Bug 707836 - Handle URI navigation outside app domain for native apps [r=myk]
authorEdward Lee <edilee@mozilla.com>
Thu, 26 Apr 2012 16:55:27 -0700
changeset 92554 0064e5064b4f6856b9b7b1286f10ad50f958f467
parent 92553 c8f67f81e8dfd3fa60b88aae712f69b6af88ed8e
child 92555 94f63dd34a0d50118f6fa3a5f2b2cc3ac88a57a3
push id8751
push useredward.lee@engineering.uiuc.edu
push dateThu, 26 Apr 2012 23:56:04 +0000
treeherdermozilla-inbound@94f63dd34a0d [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmyk
bugs707836
milestone15.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 707836 - Handle URI navigation outside app domain for native apps [r=myk] Add a content policy to detect off-origin navigation to redirect to the default browser.
webapprt/ContentPolicy.js
webapprt/Makefile.in
webapprt/components.manifest
new file mode 100644
--- /dev/null
+++ b/webapprt/ContentPolicy.js
@@ -0,0 +1,54 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+const Cc = Components.classes;
+const Ci = Components.interfaces;
+const Cu = Components.utils;
+
+Cu.import("resource://webapprt/modules/WebappRT.jsm");
+Cu.import("resource://gre/modules/XPCOMUtils.jsm");
+
+// Allow certain origins to load as top-level documents
+const allowedOrigins = [
+  WebappRT.config.app.origin,
+];
+
+function ContentPolicy() {}
+
+ContentPolicy.prototype = {
+  classID: Components.ID("{75acd178-3d5a-48a7-bd92-fba383520ae6}"),
+
+  QueryInterface: XPCOMUtils.generateQI([Ci.nsIContentPolicy]),
+
+  shouldLoad: function(contentType, contentLocation, requestOrigin, context, mimeTypeGuess, extra) {
+    // Redirect top-level document loads that aren't special schemes to the
+    // default browser when trying to load pages outside of allowed origins
+    let {prePath, scheme} = contentLocation;
+    if (contentType == Ci.nsIContentPolicy.TYPE_DOCUMENT &&
+        !/^(about|chrome|resource)$/.test(scheme) &&
+        allowedOrigins.indexOf(prePath) == -1) {
+
+      // Send the url to the default browser
+      Cc["@mozilla.org/uriloader/external-protocol-service;1"].
+        getService(Ci.nsIExternalProtocolService).
+        getProtocolHandlerInfo(scheme).
+        launchWithURI(contentLocation);
+
+      // Using window.open will first open then navigate, so explicitly close
+      if (context.currentURI.spec == "about:blank") {
+        context.ownerDocument.defaultView.close();
+      };
+
+      return Ci.nsIContentPolicy.REJECT_SERVER;
+    }
+
+    return Ci.nsIContentPolicy.ACCEPT;
+  },
+
+  shouldProcess: function(contentType, contentLocation, requestOrigin, context, mimeType, extra) {
+    return Ci.nsIContentPolicy.ACCEPT;
+  },
+};
+
+const NSGetFactory = XPCOMUtils.generateNSGetFactory([ContentPolicy]);
--- a/webapprt/Makefile.in
+++ b/webapprt/Makefile.in
@@ -21,16 +21,17 @@ else
 ifeq ($(OS_ARCH),Darwin)
 DIRS += mac
 endif # mac
 endif # windows
 
 EXTRA_PP_COMPONENTS = \
   components.manifest \
   CommandLineHandler.js \
+  ContentPolicy.js \
   DirectoryProvider.js \
   $(NULL)
 
 EXTRA_JS_MODULES = \
   WebappRT.jsm \
   $(NULL)
 
 include $(topsrcdir)/config/rules.mk
--- a/webapprt/components.manifest
+++ b/webapprt/components.manifest
@@ -1,9 +1,14 @@
 # CommandLineHandler.js
 component {6d69c782-40a3-469b-8bfd-3ee366105a4a} CommandLineHandler.js application=webapprt@mozilla.org
 contract @mozilla.org/webapprt/clh;1 {6d69c782-40a3-469b-8bfd-3ee366105a4a} application=webapprt@mozilla.org
 category command-line-handler x-default @mozilla.org/webapprt/clh;1 application=webapprt@mozilla.org
 
+# ContentPolicy.js
+component {75acd178-3d5a-48a7-bd92-fba383520ae6} ContentPolicy.js application=webapprt@mozilla.org
+contract @mozilla.org/webapprt/content-policy;1 {75acd178-3d5a-48a7-bd92-fba383520ae6} application=webapprt@mozilla.org
+category content-policy webapprt-content-policy @mozilla.org/webapprt/content-policy;1 application=webapprt@mozilla.org
+
 # DirectoryProvider.js
 component {e1799fda-4b2f-4457-b671-e0641d95698d} DirectoryProvider.js application=webapprt@mozilla.org
 contract @mozilla.org/webapprt/directory-provider;1 {e1799fda-4b2f-4457-b671-e0641d95698d} application=webapprt@mozilla.org
 category xpcom-directory-providers webapprt-directory-provider @mozilla.org/webapprt/directory-provider;1 application=webapprt@mozilla.org