Bug 1329186 - (1) Use asyncOpen2() and (2) change nsILoadInfo.SEC_NORMAL to SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL when using a SystemPrincipal r=IanN a=IanN

This commit is contained in:
Philip Chee 2017-01-22 23:47:02 +08:00
Родитель 05a8e17196
Коммит c6f5a04813
8 изменённых файлов: 15 добавлений и 13 удалений

Просмотреть файл

@ -103,9 +103,9 @@ function registerPlayPreview(mimeType, targetUrl) {
var channel = ios.newChannel2(targetUrl, null, null, null,
Services.scriptSecurityManager.getSystemPrincipal(),
null,
Components.interfaces.nsILoadInfo.SEC_NORMAL,
Components.interfaces.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
Components.interfaces.nsIContentPolicy.TYPE_OTHER);
channel.asyncOpen(this.listener, aContext);
channel.asyncOpen2(this.listener);
},
// nsIRequestObserver::onStopRequest

Просмотреть файл

@ -1091,7 +1091,7 @@ nsContextMenu.prototype = {
var channel = ios.newChannel2(linkURL, null, null, null,
Services.scriptSecurityManager.getSystemPrincipal(),
null,
Components.interfaces.nsILoadInfo.SEC_NORMAL,
Components.interfaces.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
Components.interfaces.nsIContentPolicy.TYPE_OTHER);
channel.notificationCallbacks = new Callbacks();
@ -1119,7 +1119,7 @@ nsContextMenu.prototype = {
var timer = setTimeout(timerCallback, timeToWait);
// kick off the channel with our proxy object as the listener
channel.asyncOpen(new SaveAsListener(), null);
channel.asyncOpen2(new SaveAsListener());
},
// Save URL of clicked-on image, video, or audio.

Просмотреть файл

@ -838,7 +838,7 @@ function check_for_missing_panels() {
var channel = ios.newChannel2(prereq_file, null, null, null,
Services.scriptSecurityManager.getSystemPrincipal(),
null,
Components.interfaces.nsILoadInfo.SEC_NORMAL,
Components.interfaces.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
Components.interfaces.nsIContentPolicy.TYPE_OTHER);
try {
channel.open();

Просмотреть файл

@ -52,7 +52,7 @@ About.prototype = {
Services.io.newChannelFromURI2(newURI, null,
Services.scriptSecurityManager.getSystemPrincipal(),
null,
Components.interfaces.nsILoadInfo.SEC_NORMAL,
Components.interfaces.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
Components.interfaces.nsIContentPolicy.TYPE_OTHER);
channel.originalURI = aURI;
if (this[module + "Flags"] & UNTRUSTED)

Просмотреть файл

@ -54,7 +54,7 @@ GopherProtocol.prototype = {
ios.newChannelFromURI2(newURI, null,
Services.scriptSecurityManager.getSystemPrincipal(),
null,
Components.interfaces.nsILoadInfo.SEC_NORMAL,
Components.interfaces.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
Components.interfaces.nsIContentPolicy.TYPE_OTHER);
chan.originalURI = inputURI;
chan.owner = Components.classes["@mozilla.org/scriptsecuritymanager;1"]

Просмотреть файл

@ -264,7 +264,7 @@ FeedConverter.prototype = {
chromeChannel = Services.io.newChannelFromURIWithLoadInfo(result.uri, loadInfo);
chromeChannel.loadGroup = this._request.loadGroup;
chromeChannel.asyncOpen(this._listener, null);
chromeChannel.asyncOpen2(this._listener);
}
finally {
this._releaseHandles();
@ -534,7 +534,7 @@ GenericProtocolHandler.prototype = {
ios.newChannelFromURI2(uri, null,
Services.scriptSecurityManager.getSystemPrincipal(),
null,
Components.interfaces.nsILoadInfo.SEC_NORMAL,
Components.interfaces.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
Components.interfaces.nsIContentPolicy.TYPE_OTHER);
if (channel instanceof Components.interfaces.nsIHttpChannel)
// Set this so we know this is supposed to be a feed

Просмотреть файл

@ -512,8 +512,8 @@ FeedWriter.prototype = {
if (enc.hasKey("length") && /^[0-9]+$/.test(enc.get("length"))) {
let enc_size = convertByteUnits(parseInt(enc.get("length")));
let size_text = this._getFormattedString("enclosureSizeText",
[enc_size[0], this._getString(enc_size[1])]);
size_text = this._getFormattedString("enclosureSizeText",
[enc_size[0], this._getString(enc_size[1])]);
}
let iconimg = this._document.createElementNS(HTML_NS, "img");
@ -974,11 +974,13 @@ FeedWriter.prototype = {
.getInterface(Components.interfaces.nsIWebNavigation)
.QueryInterface(Components.interfaces.nsIDocShell)
.currentDocumentChannel;
// The following channel is never openend, so it does not matter what
// securityFlags we pass; let's follow the principle of least privilege.
var ios = Services.io;
var channel = ios.newChannel2(FEEDHANDLER_URI, null, null, null,
this._feedprincipal,
null,
Components.interfaces.nsILoadInfo.SEC_NORMAL,
Components.interfaces.nsILoadInfo.SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED,
Components.interfaces.nsIContentPolicy.TYPE_OTHER);
var resolvedURI = channel.URI;

Просмотреть файл

@ -709,7 +709,7 @@ function storePhoto(aUri) {
null,
Services.scriptSecurityManager.getSystemPrincipal(),
null,
Components.interfaces.nsILoadInfo.SEC_NORMAL,
Components.interfaces.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
Components.interfaces.nsIContentPolicy.TYPE_INTERNAL_IMAGE);
var istream = channel.open();