diff --git a/caps/idl/nsIPrincipal.idl b/caps/idl/nsIPrincipal.idl index 40ca46640bf..91f940b00d0 100644 --- a/caps/idl/nsIPrincipal.idl +++ b/caps/idl/nsIPrincipal.idl @@ -51,7 +51,7 @@ interface nsIURI; [ptr] native JSContext(JSContext); [ptr] native JSPrincipals(JSPrincipals); -[scriptable, uuid(7292475e-2821-4602-9d00-228476696428)] +[scriptable, uuid(635c413b-47c3-4ee1-87c8-e7919cc65f5a)] interface nsIPrincipal : nsISerializable { /** @@ -203,29 +203,6 @@ interface nsIPrincipal : nsISerializable */ [noscript] boolean subsumes(in nsIPrincipal other); - /** - * Checks whether this principal is allowed to load the network resource - * located at the given URI under the same-origin policy. This means that - * codebase principals are only allowed to load resources from the same - * domain, the system principal is allowed to load anything, and null - * principals are not allowed to load anything. - * - * If the load is allowed this function does nothing. If the load is not - * allowed the function throws NS_ERROR_DOM_BAD_URI. - * - * NOTE: Other policies might override this, such as the Access-Control - * specification. - * NOTE: The 'domain' attribute has no effect on the behaviour of this - * function. - * - * - * @param uri The URI about to be loaded. - * @param report If true, will report a warning to the console service - * if the load is not allowed. - * @throws NS_ERROR_DOM_BAD_URI if the load is not allowed. - */ - [noscript] void checkMayLoad(in nsIUri uri, in boolean report); - /** * The subject name for the certificate. This actually identifies the * subject of the certificate. This may well not be a string that would diff --git a/caps/include/nsScriptSecurityManager.h b/caps/include/nsScriptSecurityManager.h index d9d9c4278e3..d406247d536 100644 --- a/caps/include/nsScriptSecurityManager.h +++ b/caps/include/nsScriptSecurityManager.h @@ -395,18 +395,6 @@ public: JSContext* GetSafeJSContext(); - /** - * Utility method for comparing two URIs. For security purposes, two URIs - * are equivalent if their schemes, hosts, and ports (if any) match. This - * method returns true if aSubjectURI and aObjectURI have the same origin, - * false otherwise. - */ - static PRBool SecurityCompareURIs(nsIURI* aSourceURI, nsIURI* aTargetURI); - - static nsresult - ReportError(JSContext* cx, const nsAString& messageTag, - nsIURI* aSource, nsIURI* aTarget); - private: // GetScriptSecurityManager is the only call that can make one @@ -432,6 +420,10 @@ private: nsIPrincipal* doGetSubjectPrincipal(nsresult* rv); + static nsresult + ReportError(JSContext* cx, const nsAString& messageTag, + nsIURI* aSource, nsIURI* aTarget); + nsresult CheckPropertyAccessImpl(PRUint32 aAction, nsAXPCNativeCallContext* aCallContext, @@ -548,9 +540,16 @@ private: nsISecurityPref* securityPref); + /** + * Utility method for comparing two URIs. For security purposes, two URIs + * are equivalent if their schemes, hosts, and ports (if any) match. This + * method returns true if aSubjectURI and aObjectURI have the same origin, + * false otherwise. + */ + PRBool SecurityCompareURIs(nsIURI* aSourceURI, nsIURI* aTargetURI); + /* encapsulate the file comparison rules */ - static PRBool SecurityCompareFileURIs(nsIURI* aSourceURI, - nsIURI* aTargetURI); + PRBool SecurityCompareFileURIs(nsIURI* aSourceURI, nsIURI* aTargetURI); #ifdef XPC_IDISPATCH_SUPPORT // While this header is included outside of caps, this class isn't @@ -591,8 +590,7 @@ private: PRPackedBool mXPCDefaultGrantAll; static const char sXPCDefaultGrantAllName[]; #endif - - static PRInt32 sFileURIOriginPolicy; + PRInt32 mFileURIOriginPolicy; static nsIIOService *sIOService; static nsIXPConnect *sXPConnect; diff --git a/caps/src/nsNullPrincipal.cpp b/caps/src/nsNullPrincipal.cpp index 5d14413b6b5..51ec1b71ffa 100644 --- a/caps/src/nsNullPrincipal.cpp +++ b/caps/src/nsNullPrincipal.cpp @@ -49,8 +49,6 @@ #include "nsNetUtil.h" #include "nsIClassInfoImpl.h" #include "nsNetCID.h" -#include "nsDOMError.h" -#include "nsScriptSecurityManager.h" static NS_DEFINE_CID(kSimpleURICID, NS_SIMPLEURI_CID); @@ -318,17 +316,6 @@ nsNullPrincipal::Subsumes(nsIPrincipal *aOther, PRBool *aResult) return NS_OK; } -NS_IMETHODIMP -nsNullPrincipal::CheckMayLoad(nsIURI* aURI, PRBool aReport) -{ - if (aReport) { - nsScriptSecurityManager::ReportError( - nsnull, NS_LITERAL_STRING("CheckSameOriginError"), mURI, aURI); - } - - return NS_ERROR_DOM_BAD_URI; -} - NS_IMETHODIMP nsNullPrincipal::GetSubjectName(nsACString& aName) { diff --git a/caps/src/nsPrincipal.cpp b/caps/src/nsPrincipal.cpp index 38e331e83e2..f279eff7f42 100755 --- a/caps/src/nsPrincipal.cpp +++ b/caps/src/nsPrincipal.cpp @@ -54,7 +54,6 @@ #include "nsIPrefBranch.h" #include "nsIPrefService.h" #include "nsIClassInfoImpl.h" -#include "nsDOMError.h" #include "nsPrincipal.h" @@ -307,21 +306,6 @@ nsPrincipal::Subsumes(nsIPrincipal *aOther, PRBool *aResult) return Equals(aOther, aResult); } -NS_IMETHODIMP -nsPrincipal::CheckMayLoad(nsIURI* aURI, PRBool aReport) -{ - if (!nsScriptSecurityManager::SecurityCompareURIs(mCodebase, aURI)) { - if (aReport) { - nsScriptSecurityManager::ReportError( - nsnull, NS_LITERAL_STRING("CheckSameOriginError"), mCodebase, aURI); - } - - return