Bug 762409 - localStorage throws 'The operation is insecure.' error with document.domain, r=bz
authorHonza Bambas <honzab.moz@firemni.cz>
Thu, 14 Jun 2012 02:48:09 +0200
changeset 96606 b30e903d23a0
parent 96605 8cf5423b0213
child 96607 7625b37383fe
child 96646 2de6261cc1e8
push id22923
push userhonzab.moz@firemni.cz
push date2012-06-14 00:48 +0000
treeherdermozilla-central@b30e903d23a0 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbz
bugs762409
milestone16.0a1
Bug 762409 - localStorage throws 'The operation is insecure.' error with document.domain, r=bz
dom/src/storage/nsDOMStorage.cpp
--- a/dom/src/storage/nsDOMStorage.cpp
+++ b/dom/src/storage/nsDOMStorage.cpp
@@ -1694,21 +1694,32 @@ nsDOMStorage::CanAccessSystem(nsIPrincip
 bool
 nsDOMStorage::CanAccess(nsIPrincipal *aPrincipal)
 {
   // Allow C++ callers to access the storage
   if (!aPrincipal)
     return true;
 
   // Allow more powerful principals (e.g. system) to access the storage
+
+  // For content, either the code base or domain must be the same.  When code
+  // base is the same, this is enough to say it is safe for a page to access
+  // this storage.
+
   bool subsumes;
   nsresult rv = aPrincipal->SubsumesIgnoringDomain(mPrincipal, &subsumes);
   if (NS_FAILED(rv))
     return false;
 
+  if (!subsumes) {
+    nsresult rv = aPrincipal->Subsumes(mPrincipal, &subsumes);
+    if (NS_FAILED(rv))
+      return false;
+  }
+
   return subsumes;
 }
 
 nsPIDOMStorage::nsDOMStorageType
 nsDOMStorage::StorageType()
 {
   return mStorageType;
 }