOKIES_DEFAULT, "SEC_COOKIES_DEFAULT"},
|
||||
{nsILoadInfo::SEC_COOKIES_INCLUDE, "SEC_COOKIES_INCLUDE"},
|
||||
{nsILoadInfo::SEC_COOKIES_SAME_ORIGIN, "SEC_COOKIES_SAME_ORIGIN"},
|
||||
|
|
@ -1040,7 +1042,7 @@ nsresult nsContentSecurityManager::doContentSecurityCheck(
|
|||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
if (loadInfo->GetSecurityMode() ==
|
||||
nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS) {
|
||||
nsILoadInfo::SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT) {
|
||||
rv = DoCORSChecks(aChannel, loadInfo, aInAndOutListener);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
}
|
||||
|
|
@ -1152,7 +1154,7 @@ nsresult nsContentSecurityManager::CheckChannel(nsIChannel* aChannel) {
|
|||
nsSecurityFlags securityMode = loadInfo->GetSecurityMode();
|
||||
|
||||
// CORS mode is handled by nsCORSListenerProxy
|
||||
if (securityMode == nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS) {
|
||||
if (securityMode == nsILoadInfo::SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT) {
|
||||
if (NS_HasBeenCrossOrigin(aChannel)) {
|
||||
loadInfo->MaybeIncreaseTainting(LoadTainting::CORS);
|
||||
}
|
||||
|
|
@ -1169,22 +1171,25 @@ nsresult nsContentSecurityManager::CheckChannel(nsIChannel* aChannel) {
|
|||
}
|
||||
|
||||
// if none of the REQUIRE_SAME_ORIGIN flags are set, then SOP does not apply
|
||||
if ((securityMode == nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS) ||
|
||||
if ((securityMode ==
|
||||
nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_INHERITS_SEC_CONTEXT) ||
|
||||
(securityMode == nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED)) {
|
||||
rv = DoSOPChecks(uri, loadInfo, aChannel);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
}
|
||||
|
||||
if ((securityMode == nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS) ||
|
||||
(securityMode == nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL)) {
|
||||
if ((securityMode ==
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT) ||
|
||||
(securityMode ==
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL)) {
|
||||
if (NS_HasBeenCrossOrigin(aChannel)) {
|
||||
NS_ENSURE_FALSE(loadInfo->GetDontFollowRedirects(), NS_ERROR_DOM_BAD_URI);
|
||||
loadInfo->MaybeIncreaseTainting(LoadTainting::Opaque);
|
||||
}
|
||||
// Please note that DoCheckLoadURIChecks should only be enforced for
|
||||
// cross origin requests. If the flag SEC_REQUIRE_CORS_DATA_INHERITS is set
|
||||
// within the loadInfo, then then CheckLoadURIWithPrincipal is performed
|
||||
// within nsCorsListenerProxy
|
||||
// cross origin requests. If the flag SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT
|
||||
// is set within the loadInfo, then then CheckLoadURIWithPrincipal is
|
||||
// performed within nsCorsListenerProxy
|
||||
rv = DoCheckLoadURIChecks(uri, loadInfo);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
// TODO: Bug 1371237
|
||||
|
|
|
|||
|
|
@ -651,9 +651,9 @@ nsresult CompareNetwork::Initialize(nsIPrincipal* aPrincipal,
|
|||
|
||||
// Different settings are needed for fetching imported scripts, since they
|
||||
// might be cross-origin scripts.
|
||||
uint32_t secFlags = mIsMainScript
|
||||
? nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED
|
||||
: nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS;
|
||||
uint32_t secFlags =
|
||||
mIsMainScript ? nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED
|
||||
: nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT;
|
||||
|
||||
nsContentPolicyType contentPolicyType =
|
||||
mIsMainScript ? nsIContentPolicy::TYPE_INTERNAL_SERVICE_WORKER
|
||||
|
|
|
|||
|
|
@ -1253,7 +1253,7 @@ nsresult nsWebBrowserPersist::SaveURIInternal(
|
|||
// Open a channel to the URI
|
||||
nsCOMPtr<nsIChannel> inputChannel;
|
||||
rv = NS_NewChannel(getter_AddRefs(inputChannel), aURI, aTriggeringPrincipal,
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
aContentPolicyType, cookieJarSettings,
|
||||
nullptr, // aPerformanceStorage
|
||||
nullptr, // aLoadGroup
|
||||
|
|
@ -2513,7 +2513,7 @@ nsresult nsWebBrowserPersist::CreateChannelFromURI(nsIURI* aURI,
|
|||
*aChannel = nullptr;
|
||||
|
||||
rv = NS_NewChannel(aChannel, aURI, nsContentUtils::GetSystemPrincipal(),
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
nsIContentPolicy::TYPE_OTHER);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
NS_ENSURE_ARG_POINTER(*aChannel);
|
||||
|
|
|
|||
|
|
@ -1738,7 +1738,8 @@ nsresult WebSocketImpl::InitializeConnection(
|
|||
|
||||
rv = wsChannel->InitLoadInfoNative(
|
||||
doc, doc ? doc->NodePrincipal() : aPrincipal, aPrincipal,
|
||||
aCookieJarSettings, nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
aCookieJarSettings,
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
nsIContentPolicy::TYPE_WEBSOCKET, 0);
|
||||
MOZ_ASSERT(NS_SUCCEEDED(rv));
|
||||
|
||||
|
|
|
|||
|
|
@ -156,9 +156,9 @@ nsresult ChannelFromScriptURL(
|
|||
parentDoc = nullptr;
|
||||
}
|
||||
|
||||
uint32_t secFlags = aIsMainScript
|
||||
? nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED
|
||||
: nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS;
|
||||
uint32_t secFlags =
|
||||
aIsMainScript ? nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED
|
||||
: nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT;
|
||||
|
||||
bool inheritAttrs = nsContentUtils::ChannelShouldInheritPrincipal(
|
||||
principal, uri, true /* aInheritForAboutBlank */,
|
||||
|
|
@ -190,7 +190,7 @@ nsresult ChannelFromScriptURL(
|
|||
// Note: this is for backwards compatibility and goes against spec.
|
||||
// We should find a better solution.
|
||||
if (aIsMainScript && isData) {
|
||||
secFlags = nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL;
|
||||
secFlags = nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL;
|
||||
}
|
||||
|
||||
nsContentPolicyType contentPolicyType =
|
||||
|
|
|
|||
|
|
@ -2377,19 +2377,19 @@ nsresult XMLHttpRequestMainThread::CreateChannel() {
|
|||
if (mPrincipal->IsSystemPrincipal()) {
|
||||
// When chrome is loading we want to make sure to sandbox any potential
|
||||
// result document. We also want to allow cross-origin loads.
|
||||
secFlags = nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL;
|
||||
secFlags = nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL;
|
||||
sandboxFlags = SANDBOXED_ORIGIN;
|
||||
} else if (IsSystemXHR()) {
|
||||
// For pages that have appropriate permissions, we want to still allow
|
||||
// cross-origin loads, but make sure that the any potential result
|
||||
// documents get the same principal as the loader.
|
||||
secFlags = nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS |
|
||||
secFlags = nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT |
|
||||
nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL;
|
||||
loadFlags |= nsIChannel::LOAD_BYPASS_SERVICE_WORKER;
|
||||
} else {
|
||||
// Otherwise use CORS. Again, make sure that potential result documents
|
||||
// use the same principal as the loader.
|
||||
secFlags = nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS |
|
||||
secFlags = nsILoadInfo::SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT |
|
||||
nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -64,7 +64,7 @@ nsresult nsXMLPrettyPrinter::PrettyPrint(Document* aDocument,
|
|||
nsCOMPtr<Document> xslDocument;
|
||||
rv = nsSyncLoadService::LoadDocument(
|
||||
xslUri, nsIContentPolicy::TYPE_XSLT, nsContentUtils::GetSystemPrincipal(),
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL, nullptr,
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL, nullptr,
|
||||
aDocument->CookieJarSettings(), true, ReferrerPolicy::_empty,
|
||||
getter_AddRefs(xslDocument));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
|
|
|||
|
|
@ -37,7 +37,7 @@ nsresult txParseDocumentFromURI(const nsAString& aHref,
|
|||
rv = nsSyncLoadService::LoadDocument(
|
||||
documentURI, nsIContentPolicy::TYPE_INTERNAL_XMLHTTPREQUEST,
|
||||
loaderDocument->NodePrincipal(),
|
||||
nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS, loadGroup,
|
||||
nsILoadInfo::SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT, loadGroup,
|
||||
loaderDocument->CookieJarSettings(), true,
|
||||
loaderDocument->GetReferrerPolicy(), &theDocument);
|
||||
|
||||
|
|
|
|||
|
|
@ -399,7 +399,8 @@ nsresult txCompileObserver::startLoad(nsIURI* aUri,
|
|||
nsresult rv = NS_NewChannelWithTriggeringPrincipal(
|
||||
getter_AddRefs(channel), aUri, mLoaderDocument,
|
||||
aReferrerPrincipal, // triggeringPrincipal
|
||||
nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS, nsIContentPolicy::TYPE_XSLT,
|
||||
nsILoadInfo::SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT,
|
||||
nsIContentPolicy::TYPE_XSLT,
|
||||
nullptr, // aPerformanceStorage
|
||||
loadGroup);
|
||||
|
||||
|
|
@ -559,7 +560,7 @@ nsresult txSyncCompileObserver::loadURI(const nsAString& aUri,
|
|||
|
||||
rv = nsSyncLoadService::LoadDocument(
|
||||
uri, nsIContentPolicy::TYPE_XSLT, referrerPrincipal,
|
||||
nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS, nullptr,
|
||||
nsILoadInfo::SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT, nullptr,
|
||||
source ? source->OwnerDoc()->CookieJarSettings() : nullptr, false,
|
||||
aReferrerPolicy, getter_AddRefs(document));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
|
|
|||
|
|
@ -3272,7 +3272,7 @@ already_AddRefed<nsIInputStream> PermissionManager::GetDefaultsInputStream() {
|
|||
nsCOMPtr<nsIChannel> channel;
|
||||
rv = NS_NewChannel(getter_AddRefs(channel), defaultsURI,
|
||||
nsContentUtils::GetSystemPrincipal(),
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
nsIContentPolicy::TYPE_OTHER);
|
||||
NS_ENSURE_SUCCESS(rv, nullptr);
|
||||
|
||||
|
|
|
|||
|
|
@ -243,7 +243,7 @@ nsresult nsAutoConfig::downloadAutoConfig() {
|
|||
// open a channel for the url
|
||||
rv = NS_NewChannel(
|
||||
getter_AddRefs(channel), url, nsContentUtils::GetSystemPrincipal(),
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
nsIContentPolicy::TYPE_OTHER,
|
||||
nullptr, // nsICookieJarSettings
|
||||
nullptr, // PerformanceStorage
|
||||
|
|
|
|||
|
|
@ -259,7 +259,7 @@ nsresult nsReadConfig::openAndEvaluateJSFile(const char* aFileName,
|
|||
nsCOMPtr<nsIChannel> channel;
|
||||
rv = NS_NewChannel(getter_AddRefs(channel), uri,
|
||||
nsContentUtils::GetSystemPrincipal(),
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
nsIContentPolicy::TYPE_OTHER);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
|
|
|
|||
|
|
@ -23,10 +23,10 @@ Result<Ok, nsresult> FileMgr::Open(const nsACString& aPath) {
|
|||
MOZ_TRY(NS_NewURI(getter_AddRefs(uri), aPath));
|
||||
|
||||
nsCOMPtr<nsIChannel> channel;
|
||||
MOZ_TRY(NS_NewChannel(getter_AddRefs(channel), uri,
|
||||
nsContentUtils::GetSystemPrincipal(),
|
||||
nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS,
|
||||
nsIContentPolicy::TYPE_OTHER));
|
||||
MOZ_TRY(NS_NewChannel(
|
||||
getter_AddRefs(channel), uri, nsContentUtils::GetSystemPrincipal(),
|
||||
nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_INHERITS_SEC_CONTEXT,
|
||||
nsIContentPolicy::TYPE_OTHER));
|
||||
|
||||
MOZ_TRY(channel->Open(getter_AddRefs(mStream)));
|
||||
return Ok();
|
||||
|
|
|
|||
|
|
@ -190,12 +190,12 @@ nsIconChannel::AsyncOpen(nsIStreamListener* aListener) {
|
|||
return rv;
|
||||
}
|
||||
|
||||
MOZ_ASSERT(
|
||||
mLoadInfo->GetSecurityMode() == 0 || mLoadInfo->GetInitialSecurityCheckDone() ||
|
||||
(mLoadInfo->GetSecurityMode() == nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL &&
|
||||
mLoadInfo->GetLoadingPrincipal() &&
|
||||
mLoadInfo->GetLoadingPrincipal()->IsSystemPrincipal()),
|
||||
"security flags in loadInfo but doContentSecurityCheck() not called");
|
||||
MOZ_ASSERT(mLoadInfo->GetSecurityMode() == 0 || mLoadInfo->GetInitialSecurityCheckDone() ||
|
||||
(mLoadInfo->GetSecurityMode() ==
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL &&
|
||||
mLoadInfo->GetLoadingPrincipal() &&
|
||||
mLoadInfo->GetLoadingPrincipal()->IsSystemPrincipal()),
|
||||
"security flags in loadInfo but doContentSecurityCheck() not called");
|
||||
|
||||
nsCOMPtr<nsIInputStream> inStream;
|
||||
rv = MakeInputStream(getter_AddRefs(inStream), true);
|
||||
|
|
|
|||
|
|
@ -365,7 +365,7 @@ nsIconChannel::AsyncOpen(nsIStreamListener* aListener) {
|
|||
mLoadInfo->GetSecurityMode() == 0 ||
|
||||
mLoadInfo->GetInitialSecurityCheckDone() ||
|
||||
(mLoadInfo->GetSecurityMode() ==
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL &&
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL &&
|
||||
mLoadInfo->GetLoadingPrincipal() &&
|
||||
mLoadInfo->GetLoadingPrincipal()->IsSystemPrincipal()),
|
||||
"security flags in loadInfo but doContentSecurityCheck() not called");
|
||||
|
|
|
|||
|
|
@ -820,8 +820,8 @@ static nsresult NewImageChannel(
|
|||
|
||||
nsSecurityFlags securityFlags =
|
||||
aCORSMode == imgIRequest::CORS_NONE
|
||||
? nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS
|
||||
: nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS;
|
||||
? nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT
|
||||
: nsILoadInfo::SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT;
|
||||
if (aCORSMode == imgIRequest::CORS_ANONYMOUS) {
|
||||
securityFlags |= nsILoadInfo::SEC_COOKIES_SAME_ORIGIN;
|
||||
} else if (aCORSMode == imgIRequest::CORS_USE_CREDENTIALS) {
|
||||
|
|
|
|||
|
|
@ -47,7 +47,7 @@ var gImgPath = "http://localhost:" + server.identity.primaryPort + "/image.png";
|
|||
|
||||
function setup_chan(path, isPrivate, callback) {
|
||||
var uri = NetUtil.newURI(gImgPath);
|
||||
var securityFlags = Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL;
|
||||
var securityFlags = Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL;
|
||||
var principal = Services.scriptSecurityManager.createContentPrincipal(uri, {
|
||||
privateBrowsingId: isPrivate ? 1 : 0,
|
||||
});
|
||||
|
|
|
|||
|
|
@ -82,10 +82,10 @@ static already_AddRefed<ipc::SharedMemoryBasic> LoadInShmemFromURI(
|
|||
nsIURI* aURI, uint32_t* aLength) {
|
||||
MOZ_ASSERT(XRE_IsParentProcess());
|
||||
nsCOMPtr<nsIChannel> channel;
|
||||
if (NS_FAILED(NS_NewChannel(getter_AddRefs(channel), aURI,
|
||||
nsContentUtils::GetSystemPrincipal(),
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
nsIContentPolicy::TYPE_OTHER))) {
|
||||
if (NS_FAILED(NS_NewChannel(
|
||||
getter_AddRefs(channel), aURI, nsContentUtils::GetSystemPrincipal(),
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
nsIContentPolicy::TYPE_OTHER))) {
|
||||
return nullptr;
|
||||
}
|
||||
nsCOMPtr<nsIInputStream> instream;
|
||||
|
|
|
|||
|
|
@ -444,7 +444,7 @@ nsresult nsStringBundleBase::ParseProperties(nsIPersistentProperties** aProps) {
|
|||
nsCOMPtr<nsIChannel> channel;
|
||||
rv = NS_NewChannel(getter_AddRefs(channel), uri,
|
||||
nsContentUtils::GetSystemPrincipal(),
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
nsIContentPolicy::TYPE_OTHER);
|
||||
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
|
|
|||
|
|
@ -108,7 +108,7 @@ nsresult AsyncScriptCompiler::Start(
|
|||
|
||||
nsCOMPtr<nsIChannel> channel;
|
||||
rv = NS_NewChannel(getter_AddRefs(channel), uri, aPrincipal,
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
nsIContentPolicy::TYPE_OTHER);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
|
|
|
|||
|
|
@ -236,15 +236,16 @@ class MOZ_STACK_CLASS ComponentLoaderInfo {
|
|||
}
|
||||
nsresult EnsureScriptChannel() {
|
||||
BEGIN_ENSURE(ScriptChannel, IOService, URI);
|
||||
return NS_NewChannel(getter_AddRefs(mScriptChannel), mURI,
|
||||
nsContentUtils::GetSystemPrincipal(),
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
nsIContentPolicy::TYPE_SCRIPT,
|
||||
nullptr, // nsICookieJarSettings
|
||||
nullptr, // aPerformanceStorage
|
||||
nullptr, // aLoadGroup
|
||||
nullptr, // aCallbacks
|
||||
nsIRequest::LOAD_NORMAL, mIOService);
|
||||
return NS_NewChannel(
|
||||
getter_AddRefs(mScriptChannel), mURI,
|
||||
nsContentUtils::GetSystemPrincipal(),
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
nsIContentPolicy::TYPE_SCRIPT,
|
||||
nullptr, // nsICookieJarSettings
|
||||
nullptr, // aPerformanceStorage
|
||||
nullptr, // aLoadGroup
|
||||
nullptr, // aCallbacks
|
||||
nsIRequest::LOAD_NORMAL, mIOService);
|
||||
}
|
||||
|
||||
nsIURI* ResolvedURI() {
|
||||
|
|
|
|||
|
|
@ -260,7 +260,7 @@ bool mozJSSubScriptLoader::ReadScript(JS::MutableHandle<JSScript*> script,
|
|||
nsresult rv;
|
||||
rv = NS_NewChannel(getter_AddRefs(chan), uri,
|
||||
nsContentUtils::GetSystemPrincipal(),
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
nsIContentPolicy::TYPE_OTHER,
|
||||
nullptr, // nsICookieJarSettings
|
||||
nullptr, // PerformanceStorage
|
||||
|
|
|
|||
|
|
@ -2722,7 +2722,7 @@ static nsresult ReadSourceFromFilename(JSContext* cx, const char* filename,
|
|||
nsCOMPtr<nsIChannel> scriptChannel;
|
||||
rv = NS_NewChannel(getter_AddRefs(scriptChannel), uri,
|
||||
nsContentUtils::GetSystemPrincipal(),
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
nsIContentPolicy::TYPE_OTHER);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
|
|
|
|||
|
|
@ -1352,12 +1352,12 @@ nsresult FontFaceSet::SyncLoadFontData(gfxUserFontEntry* aFontToLoad,
|
|||
// being loaded might have a different origin from the principal of the
|
||||
// stylesheet that initiated the font load.
|
||||
// Further, we only get here for data: loads, so it doesn't really matter
|
||||
// whether we use SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS or not, to be more
|
||||
// restrictive we use SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS.
|
||||
// whether we use SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT or not, to be
|
||||
// more restrictive we use SEC_REQUIRE_SAME_ORIGIN_INHERITS_SEC_CONTEXT.