NS_ERROR_DOM_BAD_URI; - } - - return NS_OK; -} - NS_IMETHODIMP nsPrincipal::CanEnableCapability(const char *capability, PRInt16 *result) { diff --git a/caps/src/nsScriptSecurityManager.cpp b/caps/src/nsScriptSecurityManager.cpp index 00c87959fad..a6053de2318 100644 --- a/caps/src/nsScriptSecurityManager.cpp +++ b/caps/src/nsScriptSecurityManager.cpp @@ -98,7 +98,6 @@ nsIIOService *nsScriptSecurityManager::sIOService = nsnull; nsIXPConnect *nsScriptSecurityManager::sXPConnect = nsnull; nsIStringBundle *nsScriptSecurityManager::sStrBundle = nsnull; JSRuntime *nsScriptSecurityManager::sRuntime = 0; -PRInt32 nsScriptSecurityManager::sFileURIOriginPolicy = FILEURI_SOP_SELF; // Info we need about the JSClasses used by XPConnects wrapped // natives, to avoid having to QI to nsIXPConnectWrappedNative all the @@ -278,7 +277,6 @@ nsScriptSecurityManager::GetSafeJSContext() return cx; } -/* static */ PRBool nsScriptSecurityManager::SecurityCompareURIs(nsIURI* aSourceURI, nsIURI* aTargetURI) @@ -380,7 +378,7 @@ nsScriptSecurityManager::SecurityCompareFileURIs(nsIURI* aSourceURI, nsIURI* aTargetURI) { // in traditional unsafe behavior all files are the same origin - if (sFileURIOriginPolicy == FILEURI_SOP_TRADITIONAL) + if (mFileURIOriginPolicy == FILEURI_SOP_TRADITIONAL) return PR_TRUE; @@ -389,7 +387,7 @@ nsScriptSecurityManager::SecurityCompareFileURIs(nsIURI* aSourceURI, PRBool filesAreEqual = PR_FALSE; if (NS_FAILED( aSourceURI->Equals(aTargetURI, &filesAreEqual) )) return PR_FALSE; - if (filesAreEqual || sFileURIOriginPolicy == FILEURI_SOP_SELF) + if (filesAreEqual || mFileURIOriginPolicy == FILEURI_SOP_SELF) return filesAreEqual; @@ -408,7 +406,7 @@ nsScriptSecurityManager::SecurityCompareFileURIs(nsIURI* aSourceURI, // For policy ANYFILE we're done - if (sFileURIOriginPolicy == FILEURI_SOP_ANYFILE) + if (mFileURIOriginPolicy == FILEURI_SOP_ANYFILE) return PR_TRUE; @@ -427,7 +425,7 @@ nsScriptSecurityManager::SecurityCompareFileURIs(nsIURI* aSourceURI, } // check remaining policies - if (sFileURIOriginPolicy == FILEURI_SOP_SAMEDIR) + if (mFileURIOriginPolicy == FILEURI_SOP_SAMEDIR) { // file: URIs in the same directory have the same origin PRBool sameParent = PR_FALSE; @@ -438,7 +436,7 @@ nsScriptSecurityManager::SecurityCompareFileURIs(nsIURI* aSourceURI, return sameParent; } - if (sFileURIOriginPolicy == FILEURI_SOP_SUBDIR) + if (mFileURIOriginPolicy == FILEURI_SOP_SUBDIR) { // file: URIs can access files in the same or lower directories PRBool isChild = PR_FALSE; @@ -3261,10 +3259,11 @@ nsScriptSecurityManager::nsScriptSecurityManager(void) mIsJavaScriptEnabled(PR_FALSE), mIsMailJavaScriptEnabled(PR_FALSE), mIsWritingPrefs(PR_FALSE), - mPolicyPrefsChanged(PR_TRUE) + mPolicyPrefsChanged(PR_TRUE), #ifdef XPC_IDISPATCH_SUPPORT - , mXPCDefaultGrantAll(PR_FALSE) + mXPCDefaultGrantAll(PR_FALSE), #endif + mFileURIOriginPolicy(FILEURI_SOP_SELF) { NS_ASSERTION(sizeof(long) == sizeof(void*), "long and void* have different lengths on this platform. This may cause a security failure."); mPrincipals.Init(31); @@ -3878,7 +3877,7 @@ nsScriptSecurityManager::ScriptSecurityPrefChanged() PRInt32 policy; rv = mSecurityPref->SecurityGetIntPref(sFileOriginPolicyPrefName, &policy); - sFileURIOriginPolicy = NS_SUCCEEDED(rv) ? policy : FILEURI_SOP_SELF; + mFileURIOriginPolicy = NS_SUCCEEDED(rv) ? policy : FILEURI_SOP_SELF; #ifdef XPC_IDISPATCH_SUPPORT rv = mSecurityPref->SecurityGetBoolPref(sXPCDefaultGrantAllName, &temp); diff --git a/caps/src/nsSystemPrincipal.cpp b/caps/src/nsSystemPrincipal.cpp index 7673e85467c..e384742dd58 100644 --- a/caps/src/nsSystemPrincipal.cpp +++ b/caps/src/nsSystemPrincipal.cpp @@ -115,12 +115,6 @@ nsSystemPrincipal::Subsumes(nsIPrincipal *other, PRBool *result) return NS_OK; } -NS_IMETHODIMP -nsSystemPrincipal::CheckMayLoad(nsIURI* uri, PRBool aReport) -{ - return NS_OK; -} - NS_IMETHODIMP nsSystemPrincipal::GetHashValue(PRUint32 *result) { diff --git a/content/base/public/nsISyncLoadDOMService.idl b/content/base/public/nsISyncLoadDOMService.idl index 8fa28b1c1e6..b7e4ff2e8ad 100644 --- a/content/base/public/nsISyncLoadDOMService.idl +++ b/content/base/public/nsISyncLoadDOMService.idl @@ -39,7 +39,6 @@ #include "nsISupports.idl" interface nsIURI; -interface nsIPrincipal; interface nsIDOMDocument; interface nsIChannel; @@ -47,14 +46,10 @@ interface nsIChannel; * * * **** NOTICE **** * * * - * * - * This interface is DEPRECATED! * - * You should instead use XMLHttpRequest which now works both from * - * Javascript and C++. * - * * - * Additionally, synchronous network loads are evil. Any delays * - * from the server will appear as a hang in the mozilla UI. * - * Therefore, they should be avoided as much as possible. * + * nsISyncLoadDOMService defines synchronous methods to download * + * data from the network. Any delays from the server will * + * appear as a hang in the mozilla UI. Therefore, this interface * + * should be avoided as much as possible. * * * * Don't make me come over there!! * * * @@ -66,34 +61,33 @@ interface nsIChannel; * a document. */ -[scriptable, uuid(8095998d-ae1c-4cfa-9b43-0973e5d77eb0)] +[scriptable, uuid(2ae03836-0704-45c9-a545-4169548c0669)] interface nsISyncLoadDOMService : nsISupports { /** * Synchronously load the document from the specified channel. * * @param aChannel The channel to load the document from. - * @param aLoaderPrincipal Principal of loading document. For security - * checks null if no securitychecks should be done + * @param aLoaderURI URI of loading document. For security checks + * null if no securitychecks should be done * * @returns The document loaded from the URI. */ - nsIDOMDocument loadDocument(in nsIChannel aChannel, - in nsIPrincipal aLoaderPrincipal); + nsIDOMDocument loadDocument(in nsIChannel aChannel, in nsIURI aLoaderURI); nsIDOMDocument loadDocumentAsXML(in nsIChannel aChannel, - in nsIPrincipal aLoaderPrincipal); + in nsIURI aLoaderURI); /** * Synchronously load an XML document from the specified * channel. The channel must be possible to open synchronously. * * @param aChannel The channel to load the document from. - * @param aLoaderPrincipal Principal of loading document. For security - * checks null if no securitychecks should be done + * @param aLoaderURI URI of loading document. For security checks + * null if no securitychecks should be done * * @returns The document loaded from the URI. */ nsIDOMDocument loadLocalDocument(in nsIChannel aChannel, - in nsIPrincipal aLoaderPrincipal); + in nsIURI aLoaderURI); }; diff --git a/content/base/src/nsContentSink.cpp b/content/base/src/nsContentSink.cpp index ee1c02a1043..1b8ae95d9ac 100644 --- a/content/base/src/nsContentSink.cpp +++ b/content/base/src/nsContentSink.cpp @@ -866,7 +866,8 @@ nsContentSink::ProcessOfflineManifest(nsIContent *aElement) } // Documents must list a manifest from the same origin - nsresult rv = mDocument->NodePrincipal()->CheckMayLoad(manifestURI, PR_TRUE); + nsresult rv = nsContentUtils::GetSecurityManager()-> + CheckSameOriginURI(manifestURI, mDocumentURI, PR_TRUE); if (NS_FAILED(rv)) { return; } diff --git a/content/base/src/nsContentUtils.cpp b/content/base/src/nsContentUtils.cpp index 8dcdb1562be..d34ce7e1a3e 100644 --- a/content/base/src/nsContentUtils.cpp +++ b/content/base/src/nsContentUtils.cpp @@ -3834,7 +3834,10 @@ nsContentUtils::CheckSecurityBeforeLoad(nsIURI* aURIToLoad, return NS_OK; } - return aLoadingPrincipal->CheckMayLoad(aURIToLoad, PR_TRUE); + nsCOMPtr loadingURI; + rv = aLoadingPrincipal->GetURI(getter_AddRefs(loadingURI)); + NS_ENSURE_SUCCESS(rv, rv); + return sSecurityManager->CheckSameOriginURI(loadingURI, aURIToLoad, PR_TRUE); } /* static */ diff --git a/content/base/src/nsCrossSiteListenerProxy.cpp b/content/base/src/nsCrossSiteListenerProxy.cpp index 7110626d539..04ac993db1e 100644 --- a/content/base/src/nsCrossSiteListenerProxy.cpp +++ b/content/base/src/nsCrossSiteListenerProxy.cpp @@ -51,29 +51,18 @@ #include "nsParserUtils.h" #include "nsGkAtoms.h" #include "nsWhitespaceTokenizer.h" -#include "nsIChannelEventSink.h" static NS_DEFINE_CID(kCParserCID, NS_PARSER_CID); -NS_IMPL_ISUPPORTS7(nsCrossSiteListenerProxy, nsIStreamListener, +NS_IMPL_ISUPPORTS5(nsCrossSiteListenerProxy, nsIStreamListener, nsIRequestObserver, nsIContentSink, nsIXMLContentSink, - nsIExpatSink, nsIChannelEventSink, nsIInterfaceRequestor) + nsIExpatSink) nsCrossSiteListenerProxy::nsCrossSiteListenerProxy(nsIStreamListener* aOuter, - nsIPrincipal* aRequestingPrincipal, - nsIChannel* aChannel, - nsresult* aResult) - : mOuterListener(aOuter), - mRequestingPrincipal(aRequestingPrincipal), - mAcceptState(eNotSet), - mHasForwardedRequest(PR_FALSE), - mHasBeenCrossSite(PR_FALSE) + nsIPrincipal* aRequestingPrincipal) + : mOuter(aOuter), mAcceptState(eNotSet), mHasForwardedRequest(PR_FALSE) { aRequestingPrincipal->GetURI(getter_AddRefs(mRequestingURI)); - aChannel->GetNotificationCallbacks(getter_AddRefs(mOuterNotificationCallbacks)); - aChannel->SetNotificationCallbacks(this); - - *aResult = UpdateChannel(aChannel); } nsresult @@ -94,14 +83,13 @@ nsCrossSiteListenerProxy::ForwardRequest(PRBool aFromStop) if (mAcceptState != eAccept) { mAcceptState = eDeny; mOuterRequest->Cancel(NS_ERROR_DOM_BAD_URI); - mOuterListener->OnStartRequest(mOuterRequest, mOuterContext); + mOuter->OnStartRequest(mOuterRequest, mOuterContext); // Only call OnStopRequest here if we were called from OnStopRequest. // Otherwise the call to Cancel will make us get an OnStopRequest later // so we'll forward OnStopRequest then. if (aFromStop) { - mOuterListener->OnStopRequest(mOuterRequest, mOuterContext, - NS_ERROR_DOM_BAD_URI); + mOuter->OnStopRequest(mOuterRequest, mOuterContext, NS_ERROR_DOM_BAD_URI); } // Clear this data just in case since it should never be forwarded. @@ -110,7 +98,7 @@ nsCrossSiteListenerProxy::ForwardRequest(PRBool aFromStop) return NS_ERROR_DOM_BAD_URI; } - nsresult rv = mOuterListener->OnStartRequest(mOuterRequest, mOuterContext); + nsresult rv = mOuter->OnStartRequest(mOuterRequest, mOuterContext); NS_ENSURE_SUCCESS(rv, rv); if (!mStoredData.IsEmpty()) { @@ -118,8 +106,8 @@ nsCrossSiteListenerProxy::ForwardRequest(PRBool aFromStop) rv = NS_NewCStringInputStream(getter_AddRefs(stream), mStoredData); NS_ENSURE_SUCCESS(rv, rv); - rv = mOuterListener->OnDataAvailable(mOuterRequest, mOuterContext, stream, - 0, mStoredData.Length()); + rv = mOuter->OnDataAvailable(mOuterRequest, mOuterContext, stream, 0, + mStoredData.Length()); NS_ENSURE_SUCCESS(rv, rv); } @@ -149,8 +137,9 @@ nsCrossSiteListenerProxy::OnStartRequest(nsIRequest* aRequest, } nsCOMPtr finalURI; channel->GetURI(getter_AddRefs(finalURI)); - - if (!mHasBeenCrossSite) { + rv = nsContentUtils::GetSecurityManager()-> + CheckSameOriginURI(mRequestingURI, finalURI, PR_FALSE); + if (NS_SUCCEEDED(rv)) { mAcceptState = eAccept; return ForwardRequest(PR_FALSE); } @@ -258,7 +247,7 @@ nsCrossSiteListenerProxy::OnStopRequest(nsIRequest* aRequest, nsresult aStatusCode) { if (mHasForwardedRequest) { - return mOuterListener->OnStopRequest(aRequest, aContext, aStatusCode); + return mOuter->OnStopRequest(aRequest, aContext, aStatusCode); } mAcceptState = eDeny; @@ -292,8 +281,8 @@ nsCrossSiteListenerProxy::OnDataAvailable(nsIRequest* aRequest, if (mAcceptState != eAccept) { return NS_ERROR_DOM_BAD_URI; } - return mOuterListener->OnDataAvailable(aRequest, aContext, aInputStream, - aOffset, aCount); + return mOuter->OnDataAvailable(aRequest, aContext, aInputStream, aOffset, + aCount); } NS_ASSERTION(mStoredData.Length() == aOffset, @@ -877,88 +866,37 @@ nsCrossSiteListenerProxy::VerifyAndMatchDomainPattern(const nsACString& aPattern (!patternHasWild || reqPos >= 1); } -NS_IMETHODIMP -nsCrossSiteListenerProxy::GetInterface(const nsIID & aIID, void **aResult) -{ - if (aIID.Equals(NS_GET_IID(nsIChannelEventSink))) { - *aResult = static_cast(this); - NS_ADDREF_THIS(); - - return NS_OK; - } - - return mOuterNotificationCallbacks ? - mOuterNotificationCallbacks->GetInterface(aIID, aResult) : - NS_ERROR_NO_INTERFACE; -} - -NS_IMETHODIMP -nsCrossSiteListenerProxy::OnChannelRedirect(nsIChannel *aOldChannel, - nsIChannel *aNewChannel, - PRUint32 aFlags) -{ - nsresult rv; - nsCOMPtr outer = - do_GetInterface(mOuterNotificationCallbacks); - if (outer) { - rv = outer->OnChannelRedirect(aOldChannel, aNewChannel, aFlags); - NS_ENSURE_SUCCESS(rv, rv); - } - - return UpdateChannel(aNewChannel); -} - +/* static */ nsresult -nsCrossSiteListenerProxy::UpdateChannel(nsIChannel* aChannel) +nsCrossSiteListenerProxy::AddRequestHeaders(nsIChannel* aChannel, + nsIPrincipal* aRequestingPrincipal) { + // Once bug 386823 is fixed this could just be an assertion. + NS_ENSURE_TRUE(aRequestingPrincipal, NS_ERROR_FAILURE); + + // Work out the requesting URI nsCOMPtr uri; - nsresult rv = aChannel->GetURI(getter_AddRefs(uri)); + nsresult rv = aRequestingPrincipal->GetURI(getter_AddRefs(uri)); NS_ENSURE_SUCCESS(rv, rv); - // Check that the uri is ok to load - rv = nsContentUtils::GetSecurityManager()-> - CheckLoadURIWithPrincipal(mRequestingPrincipal, uri, - nsIScriptSecurityManager::STANDARD); + nsCString scheme, host; + rv = uri->GetScheme(scheme); NS_ENSURE_SUCCESS(rv, rv); - if (!mHasBeenCrossSite && - NS_SUCCEEDED(mRequestingPrincipal->CheckMayLoad(uri, PR_FALSE))) { - return NS_OK; - } - - nsCString userpass; - uri->GetUserPass(userpass); - NS_ENSURE_TRUE(userpass.IsEmpty(), NS_ERROR_DOM_BAD_URI); - - // It's a cross site load - mHasBeenCrossSite = PR_TRUE; - - // Work out the Referer-Root header - nsCString root, host; - rv = mRequestingURI->GetAsciiHost(host); + rv = uri->GetAsciiHost(host); NS_ENSURE_SUCCESS(rv, rv); - if (!host.IsEmpty()) { - nsCString scheme; - rv = mRequestingURI->GetScheme(scheme); - NS_ENSURE_SUCCESS(rv, rv); - - root = scheme + NS_LITERAL_CSTRING("://") + host; - - // If needed, append the port - PRInt32 port; - mRequestingURI->GetPort(&port); - if (port != -1) { - PRInt32 defaultPort = NS_GetDefaultPort(scheme.get()); - if (port != defaultPort) { - root.Append(":"); - root.AppendInt(port); - } + nsCString root = scheme + NS_LITERAL_CSTRING("://") + host; + // Append the port + PRInt32 port; + uri->GetPort(&port); + if (port != -1) { + PRInt32 defaultPort = NS_GetDefaultPort(scheme.get()); + if (port != defaultPort) { + root.Append(":"); + root.AppendInt(port); } } - else { - root.AssignLiteral("null"); - } // Now add the access-control-origin header nsCOMPtr http = do_QueryInterface(aChannel); diff --git a/content/base/src/nsCrossSiteListenerProxy.h b/content/base/src/nsCrossSiteListenerProxy.h index 1d26167d799..237fc53e7c1 100644 --- a/content/base/src/nsCrossSiteListenerProxy.h +++ b/content/base/src/nsCrossSiteListenerProxy.h @@ -44,8 +44,6 @@ #include "nsIContentSink.h" #include "nsIXMLContentSink.h" #include "nsIExpatSink.h" -#include "nsIInterfaceRequestor.h" -#include "nsIChannelEventSink.h" class nsIURI; class nsIParser; @@ -53,22 +51,19 @@ class nsIPrincipal; class nsCrossSiteListenerProxy : public nsIStreamListener, public nsIXMLContentSink, - public nsIExpatSink, - public nsIInterfaceRequestor, - public nsIChannelEventSink + public nsIExpatSink { public: nsCrossSiteListenerProxy(nsIStreamListener* aOuter, - nsIPrincipal* aRequestingPrincipal, - nsIChannel* aChannel, - nsresult* aResult); - + nsIPrincipal* aRequestingPrincipal); + NS_DECL_ISUPPORTS NS_DECL_NSIREQUESTOBSERVER NS_DECL_NSISTREAMLISTENER NS_DECL_NSIEXPATSINK - NS_DECL_NSIINTERFACEREQUESTOR - NS_DECL_NSICHANNELEVENTSINK + + static nsresult AddRequestHeaders(nsIChannel* aChannel, + nsIPrincipal* aRequestingPrincipal); // nsIContentSink NS_IMETHOD WillTokenize(void) { return NS_OK; } @@ -82,21 +77,18 @@ public: virtual nsISupports *GetTarget() { return nsnull; } private: - nsresult UpdateChannel(nsIChannel* aChannel); nsresult ForwardRequest(PRBool aCallStop); PRBool MatchPatternList(const char*& aIter, const char* aEnd); void CheckHeader(const nsCString& aHeader); PRBool VerifyAndMatchDomainPattern(const nsACString& aDomainPattern); - nsCOMPtr mOuterListener; + nsCOMPtr mOuter; nsCOMPtr mOuterRequest; nsCOMPtr mOuterContext; nsCOMPtr mParserListener; nsCOMPtr mParser; nsCOMPtr mRequestingURI; - nsCOMPtr mRequestingPrincipal; - nsCOMPtr mOuterNotificationCallbacks; nsTArray mReqSubdomains; nsCString mStoredData; enum { @@ -105,5 +97,4 @@ private: eNotSet } mAcceptState; PRBool mHasForwardedRequest; - PRBool mHasBeenCrossSite; }; diff --git a/content/base/src/nsSyncLoadService.cpp b/content/base/src/nsSyncLoadService.cpp index 5a5172f7392..d46568c1d87 100644 --- a/content/base/src/nsSyncLoadService.cpp +++ b/content/base/src/nsSyncLoadService.cpp @@ -59,7 +59,6 @@ #include "nsAutoPtr.h" #include "nsLoadListenerProxy.h" #include "nsStreamUtils.h" -#include "nsCrossSiteListenerProxy.h" /** * This class manages loading a single XML document @@ -75,7 +74,7 @@ public: NS_DECL_ISUPPORTS - nsresult LoadDocument(nsIChannel* aChannel, nsIPrincipal *aLoaderPrincipal, + nsresult LoadDocument(nsIChannel* aChannel, nsIURI *aLoaderURI, PRBool aChannelIsSync, PRBool aForceToXML, nsIDOMDocument** aResult); @@ -163,7 +162,7 @@ NS_IMPL_ISUPPORTS4(nsSyncLoader, nsresult nsSyncLoader::LoadDocument(nsIChannel* aChannel, - nsIPrincipal *aLoaderPrincipal, + nsIURI *aLoaderURI, PRBool aChannelIsSync, PRBool aForceToXML, nsIDOMDocument **aResult) @@ -172,26 +171,32 @@ nsSyncLoader::LoadDocument(nsIChannel* aChannel, *aResult = nsnull; nsresult rv = NS_OK; - nsCOMPtr loaderUri; - if (aLoaderPrincipal) { - aLoaderPrincipal->GetURI(getter_AddRefs(loaderUri)); - } - mChannel = aChannel; nsCOMPtr http = do_QueryInterface(mChannel); if (http) { http->SetRequestHeader(NS_LITERAL_CSTRING("Accept"), NS_LITERAL_CSTRING("text/xml,application/xml,application/xhtml+xml,*/*;q=0.1"), PR_FALSE); - if (loaderUri) { - http->SetReferrer(loaderUri); + if (aLoaderURI) { + http->SetReferrer(aLoaderURI); } } - // Hook us up to listen to redirects and the like. - // Do this before setting up the cross-site proxy since - // that installs its own proxies. - mChannel->SetNotificationCallbacks(this); + if (aLoaderURI) { + nsCOMPtr docURI; + rv = aChannel->GetOriginalURI(getter_AddRefs(docURI)); + NS_ENSURE_SUCCESS(rv, rv); + + nsIScriptSecurityManager *securityManager = + nsContentUtils::GetSecurityManager(); + + rv = securityManager->CheckLoadURI(aLoaderURI, docURI, + nsIScriptSecurityManager::STANDARD); + NS_ENSURE_SUCCESS(rv, rv); + + rv = securityManager->CheckSameOriginURI(aLoaderURI, docURI, PR_TRUE); + NS_ENSURE_SUCCESS(rv, rv); + } // Get the loadgroup of the channel nsCOMPtr loadGroup; @@ -218,13 +223,6 @@ nsSyncLoader::LoadDocument(nsIChannel* aChannel, listener.swap(forceListener); } - if (aLoaderPrincipal) { - listener = new nsCrossSiteListenerProxy(listener, aLoaderPrincipal, - mChannel, &rv); - NS_ENSURE_TRUE(listener, NS_ERROR_OUT_OF_MEMORY); - NS_ENSURE_SUCCESS(rv, rv); - } - // Register as a load listener on the document nsCOMPtr target = do_QueryInterface(document); NS_ENSURE_TRUE(target, NS_ERROR_FAILURE); @@ -272,6 +270,9 @@ nsSyncLoader::LoadDocument(nsIChannel* aChannel, nsresult nsSyncLoader::PushAsyncStream(nsIStreamListener* aListener) { + // Hook us up to listen to redirects and the like + mChannel->SetNotificationCallbacks(this); + // Start reading from the channel nsresult rv = mChannel->AsyncOpen(aListener, nsnull); @@ -366,6 +367,20 @@ nsSyncLoader::OnChannelRedirect(nsIChannel *aOldChannel, { NS_PRECONDITION(aNewChannel, "Redirecting to null channel?"); + nsCOMPtr oldURI; + nsresult rv = aOldChannel->GetURI(getter_AddRefs(oldURI)); // The original URI + NS_ENSURE_SUCCESS(rv, rv); + + nsCOMPtr newURI; + rv = aNewChannel->GetURI(getter_AddRefs(newURI)); // The new URI + NS_ENSURE_SUCCESS(rv, rv); + + nsIScriptSecurityManager *securityManager = + nsContentUtils::GetSecurityManager(); + + rv = securityManager->CheckSameOriginURI(oldURI, newURI, PR_TRUE); + NS_ENSURE_SUCCESS(rv, rv); + mChannel = aNewChannel; return NS_OK; @@ -382,49 +397,42 @@ NS_IMPL_ISUPPORTS1(nsSyncLoadService, nsISyncLoadDOMService) static nsresult -LoadFromChannel(nsIChannel* aChannel, nsIPrincipal *aLoaderPrincipal, - PRBool aChannelIsSync, PRBool aForceToXML, - nsIDOMDocument** aResult) +LoadFromChannel(nsIChannel* aChannel, nsIURI *aLoaderURI, PRBool aChannelIsSync, + PRBool aForceToXML, nsIDOMDocument** aResult) { nsRefPtr loader = new nsSyncLoader(); if (!loader) { return NS_ERROR_OUT_OF_MEMORY; } - return loader->LoadDocument(aChannel, aLoaderPrincipal, aChannelIsSync, + return loader->LoadDocument(aChannel, aLoaderURI, aChannelIsSync, aForceToXML, aResult); } NS_IMETHODIMP -nsSyncLoadService::LoadDocument(nsIChannel* aChannel, - nsIPrincipal* aLoaderPrincipal, +nsSyncLoadService::LoadDocument(nsIChannel* aChannel, nsIURI* aLoaderURI, nsIDOMDocument** aResult) { - return LoadFromChannel(aChannel, aLoaderPrincipal, PR_FALSE, PR_FALSE, - aResult); + return LoadFromChannel(aChannel, aLoaderURI, PR_FALSE, PR_FALSE, aResult); } NS_IMETHODIMP -nsSyncLoadService::LoadDocumentAsXML(nsIChannel* aChannel, - nsIPrincipal* aLoaderPrincipal, +nsSyncLoadService::LoadDocumentAsXML(nsIChannel* aChannel, nsIURI* aLoaderURI, nsIDOMDocument** aResult) { - return LoadFromChannel(aChannel, aLoaderPrincipal, PR_FALSE, PR_TRUE, - aResult); + return LoadFromChannel(aChannel, aLoaderURI, PR_FALSE, PR_TRUE, aResult); } NS_IMETHODIMP -nsSyncLoadService::LoadLocalDocument(nsIChannel* aChannel, - nsIPrincipal* aLoaderPrincipal, +nsSyncLoadService::LoadLocalDocument(nsIChannel* aChannel, nsIURI* aLoaderURI, nsIDOMDocument** aResult) { - return LoadFromChannel(aChannel, aLoaderPrincipal, PR_TRUE, PR_TRUE, - aResult); + return LoadFromChannel(aChannel, aLoaderURI, PR_TRUE, PR_TRUE, aResult); } /* static */ nsresult -nsSyncLoadService::LoadDocument(nsIURI *aURI, nsIPrincipal *aLoaderPrincipal, +nsSyncLoadService::LoadDocument(nsIURI *aURI, nsIURI *aLoaderURI, nsILoadGroup *aLoadGroup, PRBool aForceToXML, nsIDOMDocument** aResult) { @@ -443,8 +451,7 @@ nsSyncLoadService::LoadDocument(nsIURI *aURI, nsIPrincipal *aLoaderPrincipal, (NS_SUCCEEDED(aURI->SchemeIs("resource", &isResource)) && isResource); - return LoadFromChannel(channel, aLoaderPrincipal, isSync, aForceToXML, - aResult); + return LoadFromChannel(channel, aLoaderURI, isSync, aForceToXML, aResult); } /* static */ diff --git a/content/base/src/nsSyncLoadService.h b/content/base/src/nsSyncLoadService.h index d7c3b87f648..137aa8b58be 100644 --- a/content/base/src/nsSyncLoadService.h +++ b/content/base/src/nsSyncLoadService.h @@ -60,15 +60,15 @@ public: * Synchronously load the document from the specified URI. * * @param aURI URI to load the document from. - * @param aLoaderPrincipal Principal of loading document. For security - * checks and referrer header. May be null if no - * security checks should be done. + * @param aLoaderURI URI of loading document. For security checks and + * referrer header. May be null if no security checks + * should be done. * @param aLoadGroup The loadgroup to use for loading the document. * @param aForceToXML Whether to parse the document as XML, regardless of * content type. * @param aResult [out] The document loaded from the URI. */ - static nsresult LoadDocument(nsIURI *aURI, nsIPrincipal *aLoaderPrincipal, + static nsresult LoadDocument(nsIURI *aURI, nsIURI *aLoaderURI, nsILoadGroup *aLoadGroup, PRBool aForceToXML, nsIDOMDocument** aResult); diff --git a/content/base/src/nsXMLHttpRequest.cpp b/content/base/src/nsXMLHttpRequest.cpp index 8f7a4e11353..735aedbb53e 100644 --- a/content/base/src/nsXMLHttpRequest.cpp +++ b/content/base/src/nsXMLHttpRequest.cpp @@ -1416,7 +1416,7 @@ nsXMLHttpRequest::CheckChannelForCrossSiteRequest() // The request is now cross-site, so update flag. mState |= XML_HTTP_REQUEST_USE_XSITE_AC; - // Remove dangerous headers + // Remove dangerous headers and set XMLHttpRequest-Security-Check nsCOMPtr http = do_QueryInterface(mChannel); if (http) { PRUint32 i; @@ -1426,7 +1426,17 @@ nsXMLHttpRequest::CheckChannelForCrossSiteRequest() mExtraRequestHeaders.Clear(); } - return NS_OK; + // Cancel if username/password is supplied to avoid brute-force password + // hacking + nsCOMPtr channelURI; + nsresult rv = mChannel->GetURI(getter_AddRefs(channelURI)); + NS_ENSURE_SUCCESS(rv, rv); + + nsCString userpass; + channelURI->GetUserPass(userpass); + NS_ENSURE_TRUE(userpass.IsEmpty(), NS_ERROR_DOM_BAD_URI); + + return nsCrossSiteListenerProxy::AddRequestHeaders(mChannel, mPrincipal); } /* noscript void openRequest (in AUTF8String method, in AUTF8String url, in boolean async, in AString user, in AString password); */ @@ -1580,6 +1590,8 @@ nsXMLHttpRequest::OpenRequest(const nsACString& method, nsnull, loadFlags); NS_ENSURE_SUCCESS(rv, rv); + rv = nsCrossSiteListenerProxy::AddRequestHeaders(mACGetChannel, mPrincipal); + nsCOMPtr acHttp = do_QueryInterface(mACGetChannel); NS_ASSERTION(acHttp, "Failed to QI to nsIHttpChannel!"); @@ -2278,10 +2290,8 @@ nsXMLHttpRequest::Send(nsIVariant *aBody) if (!(mState & XML_HTTP_REQUEST_XSITEENABLED)) { // Always create a nsCrossSiteListenerProxy here even if it's // a same-origin request right now, since it could be redirected. - listener = new nsCrossSiteListenerProxy(listener, mPrincipal, mChannel, - &rv); + listener = new nsCrossSiteListenerProxy(listener, mPrincipal); NS_ENSURE_TRUE(listener, NS_ERROR_OUT_OF_MEMORY); - NS_ENSURE_SUCCESS(rv, rv); } // Bypass the network cache in cases where it makes no sense: @@ -2318,10 +2328,8 @@ nsXMLHttpRequest::Send(nsIVariant *aBody) new nsACProxyListener(mChannel, listener, nsnull, mPrincipal, method); NS_ENSURE_TRUE(acListener, NS_ERROR_OUT_OF_MEMORY); - listener = new nsCrossSiteListenerProxy(acListener, mPrincipal, - mACGetChannel, &rv); + listener = new nsCrossSiteListenerProxy(acListener, mPrincipal); NS_ENSURE_TRUE(listener, NS_ERROR_OUT_OF_MEMORY); - NS_ENSURE_SUCCESS(rv, rv); rv = mACGetChannel->AsyncOpen(listener, nsnull); } diff --git a/content/xml/document/src/nsXMLContentSink.cpp b/content/xml/document/src/nsXMLContentSink.cpp index dd058b52e8b..582dbaa8cbb 100644 --- a/content/xml/document/src/nsXMLContentSink.cpp +++ b/content/xml/document/src/nsXMLContentSink.cpp @@ -771,6 +771,9 @@ nsXMLContentSink::ProcessStyleLink(nsIContent* aElement, nsIScriptSecurityManager::ALLOW_CHROME); NS_ENSURE_SUCCESS(rv, NS_OK); + rv = secMan->CheckSameOriginURI(mDocumentURI, url, PR_TRUE); + NS_ENSURE_SUCCESS(rv, NS_OK); + // Do content policy check PRInt16 decision = nsIContentPolicy::ACCEPT; rv = NS_CheckContentLoadPolicy(nsIContentPolicy::TYPE_STYLESHEET, diff --git a/content/xml/document/src/nsXMLDocument.cpp b/content/xml/document/src/nsXMLDocument.cpp index bb67975a04f..267543188ec 100644 --- a/content/xml/document/src/nsXMLDocument.cpp +++ b/content/xml/document/src/nsXMLDocument.cpp @@ -378,9 +378,6 @@ nsXMLDocument::Load(const nsAString& aUrl, PRBool *aReturn) // changing the principal of this document. nsIScriptSecurityManager *secMan = nsContentUtils::GetSecurityManager(); - // Enforce same-origin even for chrome loaders to avoid someone accidentally - // using a document that content has a reference to and turn that into a - // chrome document. if (codebase) { rv = secMan->CheckSameOriginURI(codebase, uri, PR_FALSE); diff --git a/content/xslt/src/xml/txXMLParser.cpp b/content/xslt/src/xml/txXMLParser.cpp index c6b94985115..f951d383bb9 100644 --- a/content/xslt/src/xml/txXMLParser.cpp +++ b/content/xslt/src/xml/txXMLParser.cpp @@ -100,15 +100,18 @@ txParseDocumentFromURI(const nsAString& aHref, const txXPathNode& aLoader, nsCOMPtr loadGroup = loaderDocument->GetDocumentLoadGroup(); + nsCOMPtr loaderUri; + rv = loaderDocument->NodePrincipal()->GetURI(getter_AddRefs(loaderUri)); + NS_ENSURE_SUCCESS(rv, rv); + // For the system principal loaderUri will be null here, which is good // since that means that chrome documents can load any uri. // Raw pointer, we want the resulting txXPathNode to hold a reference to // the document. nsIDOMDocument* theDocument = nsnull; - rv = nsSyncLoadService::LoadDocument(documentURI, - loaderDocument->NodePrincipal(), - loadGroup, PR_TRUE, &theDocument); + rv = nsSyncLoadService::LoadDocument(documentURI, loaderUri, loadGroup, + PR_TRUE, &theDocument); if (NS_FAILED(rv)) { aErrMsg.Append(NS_LITERAL_STRING("Document load of ") + diff --git a/content/xslt/src/xslt/txMozillaStylesheetCompiler.cpp b/content/xslt/src/xslt/txMozillaStylesheetCompiler.cpp index 8f88c900584..b87a8f0040d 100644 --- a/content/xslt/src/xslt/txMozillaStylesheetCompiler.cpp +++ b/content/xslt/src/xslt/txMozillaStylesheetCompiler.cpp @@ -70,8 +70,6 @@ #include "nsAttrName.h" #include "nsIScriptError.h" #include "nsIURL.h" -#include "nsCrossSiteListenerProxy.h" -#include "nsDOMError.h" static NS_DEFINE_CID(kCParserCID, NS_PARSER_CID); @@ -96,6 +94,7 @@ getSpec(nsIChannel* aChannel, nsAString& aSpec) class txStylesheetSink : public nsIXMLContentSink, public nsIExpatSink, public nsIStreamListener, + public nsIChannelEventSink, public nsIInterfaceRequestor { public: @@ -105,6 +104,7 @@ public: NS_DECL_NSIEXPATSINK NS_DECL_NSISTREAMLISTENER NS_DECL_NSIREQUESTOBSERVER + NS_DECL_NSICHANNELEVENTSINK NS_DECL_NSIINTERFACEREQUESTOR // nsIContentSink @@ -136,12 +136,13 @@ txStylesheetSink::txStylesheetSink(txStylesheetCompiler* aCompiler, mListener = do_QueryInterface(aParser); } -NS_IMPL_ISUPPORTS6(txStylesheetSink, +NS_IMPL_ISUPPORTS7(txStylesheetSink, nsIXMLContentSink, nsIContentSink, nsIExpatSink, nsIStreamListener, nsIRequestObserver, + nsIChannelEventSink, nsIInterfaceRequestor) NS_IMETHODIMP @@ -373,6 +374,29 @@ txStylesheetSink::OnStopRequest(nsIRequest *aRequest, nsISupports *aContext, return rv; } +NS_IMETHODIMP +txStylesheetSink::OnChannelRedirect(nsIChannel *aOldChannel, + nsIChannel *aNewChannel, + PRUint32 aFlags) +{ + NS_PRECONDITION(aNewChannel, "Redirect without a channel?"); + + nsresult rv; + nsCOMPtr secMan = + do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv); + NS_ENSURE_SUCCESS(rv, rv); + + nsCOMPtr oldURI; + rv = aOldChannel->GetURI(getter_AddRefs(oldURI)); // The original URI + NS_ENSURE_SUCCESS(rv, rv); + + nsCOMPtr newURI; + rv = aNewChannel->GetURI(getter_AddRefs(newURI)); // The new URI + NS_ENSURE_SUCCESS(rv, rv); + + return secMan->CheckSameOriginURI(oldURI, newURI, PR_TRUE); +} + NS_IMETHODIMP txStylesheetSink::GetInterface(const nsIID& aIID, void** aResult) { @@ -396,7 +420,7 @@ txStylesheetSink::GetInterface(const nsIID& aIID, void** aResult) return NS_OK; } - return NS_ERROR_NO_INTERFACE; + return QueryInterface(aIID, aResult); } class txCompileObserver : public txACompileObserver @@ -469,19 +493,13 @@ txCompileObserver::loadURI(const nsAString& aUri, GetCodebasePrincipal(referrerUri, getter_AddRefs(referrerPrincipal)); NS_ENSURE_SUCCESS(rv, rv); - // Content Policy - PRInt16 shouldLoad = nsIContentPolicy::ACCEPT; - rv = NS_CheckContentLoadPolicy(nsIContentPolicy::TYPE_STYLESHEET, - uri, - referrerPrincipal, - nsnull, - NS_LITERAL_CSTRING("application/xml"), - nsnull, - &shouldLoad); + // Do security check. + rv = nsContentUtils:: + CheckSecurityBeforeLoad(uri, referrerPrincipal, + nsIScriptSecurityManager::STANDARD, PR_FALSE, + nsIContentPolicy::TYPE_STYLESHEET, + nsnull, NS_LITERAL_CSTRING("application/xml")); NS_ENSURE_SUCCESS(rv, rv); - if (NS_CP_REJECTED(shouldLoad)) { - return NS_ERROR_DOM_BAD_URI; - } return startLoad(uri, aCompiler, referrerPrincipal); } @@ -537,12 +555,6 @@ txCompileObserver::startLoad(nsIURI* aUri, txStylesheetCompiler* aCompiler, parser->SetContentSink(sink); parser->Parse(aUri); - // Always install in case of redirects - nsCOMPtr listener = - new nsCrossSiteListenerProxy(sink, aReferrerPrincipal, channel, &rv); - NS_ENSURE_TRUE(listener, NS_ERROR_OUT_OF_MEMORY); - NS_ENSURE_SUCCESS(rv, rv); - return channel->AsyncOpen(sink, parser); } @@ -554,20 +566,14 @@ TX_LoadSheet(nsIURI* aUri, txMozillaXSLTProcessor* aProcessor, aUri->GetSpec(spec); PR_LOG(txLog::xslt, PR_LOG_ALWAYS, ("TX_LoadSheet: %s\n", spec.get())); - // Content Policy - PRInt16 shouldLoad = nsIContentPolicy::ACCEPT; - nsresult rv = - NS_CheckContentLoadPolicy(nsIContentPolicy::TYPE_STYLESHEET, - aUri, - aCallerPrincipal, - aProcessor->GetSourceContentModel(), - NS_LITERAL_CSTRING("application/xml"), - nsnull, - &shouldLoad); + // Pass source document as the context + nsresult rv = nsContentUtils:: + CheckSecurityBeforeLoad(aUri, aCallerPrincipal, + nsIScriptSecurityManager::STANDARD, PR_FALSE, + nsIContentPolicy::TYPE_STYLESHEET, + aProcessor->GetSourceContentModel(), + NS_LITERAL_CSTRING("application/xml")); NS_ENSURE_SUCCESS(rv, rv); - if (NS_CP_REJECTED(shouldLoad)) { - return NS_ERROR_DOM_BAD_URI; - } nsRefPtr observer = new txCompileObserver(aProcessor, aLoadGroup); @@ -709,25 +715,18 @@ txSyncCompileObserver::loadURI(const nsAString& aUri, GetCodebasePrincipal(referrerUri, getter_AddRefs(referrerPrincipal)); NS_ENSURE_SUCCESS(rv, rv); - // Content Policy - PRInt16 shouldLoad = nsIContentPolicy::ACCEPT; - rv = NS_CheckContentLoadPolicy(nsIContentPolicy::TYPE_STYLESHEET, - uri, - referrerPrincipal, - nsnull, - NS_LITERAL_CSTRING("application/xml"), - nsnull, - &shouldLoad); + rv = nsContentUtils:: + CheckSecurityBeforeLoad(uri, referrerPrincipal, + nsIScriptSecurityManager::STANDARD, + PR_FALSE, nsIContentPolicy::TYPE_STYLESHEET, + nsnull, NS_LITERAL_CSTRING("application/xml")); NS_ENSURE_SUCCESS(rv, rv); - if (NS_CP_REJECTED(shouldLoad)) { - return NS_ERROR_DOM_BAD_URI; - } // This is probably called by js, a loadGroup for the channel doesn't // make sense. nsCOMPtr document; - rv = nsSyncLoadService::LoadDocument(uri, referrerPrincipal, nsnull, - PR_FALSE, getter_AddRefs(document)); + rv = nsSyncLoadService::LoadDocument(uri, referrerUri, nsnull, PR_FALSE, + getter_AddRefs(document)); NS_ENSURE_SUCCESS(rv, rv); nsCOMPtr doc = do_QueryInterface(document); diff --git a/content/xul/document/src/nsXULDocument.cpp b/content/xul/document/src/nsXULDocument.cpp index 0f56c33d1f3..6eaa30047e3 100644 --- a/content/xul/document/src/nsXULDocument.cpp +++ b/content/xul/document/src/nsXULDocument.cpp @@ -2605,13 +2605,16 @@ nsXULDocument::LoadOverlayInternal(nsIURI* aURI, PRBool aIsDynamic, if (aIsDynamic) mResolutionPhase = nsForwardReference::eStart; + nsIScriptSecurityManager* secMan = nsContentUtils::GetSecurityManager(); + NS_ENSURE_TRUE(secMan, NS_ERROR_NOT_AVAILABLE); + // Chrome documents are allowed to load overlays from anywhere. // In all other cases, the overlay is only allowed to load if // the master document and prototype document have the same origin. if (!IsChromeURI(mDocumentURI)) { // Make sure we're allowed to load this overlay. - rv = NodePrincipal()->CheckMayLoad(aURI, PR_TRUE); + rv = secMan->CheckSameOriginURI(mDocumentURI, aURI, PR_TRUE); if (NS_FAILED(rv)) { *aFailureFromContent = PR_TRUE; return rv; diff --git a/extensions/canvas3d/src/nsCanvasRenderingContextGL.cpp b/extensions/canvas3d/src/nsCanvasRenderingContextGL.cpp index 6d776c119d0..6ebd362343c 100644 --- a/extensions/canvas3d/src/nsCanvasRenderingContextGL.cpp +++ b/extensions/canvas3d/src/nsCanvasRenderingContextGL.cpp @@ -713,16 +713,30 @@ nsCanvasRenderingContextGLPrivate::DoDrawImageSecurityCheck(nsIURI* aURI, PRBool } fprintf (stderr, "DoDrawImageSecuritycheck this 4: %p\n", this); + nsCOMPtr ssm = + do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID); + if (!ssm) { + mCanvasElement->SetWriteOnly(); + return; + } + + fprintf (stderr, "DoDrawImageSecuritycheck this 5: %p\n", this); nsCOMPtr elem = do_QueryInterface(mCanvasElement); - if (elem) { - rv = elem->NodePrincipal()->CheckMayLoad(aURI); - if (NS_SUCCEEDED(rv)) { - // Same origin - return; + if (elem && ssm) { + nsCOMPtr uriPrincipal; + ssm->GetCodebasePrincipal(aURI, getter_AddRefs(uriPrincipal)); + + if (uriPrincipal) { + nsresult rv = ssm->CheckSameOriginPrincipal(elem->NodePrincipal(), + uriPrincipal); + if (NS_SUCCEEDED(rv)) { + // Same origin + return; + } } } - fprintf (stderr, "DoDrawImageSecuritycheck this 5: %p\n", this); fflush(stderr); + fprintf (stderr, "DoDrawImageSecuritycheck this 6: %p\n", this); fflush(stderr); mCanvasElement->SetWriteOnly(); #endif }