bug 1040930 - part 1 mixed content websockets should be based on scheme r=smaug

--HG--
extra : rebase_source : 2e71720763f60b43fbf31f17b8e518120f15e60e
This commit is contained in:
Patrick McManus 2014-07-18 15:04:28 -04:00
Родитель 4824659eb8
Коммит a9b36c4e46
1 изменённых файлов: 18 добавлений и 6 удалений

Просмотреть файл

@ -679,17 +679,28 @@ WebSocket::Init(JSContext* aCx,
nsIScriptContext* sc = GetContextForEventHandlers(&rv);
NS_ENSURE_SUCCESS(rv, rv);
nsCOMPtr<nsIDocument> originDoc = nsContentUtils::GetDocumentFromScriptContext(sc);
// Don't allow https:// to open ws://
if (!mSecure &&
!Preferences::GetBool("network.websocket.allowInsecureFromHTTPS",
false)) {
// Confirmed we are opening plain ws:// and want to prevent this from a
// secure context (e.g. https). Check the security context of the document
// associated with this script, which is the same as associated with mOwner.
if (originDoc && originDoc->GetSecurityInfo()) {
return NS_ERROR_DOM_SECURITY_ERR;
// secure context (e.g. https). Check the principal's uri to determine if
// we were loaded from https.
nsCOMPtr<nsIGlobalObject> globalObject(BrokenGetEntryGlobal());
if (globalObject) {
nsCOMPtr<nsIPrincipal> principal(globalObject->PrincipalOrNull());
if (principal) {
nsCOMPtr<nsIURI> uri;
principal->GetURI(getter_AddRefs(uri));
if (uri) {
bool originIsHttps = false;
rv = uri->SchemeIs("https", &originIsHttps);
NS_ENSURE_SUCCESS(rv,rv);
if (originIsHttps) {
return NS_ERROR_DOM_SECURITY_ERR;
}
}
}
}
}
@ -710,6 +721,7 @@ WebSocket::Init(JSContext* aCx,
// Check content policy.
int16_t shouldLoad = nsIContentPolicy::ACCEPT;
nsCOMPtr<nsIDocument> originDoc = nsContentUtils::GetDocumentFromScriptContext(sc);
rv = NS_CheckContentLoadPolicy(nsIContentPolicy::TYPE_WEBSOCKET,
mURI,
mPrincipal,