|
||||
rv = NS_NewChannelWithTriggeringPrincipal(
|
||||
getter_AddRefs(channel), aFontFaceSrc->mURI->get(), mDocument,
|
||||
principal ? principal->NodePrincipal() : nullptr,
|
||||
nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS,
|
||||
nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_INHERITS_SEC_CONTEXT,
|
||||
nsIContentPolicy::TYPE_FONT);
|
||||
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
|
|
|||
|
|
@ -53,9 +53,9 @@ nsresult FontPreloader::BuildChannel(
|
|||
|
||||
uint32_t securityFlags = 0;
|
||||
if (aURI->SchemeIs("file")) {
|
||||
securityFlags = nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS;
|
||||
securityFlags = nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT;
|
||||
} else {
|
||||
securityFlags = nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS;
|
||||
securityFlags = nsILoadInfo::SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT;
|
||||
}
|
||||
|
||||
nsContentPolicyType contentPolicyType =
|
||||
|
|
|
|||
|
|
@ -1184,7 +1184,7 @@ nsresult Loader::LoadSheet(SheetLoadData& aLoadData, SheetState aSheetState,
|
|||
}
|
||||
|
||||
nsSecurityFlags securityFlags =
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS |
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT |
|
||||
nsILoadInfo::SEC_ALLOW_CHROME;
|
||||
|
||||
nsContentPolicyType contentPolicyType =
|
||||
|
|
@ -1318,8 +1318,8 @@ nsresult Loader::LoadSheet(SheetLoadData& aLoadData, SheetState aSheetState,
|
|||
CORSMode ourCORSMode = aLoadData.mSheet->GetCORSMode();
|
||||
nsSecurityFlags securityFlags =
|
||||
ourCORSMode == CORS_NONE
|
||||
? nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS
|
||||
: nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS;
|
||||
? nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT
|
||||
: nsILoadInfo::SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT;
|
||||
if (ourCORSMode == CORS_ANONYMOUS) {
|
||||
securityFlags |= nsILoadInfo::SEC_COOKIES_SAME_ORIGIN;
|
||||
} else if (ourCORSMode == CORS_USE_CREDENTIALS) {
|
||||
|
|
|
|||
|
|
@ -206,7 +206,7 @@ nsresult WebrtcTCPSocket::DoProxyConfigLookup() {
|
|||
nsCOMPtr<nsIChannel> channel;
|
||||
rv = NS_NewChannel(getter_AddRefs(channel), mURI,
|
||||
nsContentUtils::GetSystemPrincipal(),
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
nsIContentPolicy::TYPE_OTHER);
|
||||
if (NS_WARN_IF(NS_FAILED(rv))) {
|
||||
return rv;
|
||||
|
|
@ -390,7 +390,7 @@ nsresult WebrtcTCPSocket::OpenWithHttpProxy() {
|
|||
nsILoadInfo::SEC_DONT_FOLLOW_REDIRECTS | nsILoadInfo::SEC_COOKIES_OMIT |
|
||||
// We need this flag to allow loads from any origin since this channel
|
||||
// is being used to CONNECT to an HTTP proxy.
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
nsIContentPolicy::TYPE_OTHER, getter_AddRefs(localChannel));
|
||||
if (NS_FAILED(rv)) {
|
||||
LOG(("WebrtcTCPSocket %p: bad open channel\n", this));
|
||||
|
|
|
|||
|
|
@ -868,7 +868,7 @@ nsJARChannel::AsyncOpen(nsIStreamListener* aListener) {
|
|||
mLoadInfo->GetSecurityMode() == 0 ||
|
||||
mLoadInfo->GetInitialSecurityCheckDone() ||
|
||||
(mLoadInfo->GetSecurityMode() ==
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL &&
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL &&
|
||||
mLoadInfo->GetLoadingPrincipal() &&
|
||||
mLoadInfo->GetLoadingPrincipal()->IsSystemPrincipal()),
|
||||
"security flags in loadInfo but doContentSecurityCheck() not called");
|
||||
|
|
|
|||
|
|
@ -1118,12 +1118,12 @@ LoadInfo::GetSandboxFlags(uint32_t* aResult) {
|
|||
|
||||
NS_IMETHODIMP
|
||||
LoadInfo::GetSecurityMode(uint32_t* aFlags) {
|
||||
*aFlags =
|
||||
(mSecurityFlags & (nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS |
|
||||
nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED |
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS |
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL |
|
||||
nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS));
|
||||
*aFlags = (mSecurityFlags &
|
||||
(nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_INHERITS_SEC_CONTEXT |
|
||||
nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED |
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT |
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL |
|
||||
nsILoadInfo::SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT));
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
|
|
@ -1161,7 +1161,7 @@ NS_IMETHODIMP
|
|||
LoadInfo::GetCookiePolicy(uint32_t* aResult) {
|
||||
uint32_t policy = mSecurityFlags & sCookiePolicyMask;
|
||||
if (policy == nsILoadInfo::SEC_COOKIES_DEFAULT) {
|
||||
policy = (mSecurityFlags & SEC_REQUIRE_CORS_DATA_INHERITS)
|
||||
policy = (mSecurityFlags & SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT)
|
||||
? nsILoadInfo::SEC_COOKIES_SAME_ORIGIN
|
||||
: nsILoadInfo::SEC_COOKIES_INCLUDE;
|
||||
}
|
||||
|
|
@ -1620,7 +1620,8 @@ const nsTArray<uint64_t>& LoadInfo::AncestorBrowsingContextIDs() {
|
|||
|
||||
void LoadInfo::SetCorsPreflightInfo(const nsTArray<nsCString>& aHeaders,
|
||||
bool aForcePreflight) {
|
||||
MOZ_ASSERT(GetSecurityMode() == nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS);
|
||||
MOZ_ASSERT(GetSecurityMode() ==
|
||||
nsILoadInfo::SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT);
|
||||
MOZ_ASSERT(!mInitialSecurityCheckDone);
|
||||
mCorsUnsafeHeaders = aHeaders.Clone();
|
||||
mForcePreflight = aForcePreflight;
|
||||
|
|
@ -1637,7 +1638,8 @@ LoadInfo::GetForcePreflight(bool* aForcePreflight) {
|
|||
}
|
||||
|
||||
void LoadInfo::SetIsPreflight() {
|
||||
MOZ_ASSERT(GetSecurityMode() == nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS);
|
||||
MOZ_ASSERT(GetSecurityMode() ==
|
||||
nsILoadInfo::SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT);
|
||||
MOZ_ASSERT(!mInitialSecurityCheckDone);
|
||||
mIsPreflight = true;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -293,7 +293,7 @@ var NetUtil = {
|
|||
Components.stack.caller
|
||||
);
|
||||
}
|
||||
securityFlags = Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL;
|
||||
securityFlags = Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL;
|
||||
}
|
||||
|
||||
if (contentPolicyType === undefined) {
|
||||
|
|
|
|||
|
|
@ -192,7 +192,7 @@ static inline already_AddRefed<nsIChannel> SetupIPCheckChannel(bool ipv4) {
|
|||
nsCOMPtr<nsIChannel> channel;
|
||||
rv = NS_NewChannel(
|
||||
getter_AddRefs(channel), uri, nsContentUtils::GetSystemPrincipal(),
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
nsIContentPolicy::TYPE_OTHER,
|
||||
nullptr, // nsICookieJarSettings
|
||||
nullptr, // aPerformanceStorage
|
||||
|
|
|
|||
|
|
@ -1081,7 +1081,7 @@ nsresult Predictor::Prefetch(nsIURI* uri, nsIURI* referrer,
|
|||
nsCOMPtr<nsIChannel> channel;
|
||||
nsresult rv = NS_NewChannel(
|
||||
getter_AddRefs(channel), uri, nsContentUtils::GetSystemPrincipal(),
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
nsIContentPolicy::TYPE_OTHER, nullptr, /* nsICookieJarSettings */
|
||||
nullptr, /* aPerformanceStorage */
|
||||
nullptr, /* aLoadGroup */
|
||||
|
|
|
|||
|
|
@ -669,7 +669,7 @@ nsBaseChannel::AsyncOpen(nsIStreamListener* aListener) {
|
|||
mLoadInfo->GetSecurityMode() == 0 ||
|
||||
mLoadInfo->GetInitialSecurityCheckDone() ||
|
||||
(mLoadInfo->GetSecurityMode() ==
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL &&
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL &&
|
||||
mLoadInfo->GetLoadingPrincipal() &&
|
||||
mLoadInfo->GetLoadingPrincipal()->IsSystemPrincipal()),
|
||||
"security flags in loadInfo but doContentSecurityCheck() not called");
|
||||
|
|
|
|||
|
|
@ -71,11 +71,11 @@ interface nsILoadInfo : nsISupports
|
|||
* The following five flags determine the security mode and hence what kind of
|
||||
* security checks should be performed throughout the lifetime of the channel.
