Bug 1139665 - Check content load policy in FetchDriver. r=baku

--HG-- extra : rebase_source : 134db04670b090ae98d584ba190300773d9148f2
2014-10-14 16:36:58 -07:00 · 2014-10-14 16:36:58 -07:00 · bb3a858a03
--- a/dom/fetch/Fetch.cpp
+++ b/dom/fetch/Fetch.cpp
@ -177,7 +177,7 @@ public:
    nsRefPtr<FetchDriver> fetch = new FetchDriver(mRequest, principal, loadGroup);
    nsIDocument* doc = mResolver->GetWorkerPrivate()->GetDocument();
    if (doc) {
-      fetch->SetReferrerPolicy(doc->GetReferrerPolicy());
+      fetch->SetDocument(doc);
    }

    nsresult rv = fetch->Fetch(mResolver);
@ -234,7 +234,7 @@ FetchRequest(nsIGlobalObject* aGlobal, const RequestOrUSVString& aInput,
    nsCOMPtr<nsILoadGroup> loadGroup = doc->GetDocumentLoadGroup();
    nsRefPtr<FetchDriver> fetch =
      new FetchDriver(r, doc->NodePrincipal(), loadGroup);
-    fetch->SetReferrerPolicy(doc->GetReferrerPolicy());
+    fetch->SetDocument(doc);
    aRv = fetch->Fetch(resolver);
    if (NS_WARN_IF(aRv.Failed())) {
      return nullptr;
@ -315,7 +315,6 @@ public:
      result.ThrowTypeError(MSG_FETCH_FAILED);
      promise->MaybeReject(result);
    }
-
    return true;
  }
 };
--- a/dom/fetch/FetchDriver.cpp
+++ b/dom/fetch/FetchDriver.cpp
@ -5,6 +5,7 @@

 #include "mozilla/dom/FetchDriver.h"

+#include "nsIDocument.h"
 #include "nsIInputStream.h"
 #include "nsIOutputStream.h"
 #include "nsIHttpChannel.h"
@ -42,7 +43,6 @@ FetchDriver::FetchDriver(InternalRequest* aRequest, nsIPrincipal* aPrincipal,
  , mLoadGroup(aLoadGroup)
  , mRequest(aRequest)
  , mFetchRecursionCount(0)
-  , mReferrerPolicy(net::RP_Default)
  , mResponseAvailableCalled(false)
 {
 }
@ -99,11 +99,27 @@ FetchDriver::ContinueFetch(bool aCORSFlag)
    return FailWithNetworkError();
  }

+  // CSP/mixed content checks.
+  int16_t shouldLoad;
+  rv = NS_CheckContentLoadPolicy(mRequest->ContentPolicyType(),
+                                 requestURI,
+                                 mPrincipal,
+                                 mDocument,
+                                 // FIXME(nsm): Should MIME be extracted from
+                                 // Content-Type header?
+                                 EmptyCString(), /* mime guess */
+                                 nullptr, /* extra */
+                                 &shouldLoad,
+                                 nsContentUtils::GetContentPolicy(),
+                                 nsContentUtils::GetSecurityManager());
+  if (NS_WARN_IF(NS_FAILED(rv) || NS_CP_REJECTED(shouldLoad))) {
+    // Disallowed by content policy.
+    return FailWithNetworkError();
+  }
+
  // Begin Step 4 of the Fetch algorithm
  // https://fetch.spec.whatwg.org/#fetching

-  // FIXME(nsm): Bug 1039846: Add CSP checks
-
  nsAutoCString scheme;
  rv = requestURI->GetScheme(scheme);
  if (NS_WARN_IF(NS_FAILED(rv))) {
@ -289,7 +305,6 @@ FetchDriver::HttpFetch(bool aCORSFlag, bool aCORSPreflightFlag, bool aAuthentica
 {
  // Step 1. "Let response be null."
  mResponse = nullptr;
-
  nsresult rv;

  nsCOMPtr<nsIIOService> ios = do_GetIOService(&rv);
@ -406,7 +421,12 @@ FetchDriver::HttpFetch(bool aCORSFlag, bool aCORSPreflightFlag, bool aAuthentica
        return FailWithNetworkError();
      }

-      rv = httpChan->SetReferrerWithPolicy(refURI, mReferrerPolicy);
+      net::ReferrerPolicy referrerPolicy = net::RP_Default;
+      if (mDocument) {
+        referrerPolicy = mDocument->GetReferrerPolicy();
+      }
+
+      rv = httpChan->SetReferrerWithPolicy(refURI, referrerPolicy);
      if (NS_WARN_IF(NS_FAILED(rv))) {
        return FailWithNetworkError();
      }
--- a/dom/fetch/FetchDriver.h
+++ b/dom/fetch/FetchDriver.h
@ -16,6 +16,7 @@
 #include "mozilla/DebugOnly.h"
 #include "mozilla/net/ReferrerPolicy.h"

+class nsIDocument;
 class nsIOutputStream;
 class nsILoadGroup;
 class nsIPrincipal;
@ -58,11 +59,11 @@ public:
  NS_IMETHOD Fetch(FetchDriverObserver* aObserver);

  void
-  SetReferrerPolicy(net::ReferrerPolicy aPolicy)
+  SetDocument(nsIDocument* aDocument)
  {
-    // Cannot set policy after Fetch() has been called.
+    // Cannot set document after Fetch() has been called.
    MOZ_ASSERT(mFetchRecursionCount == 0);
-    mReferrerPolicy = aPolicy;
+    mDocument = aDocument;
  }

 private:
@ -76,8 +77,8 @@ private:
  nsCOMPtr<nsIAsyncVerifyRedirectCallback> mRedirectCallback;
  nsCOMPtr<nsIChannel> mOldRedirectChannel;
  nsCOMPtr<nsIChannel> mNewRedirectChannel;
+  nsCOMPtr<nsIDocument> mDocument;
  uint32_t mFetchRecursionCount;
-  net::ReferrerPolicy mReferrerPolicy;

  DebugOnly<bool> mResponseAvailableCalled;