author Kris Maglione <>
Thu, 02 Nov 2017 19:56:27 -0700
changeset 390018 4350a326a49805c6138aabd0ed68136498bf97cd
parent 385076 67a8e12324569dd730347187e2ffccae486c758b
child 393246 96ffd32355aecf7d2999ff767c8ca09abb6f3ea0
permissions -rw-r--r--
Bug 1412345: Downgrade expanded principals before inheriting. r=bz,krizsa There are several ways that expanded principals can be used as triggering principals for requests. While that works fine for security checks, it also sometimes causes them to be inherited, and used as result principals in contexts where expanded principals aren't allowed. This patch changes our inheritance behavior so that expanded principals are downgraded to the most appropriate constituent principal when they would otherwise be inherited. The logic for choosing the most appropriate principal is a bit suspect, and may eventually need to be changed to always select the last whitelist principal, but I chose it to preserve the current principal downgrade behavior used by XMLHttpRequest for the time being. MozReview-Commit-ID: 9fvAKr2e2fa

/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at */

#ifndef ExpandedPrincipal_h
#define ExpandedPrincipal_h

#include "nsCOMPtr.h"
#include "nsJSPrincipals.h"
#include "nsTArray.h"
#include "nsNetUtil.h"
#include "mozilla/BasePrincipal.h"

class ExpandedPrincipal : public nsIExpandedPrincipal
                        , public mozilla::BasePrincipal
  static already_AddRefed<ExpandedPrincipal>
  Create(nsTArray<nsCOMPtr<nsIPrincipal>>& aWhiteList,
         const mozilla::OriginAttributes& aAttrs);

  static PrincipalKind Kind() { return eExpandedPrincipal; }


  NS_IMETHOD_(MozExternalRefCountType) AddRef() override { return nsJSPrincipals::AddRef(); };
  NS_IMETHOD_(MozExternalRefCountType) Release() override { return nsJSPrincipals::Release(); };
  NS_IMETHOD QueryInterface(REFNSIID aIID, void** aInstancePtr) override;
  NS_IMETHOD GetHashValue(uint32_t* aHashValue) override;
  NS_IMETHOD GetURI(nsIURI** aURI) override;
  NS_IMETHOD GetDomain(nsIURI** aDomain) override;
  NS_IMETHOD SetDomain(nsIURI* aDomain) override;
  NS_IMETHOD GetBaseDomain(nsACString& aBaseDomain) override;
  NS_IMETHOD GetAddonId(nsAString& aAddonId) override;
  virtual bool AddonHasPermission(const nsAtom* aPerm) override;
  virtual nsresult GetScriptLocation(nsACString &aStr) override;

  // Returns the principal to inherit when this principal requests the given
  // URL. See BasePrincipal::PrincipalToInherit.
  nsIPrincipal* PrincipalToInherit(nsIURI* aRequestedURI = nullptr,
                                   bool aAllowIfInheritsPrincipal = true);

  explicit ExpandedPrincipal(nsTArray<nsCOMPtr<nsIPrincipal>> &aWhiteList);

  virtual ~ExpandedPrincipal();

  bool SubsumesInternal(nsIPrincipal* aOther,
                        DocumentDomainConsideration aConsideration) override;

  bool MayLoadInternal(nsIURI* aURI) override;

  nsTArray< nsCOMPtr<nsIPrincipal> > mPrincipals;

{ 0xe8ee88b0, 0x5571, 0x4086, \
  { 0xa4, 0x5b, 0x39, 0xa7, 0x16, 0x90, 0x6b, 0xdb } }

#endif // ExpandedPrincipal_h