|
||||
*
|
||||
* * SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS
|
||||
* * SEC_REQUIRE_SAME_ORIGIN_INHERITS_SEC_CONTEXT
|
||||
* * SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED
|
||||
* * SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS
|
||||
* * SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL
|
||||
* * SEC_REQUIRE_CORS_DATA_INHERITS
|
||||
* * SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT
|
||||
* * SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL
|
||||
* * SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT
|
||||
*
|
||||
* Exactly one of these flags are required to be set in order to allow
|
||||
* the channel to perform the correct security checks (SOP, CORS, ...) and
|
||||
|
|
@ -94,25 +94,25 @@ interface nsILoadInfo : nsISupports
|
|||
const unsigned long SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK = 0;
|
||||
|
||||
/*
|
||||
* Enforce the same origin policy where data: loads inherit the principal.
|
||||
* Enforce the same origin policy where loads inherit the principal.
|
||||
* See the documentation for principalToInherit, which describes exactly what
|
||||
* principal is inherited.
|
||||
*/
|
||||
const unsigned long SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS = (1<<0);
|
||||
const unsigned long SEC_REQUIRE_SAME_ORIGIN_INHERITS_SEC_CONTEXT = (1<<0);
|
||||
|
||||
/*
|
||||
* Enforce the same origin policy but data: loads are blocked.
|
||||
* Enforce the same origin policy and data: loads are blocked.
|
||||
*/
|
||||
const unsigned long SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED = (1<<1);
|
||||
|
||||
/**
|
||||
* Allow loads from other origins. Loads from data: will inherit the
|
||||
* principal. See the documentation for principalToInherit, which describes
|
||||
* exactly what principal is inherited.
|
||||
* Allow loads from other origins. Loads which inherit the principal should
|
||||
* see the documentation for principalToInherit, which describes exactly what
|
||||
* principal is inherited.
|
||||
*
|
||||
* Commonly used by plain <img>, <video>, <link rel=stylesheet> etc.
|
||||
*/
|
||||
const unsigned long SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS = (1<<2);
|
||||
const unsigned long SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT = (1 << 2);
|
||||
|
||||
/**
|
||||
* Allow loads from other origins. Loads from data: will be allowed,
|
||||
|
|
@ -120,23 +120,22 @@ interface nsILoadInfo : nsISupports
|
|||
* Used in blink/webkit for <iframe>s. Likely also the mode
|
||||
* that should be used by most Chrome code.
|
||||
*/
|
||||
const unsigned long SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL = (1<<3);
|
||||
const unsigned long SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL = (1<<3);
|
||||
|
||||
/**
|
||||
* Allow loads from any origin, but require CORS for cross-origin loads.
|
||||
* Loads from data: are allowed and the result will inherit the principal.
|
||||
* See the documentation for principalToInherit, which describes exactly what
|
||||
* principal is inherited.
|
||||
*
|
||||
* Commonly used by <img crossorigin>, <video crossorigin>,
|
||||
* XHR, fetch(), etc.
|
||||
*/
|
||||
const unsigned long SEC_REQUIRE_CORS_DATA_INHERITS = (1<<4);
|
||||
const unsigned long SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT = (1<<4);
|
||||
|
||||
/**
|
||||
* Choose cookie policy. The default policy is equivalent to "INCLUDE" for
|
||||
* SEC_REQUIRE_SAME_ORIGIN_* and SEC_ALLOW_CROSS_ORIGIN_* modes, and
|
||||
* equivalent to "SAME_ORIGIN" for SEC_REQUIRE_CORS_DATA_INHERITS mode.
|
||||
* equivalent to "SAME_ORIGIN" for SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT mode.
|
||||
*
|
||||
* This means that if you want to perform a CORS load with credentials, pass
|
||||
* SEC_COOKIES_INCLUDE.
|
||||
|
|
@ -916,7 +915,7 @@ interface nsILoadInfo : nsISupports
|
|||
* Note that you do not need to set the Content-Type header. That will be
|
||||
* automatically detected as needed.
|
||||
*
|
||||
* Only call this function when using the SEC_REQUIRE_CORS_DATA_INHERITS mode.
|
||||
* Only call this function when using the SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT mode.
|
||||
*/
|
||||
[noscript, notxpcom, nostdcall]
|
||||
void setCorsPreflightInfo(in CStringArrayRef unsafeHeaders,
|
||||
|
|
|
|||
|
|
@ -1974,13 +1974,13 @@ nsresult nsIOService::SpeculativeConnectInternal(
|
|||
// channel we create underneath - hence it's safe to use
|
||||
// the systemPrincipal as the loadingPrincipal for this channel.
