зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1471496 part 1. Fix IsPlatformObjectSameOrigin to do the right thing when we're doing first-party isolation but turning off its effects on scripted property access. r=bholley
Differential Revision: https://phabricator.services.mozilla.com/D18029 --HG-- extra : moz-landing-system : lando
This commit is contained in:
Boris Zbarsky
Родитель
30cc95d370
Коммит
a7acf741cc
|
|
@ -41,7 +41,8 @@ bool MaybeCrossOriginObjectMixins::IsPlatformObjectSameOrigin(JSContext* cx,
|
|||
|
||||
BasePrincipal* subjectPrincipal =
|
||||
BasePrincipal::Cast(nsContentUtils::SubjectPrincipal(cx));
|
||||
nsIPrincipal* objectPrincipal = nsContentUtils::ObjectPrincipal(obj);
|
||||
BasePrincipal* objectPrincipal =
|
||||
BasePrincipal::Cast(nsContentUtils::ObjectPrincipal(obj));
|
||||
|
||||
// The spec effectively has an EqualsConsideringDomain check here,
|
||||
// because the spec has no concept of asymmetric security
|
||||
|
|
@ -53,11 +54,25 @@ bool MaybeCrossOriginObjectMixins::IsPlatformObjectSameOrigin(JSContext* cx,
|
|||
// SubsumesConsideringDomain give the same results and use
|
||||
// EqualsConsideringDomain for the check we actually do, since it's
|
||||
// stricter and more closely matches the spec.
|
||||
//
|
||||
// That said, if the (not very well named)
|
||||
// OriginAttributes::IsRestrictOpenerAccessForFPI() method returns
|
||||
// false, we want to use FastSubsumesConsideringDomainIgnoringFPD
|
||||
// instead of FastEqualsConsideringDomain, because in that case we
|
||||
// still want to treat things which are in different first-party
|
||||
// contexts as same-origin.
|
||||
MOZ_ASSERT(
|
||||
subjectPrincipal->FastEqualsConsideringDomain(objectPrincipal) ==
|
||||
subjectPrincipal->FastSubsumesConsideringDomain(objectPrincipal),
|
||||
"Why are we in an asymmetric case here?");
|
||||
return subjectPrincipal->FastEqualsConsideringDomain(objectPrincipal);
|
||||
if (OriginAttributes::IsRestrictOpenerAccessForFPI()) {
|
||||
return subjectPrincipal->FastEqualsConsideringDomain(objectPrincipal);
|
||||
}
|
||||
|
||||
return subjectPrincipal->FastSubsumesConsideringDomainIgnoringFPD(
|
||||
objectPrincipal) &&
|
||||
objectPrincipal->FastSubsumesConsideringDomainIgnoringFPD(
|
||||
subjectPrincipal);
|
||||
}
|
||||
|
||||
bool MaybeCrossOriginObjectMixins::CrossOriginGetOwnPropertyHelper(
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче