Bug 1088617 - Remove nsIScriptSecurityManager::CheckSameOrigin. r=me
authorBobby Holley <bobbyholley@gmail.com>
Wed, 29 Oct 2014 09:21:18 +0100
changeset 212846 a347286d9669f3489462b365d574f0e2f3575a3c
parent 212845 df5359e8c82c986d681429a1f7fc6be717253ddf
child 212847 fe5c1cb8075a9773b86ee001e41c0181519ea04a
child 212920 669b21a7bfd018e2775d7fd6761d4a6aee1b9325
push id9633
push usercbook@mozilla.com
push dateWed, 29 Oct 2014 12:40:59 +0000
treeherderfx-team@30e804438956 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersme
bugs1088617
milestone36.0a1
Bug 1088617 - Remove nsIScriptSecurityManager::CheckSameOrigin. r=me
caps/nsIScriptSecurityManager.idl
caps/nsScriptSecurityManager.cpp
--- a/caps/nsIScriptSecurityManager.idl
+++ b/caps/nsIScriptSecurityManager.idl
@@ -14,17 +14,17 @@ interface nsILoadContext;
 
 %{ C++
 #include "jspubtd.h"
 %}
 
 [ptr] native JSContextPtr(JSContext);
 [ptr] native JSObjectPtr(JSObject);
 
-[scriptable, uuid(3b021962-975e-43b5-8a93-9fc2d20346e9)]
+[scriptable, uuid(f649959d-dae3-4027-83fd-5b7f8c8a8815)]
 interface nsIScriptSecurityManager : nsISupports
 {
     /**
      * For each of these hooks returning NS_OK means 'let the action continue'.
      * Returning an error code means 'veto the action'. XPConnect will return
      * false to the js engine if the action is vetoed. The implementor of this
      * interface is responsible for setting a JS exception into the JSContext
      * if that is appropriate.
@@ -174,23 +174,16 @@ interface nsIScriptSecurityManager : nsI
     /**
      * Legacy name for getNoAppCodebasePrincipal.
      *
      * @deprecated use getNoAppCodebasePrincipal instead.
      */
     [deprecated] nsIPrincipal getCodebasePrincipal(in nsIURI uri);
 
     /**
-     * Returns OK if aJSContext and target have the same "origin"
-     * (scheme, host, and port).
-     */
-    [noscript] void checkSameOrigin(in JSContextPtr aJSContext,
-                                    in nsIURI aTargetURI);
-
-    /**
      * Returns OK if aSourceURI and target have the same "origin"
      * (scheme, host, and port).
      * ReportError flag suppresses error reports for functions that
      * don't need reporting.
      */
     void checkSameOriginURI(in nsIURI aSourceURI,
                             in nsIURI aTargetURI,
                             in boolean reportError);
--- a/caps/nsScriptSecurityManager.cpp
+++ b/caps/nsScriptSecurityManager.cpp
@@ -437,49 +437,16 @@ nsScriptSecurityManager::ContentSecurity
 bool
 nsScriptSecurityManager::JSPrincipalsSubsume(JSPrincipals *first,
                                              JSPrincipals *second)
 {
     return nsJSPrincipals::get(first)->Subsumes(nsJSPrincipals::get(second));
 }
 
 NS_IMETHODIMP
-nsScriptSecurityManager::CheckSameOrigin(JSContext* cx,
-                                         nsIURI* aTargetURI)
-{
-    MOZ_ASSERT_IF(cx, cx == nsContentUtils::GetCurrentJSContext());
-
-    // Get a principal from the context
-    nsIPrincipal* sourcePrincipal = nsContentUtils::SubjectPrincipal();
-    if (sourcePrincipal == mSystemPrincipal)
-    {
-        // This is a system (chrome) script, so allow access
-        return NS_OK;
-    }
-
-    // Get the original URI from the source principal.
-    // This has the effect of ignoring any change to document.domain
-    // which must be done to avoid DNS spoofing (bug 154930)
-    nsCOMPtr<nsIURI> sourceURI;
-    sourcePrincipal->GetDomain(getter_AddRefs(sourceURI));
-    if (!sourceURI) {
-      sourcePrincipal->GetURI(getter_AddRefs(sourceURI));
-      NS_ENSURE_TRUE(sourceURI, NS_ERROR_FAILURE);
-    }
-
-    // Compare origins
-    if (!SecurityCompareURIs(sourceURI, aTargetURI))
-    {
-         ReportError(cx, NS_LITERAL_STRING("CheckSameOriginError"), sourceURI, aTargetURI);
-         return NS_ERROR_DOM_BAD_URI;
-    }
-    return NS_OK;
-}
-
-NS_IMETHODIMP
 nsScriptSecurityManager::CheckSameOriginURI(nsIURI* aSourceURI,
                                             nsIURI* aTargetURI,
                                             bool reportError)
 {
     if (!SecurityCompareURIs(aSourceURI, aTargetURI))
     {
          if (reportError) {
             ReportError(nullptr, NS_LITERAL_STRING("CheckSameOriginError"),