|
||||
nsCOMPtr<nsIChannel> channel;
|
||||
rv = NewChannelFromURI(aURI,
|
||||
nullptr, // aLoadingNode,
|
||||
loadingPrincipal,
|
||||
nullptr, // aTriggeringPrincipal,
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
nsIContentPolicy::TYPE_SPECULATIVE,
|
||||
getter_AddRefs(channel));
|
||||
rv = NewChannelFromURI(
|
||||
aURI,
|
||||
nullptr, // aLoadingNode,
|
||||
loadingPrincipal,
|
||||
nullptr, // aTriggeringPrincipal,
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
nsIContentPolicy::TYPE_SPECULATIVE, getter_AddRefs(channel));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
if (aAnonymous) {
|
||||
|
|
|
|||
|
|
@ -213,15 +213,15 @@ nsresult nsIncrementalDownload::ProcessTimeout() {
|
|||
// Fetch next chunk
|
||||
|
||||
nsCOMPtr<nsIChannel> channel;
|
||||
nsresult rv = NS_NewChannel(getter_AddRefs(channel), mFinalURI,
|
||||
nsContentUtils::GetSystemPrincipal(),
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
nsIContentPolicy::TYPE_OTHER,
|
||||
nullptr, // nsICookieJarSettings
|
||||
nullptr, // PerformanceStorage
|
||||
nullptr, // loadGroup
|
||||
this, // aCallbacks
|
||||
mLoadFlags);
|
||||
nsresult rv = NS_NewChannel(
|
||||
getter_AddRefs(channel), mFinalURI, nsContentUtils::GetSystemPrincipal(),
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
nsIContentPolicy::TYPE_OTHER,
|
||||
nullptr, // nsICookieJarSettings
|
||||
nullptr, // PerformanceStorage
|
||||
nullptr, // loadGroup
|
||||
this, // aCallbacks
|
||||
mLoadFlags);
|
||||
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
|
|
|
|||
|
|
@ -1963,7 +1963,7 @@ nsresult NS_LoadPersistentPropertiesFromURISpec(
|
|||
nsCOMPtr<nsIChannel> channel;
|
||||
rv = NS_NewChannel(getter_AddRefs(channel), uri,
|
||||
nsContentUtils::GetSystemPrincipal(),
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
nsIContentPolicy::TYPE_OTHER);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
nsCOMPtr<nsIInputStream> in;
|
||||
|
|
@ -2002,9 +2002,9 @@ bool NS_HasBeenCrossOrigin(nsIChannel* aChannel, bool aReport) {
|
|||
nsCOMPtr<nsIPrincipal> loadingPrincipal = loadInfo->GetLoadingPrincipal();
|
||||
uint32_t mode = loadInfo->GetSecurityMode();
|
||||
bool dataInherits =
|
||||
mode == nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS ||
|
||||
mode == nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS ||
|
||||
mode == nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS;
|
||||
mode == nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_INHERITS_SEC_CONTEXT ||
|
||||
mode == nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT ||
|
||||
mode == nsILoadInfo::SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT;
|
||||
|
||||
bool aboutBlankInherits = dataInherits && loadInfo->GetAboutBlankInherits();
|
||||
|
||||
|
|
|
|||
|
|
@ -674,7 +674,7 @@ void nsPACMan::ContinueLoadingAfterPACUriKnown() {
|
|||
MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv));
|
||||
NS_NewChannel(getter_AddRefs(channel), pacURI,
|
||||
nsContentUtils::GetSystemPrincipal(),
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
nsIContentPolicy::TYPE_OTHER,
|
||||
nullptr, // nsICookieJarSettings
|
||||
nullptr, // PerformanceStorage
|
||||
|
|
|
|||
|
|
@ -1590,7 +1590,7 @@ nsProtocolProxyService::AsyncResolve(
|
|||
// use systemPrincipal as the loadingPrincipal.
|
||||
rv = NS_NewChannel(getter_AddRefs(channel), uri,
|
||||
nsContentUtils::GetSystemPrincipal(),
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
nsIContentPolicy::TYPE_OTHER);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -67,7 +67,7 @@ add_task(async _ => {
|
|||
let channel = NetUtil.newChannel({
|
||||
uri,
|
||||
loadingPrincipal: principal,
|
||||
securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
contentPolicyType: Ci.nsIContentPolicy.TYPE_OTHER,
|
||||
});
|
||||
|
||||
|
|
|
|||
|
|
@ -57,7 +57,7 @@ add_task(async _ => {
|
|||
let channel = NetUtil.newChannel({
|
||||
uri,
|
||||
loadingPrincipal: principal,
|
||||
securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
contentPolicyType: Ci.nsIContentPolicy.TYPE_OTHER,
|
||||
});
|
||||
|
||||
|
|
@ -75,7 +75,7 @@ add_task(async _ => {
|
|||
channel = NetUtil.newChannel({
|
||||
uri,
|
||||
loadingPrincipal: principal,
|
||||
securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
contentPolicyType: Ci.nsIContentPolicy.TYPE_OTHER,
|
||||
});
|
||||
|
||||
|
|
@ -124,7 +124,7 @@ add_task(async _ => {
|
|||
let channel = NetUtil.newChannel({
|
||||
uri,
|
||||
loadingPrincipal: principal,
|
||||
securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
contentPolicyType: Ci.nsIContentPolicy.TYPE_OTHER,
|
||||
});
|
||||
|
||||
|
|
@ -138,7 +138,7 @@ add_task(async _ => {
|
|||
channel = NetUtil.newChannel({
|
||||
uri,
|
||||
loadingPrincipal: principal,
|
||||
securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
contentPolicyType: Ci.nsIContentPolicy.TYPE_OTHER,
|
||||
});
|
||||
|
||||
|
|
@ -200,7 +200,7 @@ add_task(async _ => {
|
|||
let channel = NetUtil.newChannel({
|
||||
uri,
|
||||
loadingPrincipal: principal,
|
||||
securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
contentPolicyType: Ci.nsIContentPolicy.TYPE_OTHER,
|
||||
});
|
||||
|
||||
|
|
@ -251,7 +251,7 @@ add_task(async _ => {
|
|||
let channel = NetUtil.newChannel({
|
||||
uri,
|
||||
loadingPrincipal: principal,
|
||||
securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
contentPolicyType: Ci.nsIContentPolicy.TYPE_OTHER,
|
||||
});
|
||||
|
||||
|
|
|
|||
|
|
@ -196,14 +196,15 @@ nsresult TRR::CreateChannelHelper(nsIURI* aUri, nsIChannel** aResult) {
|
|||
nsCOMPtr<nsIIOService> ios(do_GetIOService(&rv));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
return NS_NewChannel(aResult, aUri, nsContentUtils::GetSystemPrincipal(),
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
nsIContentPolicy::TYPE_OTHER,
|
||||
nullptr, // nsICookieJarSettings
|
||||
nullptr, // PerformanceStorage
|
||||
nullptr, // aLoadGroup
|
||||
nullptr, // aCallbacks
|
||||
nsIRequest::LOAD_NORMAL, ios);
|
||||
return NS_NewChannel(
|
||||
aResult, aUri, nsContentUtils::GetSystemPrincipal(),
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
nsIContentPolicy::TYPE_OTHER,
|
||||
nullptr, // nsICookieJarSettings
|
||||
nullptr, // PerformanceStorage
|
||||
nullptr, // aLoadGroup
|
||||
nullptr, // aCallbacks
|
||||
nsIRequest::LOAD_NORMAL, ios);
|
||||
}
|
||||
|
||||
// Unfortunately, we can only initialize gHttpHandler on main thread.
|
||||
|
|
|
|||
|
|
@ -334,7 +334,7 @@ already_AddRefed<LoadInfo> DocumentLoadListener::CreateLoadInfo(
|
|||
}
|
||||
|
||||
nsSecurityFlags securityFlags =
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL;
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL;
|
||||
uint32_t sandboxFlags = aBrowsingContext->GetSandboxFlags();
|
||||
|
||||
if (aLoadState->LoadType() == LOAD_ERROR_PAGE) {
|
||||
|
|
|
|||
|
|
@ -52,7 +52,7 @@ nsresult ProxyConfigLookup::DoProxyResolve(nsICancelable** aLookupCancellable) {
|
|||
nsCOMPtr<nsIChannel> channel;
|
||||
rv = NS_NewChannel(getter_AddRefs(channel), mURI,
|
||||
nsContentUtils::GetSystemPrincipal(),
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
nsIContentPolicy::TYPE_OTHER);
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
|
|
|
|||
|
|
@ -339,7 +339,7 @@ nsresult nsFileChannel::OpenContentStream(bool async, nsIInputStream** result,
|
|||
nsCOMPtr<nsIChannel> newChannel;
|
||||
rv = NS_NewChannel(getter_AddRefs(newChannel), newURI,
|
||||
nsContentUtils::GetSystemPrincipal(),
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
nsIContentPolicy::TYPE_OTHER);
|
||||
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
|
|
|||
|
|
@ -634,7 +634,7 @@ class WellKnownChecker {
|
|||
LOG(("WellKnownChecker::Start %p\n", this));
|
||||
nsCOMPtr<nsILoadInfo> loadInfo =
|
||||
new LoadInfo(nsContentUtils::GetSystemPrincipal(), nullptr, nullptr,
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
nsIContentPolicy::TYPE_OTHER);
|
||||
loadInfo->SetOriginAttributes(mCI->GetOriginAttributes());
|
||||
|
||||
|
|
|
|||
|
|
@ -2421,7 +2421,7 @@ nsresult HttpChannelChild::AsyncOpenInternal(nsIStreamListener* aListener) {
|
|||
mLoadInfo->GetSecurityMode() == 0 ||
|
||||
mLoadInfo->GetInitialSecurityCheckDone() ||
|
||||
(mLoadInfo->GetSecurityMode() ==
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL &&
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL &&
|
||||
mLoadInfo->GetLoadingPrincipal() &&
|
||||
mLoadInfo->GetLoadingPrincipal()->IsSystemPrincipal()),
|
||||
"security flags in loadInfo but doContentSecurityCheck() not called");
|
||||
|
|
|
|||
|
|
@ -971,7 +971,7 @@ nsresult nsCORSListenerProxy::CheckPreflightNeeded(nsIChannel* aChannel,
|
|||
// then we shouldn't initiate preflight for this channel.
|
||||
nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
|
||||
if (loadInfo->GetSecurityMode() !=
|
||||
nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS ||
|
||||
nsILoadInfo::SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT ||
|
||||
loadInfo->GetIsPreflight()) {
|
||||
return NS_OK;
|
||||
}
|
||||
|
|
@ -1390,7 +1390,7 @@ nsresult nsCORSListenerProxy::StartCORSPreflight(
|
|||
|
||||
nsCOMPtr<nsILoadInfo> originalLoadInfo = aRequestChannel->LoadInfo();
|
||||
MOZ_ASSERT(originalLoadInfo->GetSecurityMode() ==
|
||||
nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS,
|
||||
nsILoadInfo::SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT,
|
||||
"how did we end up here?");
|
||||
|
||||
nsCOMPtr<nsIPrincipal> principal = originalLoadInfo->GetLoadingPrincipal();
|
||||
|
|
|
|||
|
|
@ -6478,7 +6478,7 @@ nsHttpChannel::AsyncOpen(nsIStreamListener* aListener) {
|
|||
mLoadInfo->GetSecurityMode() == 0 ||
|
||||
mLoadInfo->GetInitialSecurityCheckDone() ||
|
||||
(mLoadInfo->GetSecurityMode() ==
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL &&
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL &&
|
||||
mLoadInfo->GetLoadingPrincipal() &&
|
||||
mLoadInfo->GetLoadingPrincipal()->IsSystemPrincipal()),
|
||||
"security flags in loadInfo but doContentSecurityCheck() not called");
|
||||
|
|
|
|||
|
|
@ -745,7 +745,7 @@ Result<nsCOMPtr<nsIInputStream>, nsresult> ExtensionProtocolHandler::NewStream(
|
|||
nsCOMPtr<nsIChannel> channel;
|
||||
MOZ_TRY(NS_NewChannel(getter_AddRefs(channel), resolvedURI,
|
||||
nsContentUtils::GetSystemPrincipal(),
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
nsIContentPolicy::TYPE_OTHER));
|
||||
|
||||
nsCOMPtr<nsIFileChannel> fileChannel = do_QueryInterface(channel, &rv);
|
||||
|
|
|
|||
|
|
@ -259,7 +259,7 @@ RefPtr<PageThumbStreamPromise> PageThumbProtocolHandler::NewStream(
|
|||
nsCOMPtr<nsIChannel> channel;
|
||||
rv = NS_NewChannel(getter_AddRefs(channel), resolvedURI,
|
||||
nsContentUtils::GetSystemPrincipal(),
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
nsIContentPolicy::TYPE_OTHER);
|
||||
if (NS_FAILED(rv)) {
|
||||
return PageThumbStreamPromise::CreateAndReject(rv, __func__);
|
||||
|
|
|
|||
|
|
@ -68,7 +68,7 @@ static int FuzzingRunNetworkFtp(const uint8_t* data, size_t size) {
|
|||
nsIRequest::LOAD_FRESH_CONNECTION |
|
||||
nsIChannel::LOAD_INITIAL_DOCUMENT_URI;
|
||||
nsSecurityFlags secFlags;
|
||||
secFlags = nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL;
|
||||
secFlags = nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL;
|
||||
uint32_t sandboxFlags = SANDBOXED_ORIGIN;
|
||||
nsCOMPtr<nsIChannel> channel;
|
||||
rv = NS_NewChannel(getter_AddRefs(channel), url,
|
||||
|
|
|
|||
|
|
@ -100,7 +100,7 @@ static int FuzzingRunNetworkHttp(const uint8_t* data, size_t size) {
|
|||
nsIRequest::LOAD_FRESH_CONNECTION |
|
||||
nsIChannel::LOAD_INITIAL_DOCUMENT_URI;
|
||||
nsSecurityFlags secFlags;
|
||||
secFlags = nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL;
|
||||
secFlags = nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL;
|
||||
uint32_t sandboxFlags = SANDBOXED_ORIGIN;
|
||||
|
||||
nsCOMPtr<nsIChannel> channel;
|
||||
|
|
|
|||
|
|
@ -118,7 +118,7 @@ static int FuzzingRunNetworkWebsocket(const uint8_t* data, size_t size) {
|
|||
nsresult rv;
|
||||
|
||||
nsSecurityFlags secFlags;
|
||||
secFlags = nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL;
|
||||
secFlags = nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL;
|
||||
uint32_t sandboxFlags = SANDBOXED_ORIGIN;
|
||||
|
||||
nsCOMPtr<nsIURI> url;
|
||||
|
|
|
|||
|
|
@ -355,7 +355,7 @@ function test_asyncFetch_with_nsIURI() {
|
|||
null, // aLoadingNode
|
||||
Services.scriptSecurityManager.getSystemPrincipal(),
|
||||
null, // aTriggeringPrincipal
|
||||
Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
Ci.nsIContentPolicy.TYPE_OTHER
|
||||
);
|
||||
}
|
||||
|
|
@ -396,7 +396,7 @@ function test_asyncFetch_with_string() {
|
|||
null, // aLoadingNode
|
||||
Services.scriptSecurityManager.getSystemPrincipal(),
|
||||
null, // aTriggeringPrincipal
|
||||
Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
Ci.nsIContentPolicy.TYPE_OTHER
|
||||
);
|
||||
}
|
||||
|
|
@ -446,7 +446,7 @@ function test_asyncFetch_with_nsIFile() {
|
|||
null, // aLoadingNode
|
||||
Services.scriptSecurityManager.getSystemPrincipal(),
|
||||
null, // aTriggeringPrincipal
|
||||
Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
Ci.nsIContentPolicy.TYPE_OTHER
|
||||
);
|
||||
}
|
||||
|
|
@ -477,7 +477,7 @@ function test_asyncFetch_with_nsIInputString() {
|
|||
null, // aLoadingNode
|
||||
Services.scriptSecurityManager.getSystemPrincipal(),
|
||||
null, // aTriggeringPrincipal
|
||||
Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
Ci.nsIContentPolicy.TYPE_OTHER
|
||||
);
|
||||
}
|
||||
|
|
@ -535,7 +535,7 @@ function test_newChannel_with_string() {
|
|||
null, // aLoadingNode
|
||||
Services.scriptSecurityManager.getSystemPrincipal(),
|
||||
null, // aTriggeringPrincipal
|
||||
Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
Ci.nsIContentPolicy.TYPE_OTHER
|
||||
);
|
||||
let NetUtilChannel = NetUtil.newChannel({
|
||||
|
|
@ -558,7 +558,7 @@ function test_newChannel_with_nsIURI() {
|
|||
null, // aLoadingNode
|
||||
Services.scriptSecurityManager.getSystemPrincipal(),
|
||||
null, // aTriggeringPrincipal
|
||||
Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
Ci.nsIContentPolicy.TYPE_OTHER
|
||||
);
|
||||
let NetUtilChannel = NetUtil.newChannel({
|
||||
|
|
@ -578,7 +578,7 @@ function test_newChannel_with_options() {
|
|||
null, // aLoadingNode
|
||||
Services.scriptSecurityManager.getSystemPrincipal(),
|
||||
null, // aTriggeringPrincipal
|
||||
Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
Ci.nsIContentPolicy.TYPE_OTHER
|
||||
);
|
||||
|
||||
|
|
@ -590,7 +590,7 @@ function test_newChannel_with_options() {
|
|||
NetUtil.newChannel({
|
||||
uri,
|
||||
loadingPrincipal: Services.scriptSecurityManager.getSystemPrincipal(),
|
||||
securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
contentPolicyType: Ci.nsIContentPolicy.TYPE_OTHER,
|
||||
})
|
||||
);
|
||||
|
|
|
|||
|
|
@ -116,7 +116,7 @@ function makeChan(loadingUrl, url, contentPolicy) {
|
|||
return NetUtil.newChannel({
|
||||
uri: url,
|
||||
loadingPrincipal: principal,
|
||||
securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS,
|
||||
securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT,
|
||||
contentPolicyType: contentPolicy,
|
||||
}).QueryInterface(Ci.nsIHttpChannel);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -288,7 +288,7 @@ function makeChan(url, loadingUrl) {
|
|||
return NetUtil.newChannel({
|
||||
uri: url,
|
||||
loadingPrincipal: principal,
|
||||
securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
contentPolicyType: Ci.nsIContentPolicy.TYPE_OTHER,
|
||||
});
|
||||
}
|
||||
|
|
|
|||
|
|
@ -122,7 +122,7 @@ add_task(async function testDirectProxy() {
|
|||
null,
|
||||
Services.scriptSecurityManager.getSystemPrincipal(),
|
||||
null,
|
||||
Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
Ci.nsIContentPolicy.TYPE_OTHER
|
||||
);
|
||||
|
||||
|
|
@ -156,7 +156,7 @@ add_task(async function testWebSocketProxy() {
|
|||
null,
|
||||
Services.scriptSecurityManager.getSystemPrincipal(),
|
||||
null,
|
||||
Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
Ci.nsIContentPolicy.TYPE_OTHER
|
||||
);
|
||||
|
||||
|
|
@ -183,7 +183,7 @@ add_task(async function testPreferHttpsProxy() {
|
|||
null,
|
||||
Services.scriptSecurityManager.getSystemPrincipal(),
|
||||
null,
|
||||
Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
Ci.nsIContentPolicy.TYPE_OTHER
|
||||
);
|
||||
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@ function get_channel(spec) {
|
|||
var channel = NetUtil.newChannel({
|
||||
uri: NetUtil.newURI(spec),
|
||||
loadingPrincipal: principal,
|
||||
securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
contentPolicyType: Ci.nsIContentPolicy.TYPE_OTHER,
|
||||
});
|
||||
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ var test404Path = "/test404" + suffix;
|
|||
var PrivateBrowsingLoadContext = Cu.createPrivateLoadContext();
|
||||
|
||||
function make_channel(url, flags, usePrivateBrowsing) {
|
||||
var securityFlags = Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL;
|
||||
var securityFlags = Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL;
|
||||
|
||||
var uri = Services.io.newURI(url);
|
||||
var principal = Services.scriptSecurityManager.createContentPrincipal(uri, {
|
||||
|
|
|
|||
|
|
@ -28,7 +28,7 @@ add_task(async () => {
|
|||
loadingPrincipal:
|
||||
principal ||
|
||||
Services.scriptSecurityManager.createContentPrincipal(uri, {}),
|
||||
securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
contentPolicyType: Ci.nsIContentPolicy.TYPE_OTHER,
|
||||
});
|
||||
|
||||
|
|
|
|||
|
|
@ -72,7 +72,7 @@ function run_test() {
|
|||
null, // aLoadingNode
|
||||
Services.scriptSecurityManager.getSystemPrincipal(),
|
||||
null, // aTriggeringPrincipal
|
||||
Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
|
||||
Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
|
||||
Ci.nsIContentPolicy.TYPE_WEBSOCKET
|
||||
);
|
||||
|
||||
|
|
|
|||
|
|
@ -53,7 +53,7 @@ function sendRequest(notification) {
|
|||
|
||||
var uri = NetUtil.newURI(path);
|
||||
var securityFlags =
|
||||
Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL |
|
||||
Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL |
|
||||
Ci.nsILoadInfo.SEC_COOKIES_INCLUDE;
|
||||
var principal = Services.scriptSecurityManager.createContentPrincipal(uri, {
|
||||
privateBrowsingId: 1,
|
||||
|
|
|
|||
|
|
@ -216,7 +216,7 @@ function makeChan(url) {
|
|||
}
|
||||
|
||||
var flags =
|
||||
Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL |
|
||||
Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL |
|
||||
Ci.nsILoadInfo.SEC_DONT_FOLLOW_REDIRECTS |
|
||||
Ci.nsILoadInfo.SEC_COOKIES_OMIT;
|
||||
|
||||
|
|
|
|||
Некоторые файлы не были показаны из-за слишком большого количества измененных файлов Показать больше
Загрузка…
Ссылка в новой задаче