зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1602318 - Initialize mixed content channel for process-switches. r=ckerschb,necko-reviewers,dragana
Same process origin changes are handled by the docshell, which detects this during AsyncOnChannelRedirect and clears the mixed content permission. Process switches load in a fresh docshell, so we need to make sure we appropriately set or clear the mixed content permission. Differential Revision: https://phabricator.services.mozilla.com/D67095
This commit is contained in:
Родитель
8981f913c2
Коммит
d11fa9ad8b
|
@ -9792,26 +9792,6 @@ nsresult nsDocShell::DoURILoad(nsDocShellLoadState* aLoadState,
|
|||
mContentTypeHint.Truncate();
|
||||
}
|
||||
|
||||
if (mLoadType == LOAD_NORMAL_ALLOW_MIXED_CONTENT ||
|
||||
mLoadType == LOAD_RELOAD_ALLOW_MIXED_CONTENT) {
|
||||
rv = SetMixedContentChannel(channel);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
} else if (mMixedContentChannel) {
|
||||
/*
|
||||
* If the user "Disables Protection on This Page", we call
|
||||
* SetMixedContentChannel for the first time, otherwise
|
||||
* mMixedContentChannel is still null.
|
||||
* Later, if the new channel passes a same orign check, we remember the
|
||||
* users decision by calling SetMixedContentChannel using the new channel.
|
||||
* This way, the user does not have to click the disable protection button
|
||||
* over and over for browsing the same site.
|
||||
*/
|
||||
rv = nsContentUtils::CheckSameOrigin(mMixedContentChannel, channel);
|
||||
if (NS_FAILED(rv) || NS_FAILED(SetMixedContentChannel(channel))) {
|
||||
SetMixedContentChannel(nullptr);
|
||||
}
|
||||
}
|
||||
|
||||
rv = DoChannelLoad(
|
||||
channel, uriLoader,
|
||||
aLoadState->HasLoadFlags(INTERNAL_LOAD_FLAGS_BYPASS_CLASSIFIER));
|
||||
|
@ -10019,6 +9999,26 @@ nsresult nsDocShell::OpenInitializedChannel(nsIChannel* aChannel,
|
|||
uint32_t aOpenFlags) {
|
||||
nsresult rv = NS_OK;
|
||||
|
||||
if (mLoadType == LOAD_NORMAL_ALLOW_MIXED_CONTENT ||
|
||||
mLoadType == LOAD_RELOAD_ALLOW_MIXED_CONTENT) {
|
||||
rv = SetMixedContentChannel(aChannel);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
} else if (mMixedContentChannel) {
|
||||
/*
|
||||
* If the user "Disables Protection on This Page", we call
|
||||
* SetMixedContentChannel for the first time, otherwise
|
||||
* mMixedContentChannel is still null.
|
||||
* Later, if the new channel passes a same orign check, we remember the
|
||||
* users decision by calling SetMixedContentChannel using the new channel.
|
||||
* This way, the user does not have to click the disable protection button
|
||||
* over and over for browsing the same site.
|
||||
*/
|
||||
rv = nsContentUtils::CheckSameOrigin(mMixedContentChannel, aChannel);
|
||||
if (NS_FAILED(rv) || NS_FAILED(SetMixedContentChannel(aChannel))) {
|
||||
SetMixedContentChannel(nullptr);
|
||||
}
|
||||
}
|
||||
|
||||
// If anything fails here, make sure to clear our initial ClientSource.
|
||||
auto cleanupInitialClient =
|
||||
MakeScopeExit([&] { mInitialClientSource.reset(); });
|
||||
|
|
|
@ -42,6 +42,7 @@
|
|||
#include "mozilla/dom/WindowGlobalParent.h"
|
||||
#include "mozilla/StaticPrefs_security.h"
|
||||
#include "nsICookieService.h"
|
||||
#include "nsDocShellLoadTypes.h"
|
||||
|
||||
#ifdef ANDROID
|
||||
# include "mozilla/widget/nsWindow.h"
|
||||
|
@ -1302,6 +1303,22 @@ DocumentLoadListener::AsyncOnChannelRedirect(
|
|||
oldURI, aFlags, responseStatus, net::ChannelIsPost(aOldChannel)});
|
||||
}
|
||||
|
||||
// If this is a cross-origin redirect, then we should no longer allow
|
||||
// mixed content. The destination docshell checks this in its redirect
|
||||
// handling, but if we deliver to a new docshell (with a process switch)
|
||||
// then this doesn't happen.
|
||||
// Manually remove the allow mixed content flags.
|
||||
nsresult rv = nsContentUtils::CheckSameOrigin(aOldChannel, aNewChannel);
|
||||
if (NS_FAILED(rv)) {
|
||||
if (mLoadStateLoadType == LOAD_NORMAL_ALLOW_MIXED_CONTENT) {
|
||||
mLoadStateLoadType = LOAD_NORMAL;
|
||||
} else if (mLoadStateLoadType == LOAD_RELOAD_ALLOW_MIXED_CONTENT) {
|
||||
mLoadStateLoadType = LOAD_RELOAD_NORMAL;
|
||||
}
|
||||
MOZ_ASSERT(!LOAD_TYPE_HAS_FLAGS(
|
||||
mLoadStateLoadType, nsIWebNavigation::LOAD_FLAGS_ALLOW_MIXED_CONTENT));
|
||||
}
|
||||
|
||||
if (!mDocumentChannelBridge) {
|
||||
return NS_BINDING_ABORTED;
|
||||
}
|
||||
|
@ -1315,7 +1332,7 @@ DocumentLoadListener::AsyncOnChannelRedirect(
|
|||
nsCOMPtr<nsILoadInfo> loadInfo = aOldChannel->LoadInfo();
|
||||
|
||||
nsCOMPtr<nsIURI> originalUri;
|
||||
nsresult rv = aOldChannel->GetOriginalURI(getter_AddRefs(originalUri));
|
||||
rv = aOldChannel->GetOriginalURI(getter_AddRefs(originalUri));
|
||||
if (NS_FAILED(rv)) {
|
||||
aOldChannel->Cancel(NS_ERROR_DOM_BAD_URI);
|
||||
return rv;
|
||||
|
|
Загрузка…
Ссылка в новой задаче