зеркало из https://github.com/mozilla/pjs.git
bug 662692 - mixed-content websockets should check more than https:// r=bz
This commit is contained in:
Родитель
50949ebeb2
Коммит
308a19625c
|
@ -1352,15 +1352,16 @@ nsWebSocket::Init(nsIPrincipal* aPrincipal,
|
|||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
// Don't allow https:// to open ws://
|
||||
nsCOMPtr<nsIURI> originURI;
|
||||
PRBool originHTTPS;
|
||||
if (!mSecure &&
|
||||
!Preferences::GetBool("network.websocket.allowInsecureFromHTTPS",
|
||||
PR_FALSE) &&
|
||||
NS_SUCCEEDED(NS_NewURI(getter_AddRefs(originURI), mUTF16Origin)) &&
|
||||
NS_SUCCEEDED(originURI->SchemeIs("https", &originHTTPS)) &&
|
||||
originHTTPS) {
|
||||
return NS_ERROR_DOM_SECURITY_ERR;
|
||||
PR_FALSE)) {
|
||||
// Confirmed we are opening plain ws:// and want to prevent this from a
|
||||
// secure context (e.g. https). Check the security context of the document
|
||||
// associated with this script, which is the same as associated with mOwner.
|
||||
nsCOMPtr<nsIDocument> originDoc =
|
||||
nsContentUtils::GetDocumentFromScriptContext(mScriptContext);
|
||||
if (originDoc && originDoc->GetSecurityInfo())
|
||||
return NS_ERROR_DOM_SECURITY_ERR;
|
||||
}
|
||||
|
||||
// sets the protocol
|
||||
|
|
Загрузка…
Ссылка в новой задаче