fixes bug 267367 "image loading from chrome results in auth prompts if src is protected" r=biesi sr=jst

docshell/base/nsDocShell.cpp

@@ -403,18 +403,9 @@ NS_IMETHODIMP nsDocShell::GetInterface(const nsIID & aIID, void **aSink)
             return NS_NOINTERFACE;
     }
     else if (aIID.Equals(NS_GET_IID(nsIAuthPrompt))) {
-        // if auth is not allowed, bail out
-        if (!mAllowAuth)
-          return NS_NOINTERFACE;
-
-        nsCOMPtr<nsIAuthPrompt> authPrompter(do_GetInterface(mTreeOwner));
-        if (authPrompter) {
-            *aSink = authPrompter;
-            NS_ADDREF((nsISupports *) * aSink);
-            return NS_OK;
-        }
-        else
-            return NS_NOINTERFACE;
+        return NS_SUCCEEDED(
+                GetAuthPrompt(PROMPT_NORMAL, (nsIAuthPrompt **) aSink)) ?
+                NS_OK : NS_NOINTERFACE;
     }
     else if (aIID.Equals(NS_GET_IID(nsIProgressEventSink))
              || aIID.Equals(NS_GET_IID(nsIHttpEventSink))
@@ -7165,8 +7156,17 @@ nsDocShell::SetBaseUrlForWyciwyg(nsIContentViewer * aContentViewer)
 nsresult
 nsDocShell::GetAuthPrompt(PRUint32 aPromptReason, nsIAuthPrompt **aResult)
 {
+    // if this docshell is of type chrome and has a chrome URI, then do not
+    // give out an auth prompt.  NOTE: it is possible to load a non-chrome
+    // URI into a chrome docshell, so this check is important.
+    if (mCurrentURI && mItemType == typeChrome) {
+        PRBool chrome;
+        if (NS_SUCCEEDED(mCurrentURI->SchemeIs("chrome", &chrome)) && chrome)
+            return NS_ERROR_NOT_AVAILABLE;
+    }
+
     // a priority prompt request will override a false mAllowAuth setting
-    PRBool priorityPrompt = (aPromptReason == nsIAuthPromptProvider::PROMPT_PROXY);
+    PRBool priorityPrompt = (aPromptReason == PROMPT_PROXY);
 
     if (!mAllowAuth && !priorityPrompt)
         return NS_ERROR_NOT_AVAILABLE;