Bug 1208756 - Introduce URI_FETCHABLE_BY_ANYONE and use it for moz-extension. r=bz
authorBobby Holley <bobbyholley@gmail.com>
Wed, 30 Sep 2015 20:15:26 -0700
changeset 265845 06a3886ffdc948fb69f49744f5d5e74f0968a98d
parent 265844 ecb7068b07a1b0843c9bda2926d77ebfb3c46a99
child 265846 db60203ceb0c197abf7766c88a8f393254f939a9
push id66038
push userbobbyholley@gmail.com
push dateFri, 02 Oct 2015 22:02:19 +0000
treeherdermozilla-inbound@db60203ceb0c [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbz
bugs1208756
milestone44.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1208756 - Introduce URI_FETCHABLE_BY_ANYONE and use it for moz-extension. r=bz This matches the behavior described in https://developer.chrome.com/extensions/manifest/web_accessible_resources
caps/BasePrincipal.cpp
netwerk/base/nsIProtocolHandler.idl
netwerk/protocol/res/ExtensionProtocolHandler.cpp
--- a/caps/BasePrincipal.cpp
+++ b/caps/BasePrincipal.cpp
@@ -285,16 +285,22 @@ BasePrincipal::CheckMayLoad(nsIURI* aURI
     bool doesInheritSecurityContext;
     rv = NS_URIChainHasFlags(aURI, nsIProtocolHandler::URI_INHERITS_SECURITY_CONTEXT,
                              &doesInheritSecurityContext);
     if (NS_SUCCEEDED(rv) && doesInheritSecurityContext) {
       return NS_OK;
     }
   }
 
+  bool fetchableByAnyone;
+  rv = NS_URIChainHasFlags(aURI, nsIProtocolHandler::URI_FETCHABLE_BY_ANYONE, &fetchableByAnyone);
+  if (NS_SUCCEEDED(rv) && fetchableByAnyone) {
+    return NS_OK;
+  }
+
   if (aReport) {
     nsCOMPtr<nsIURI> prinURI;
     rv = GetURI(getter_AddRefs(prinURI));
     if (NS_SUCCEEDED(rv) && prinURI) {
       nsScriptSecurityManager::ReportError(nullptr, NS_LITERAL_STRING("CheckSameOriginError"), prinURI, aURI);
     }
   }
 
--- a/netwerk/base/nsIProtocolHandler.idl
+++ b/netwerk/base/nsIProtocolHandler.idl
@@ -27,17 +27,17 @@ interface nsIProtocolHandlerWithDynamicF
      * flags for another URI of the same scheme.
      */
     unsigned long getFlagsForURI(in nsIURI aURI);
 };
 
 /**
  * nsIProtocolHandler
  */
-[scriptable, uuid(3393c327-ce70-47f1-9be3-cc312e21c012)]
+[scriptable, uuid(a87210e6-7c8c-41f7-864d-df809015193e)]
 interface nsIProtocolHandler : nsISupports
 {
     /**
      * The scheme of this protocol (e.g., "file").
      */
     readonly attribute ACString scheme;
 
     /** 
@@ -282,16 +282,23 @@ interface nsIProtocolHandler : nsISuppor
      */
     const unsigned long URI_SYNC_LOAD_IS_OK = (1<<17);
 
     /**
      * URI is secure to load in an https page and should not be blocked
      * by nsMixedContentBlocker
      */
     const unsigned long URI_SAFE_TO_LOAD_IN_SECURE_CONTEXT = (1<<18);
+
+    /**
+     * This URI may be fetched and the contents are visible to anyone. This is
+     * semantically equivalent to the resource being served with all-access CORS
+     * headers.
+     */
+    const unsigned long URI_FETCHABLE_BY_ANYONE = (1 << 19);
 };
 
 %{C++
 /**
  * Protocol handlers are registered with XPCOM under the following CONTRACTID prefix:
  */
 #define NS_NETWORK_PROTOCOL_CONTRACTID_PREFIX "@mozilla.org/network/protocol;1?name="
 /**
--- a/netwerk/protocol/res/ExtensionProtocolHandler.cpp
+++ b/netwerk/protocol/res/ExtensionProtocolHandler.cpp
@@ -16,21 +16,21 @@ NS_IMPL_QUERY_INTERFACE(ExtensionProtoco
                         nsISupportsWeakReference)
 NS_IMPL_ADDREF_INHERITED(ExtensionProtocolHandler, SubstitutingProtocolHandler)
 NS_IMPL_RELEASE_INHERITED(ExtensionProtocolHandler, SubstitutingProtocolHandler)
 
 nsresult
 ExtensionProtocolHandler::GetFlagsForURI(nsIURI* aURI, uint32_t* aFlags)
 {
   // In general a moz-extension URI is only loadable by chrome, but a whitelisted
-  // subset are web-accessible. Check that whitelist.
+  // subset are web-accessible (and cross-origin fetchable). Check that whitelist.
   nsCOMPtr<nsIAddonPolicyService> aps = do_GetService("@mozilla.org/addons/policy-service;1");
   bool loadableByAnyone = false;
   if (aps) {
     nsresult rv = aps->ExtensionURILoadableByAnyone(aURI, &loadableByAnyone);
     NS_ENSURE_SUCCESS(rv, rv);
   }
 
-  *aFlags = URI_STD | URI_IS_LOCAL_RESOURCE | (loadableByAnyone ? URI_LOADABLE_BY_ANYONE : URI_DANGEROUS_TO_LOAD);
+  *aFlags = URI_STD | URI_IS_LOCAL_RESOURCE | (loadableByAnyone ? (URI_LOADABLE_BY_ANYONE | URI_FETCHABLE_BY_ANYONE) : URI_DANGEROUS_TO_LOAD);
   return NS_OK;
 }
 
 } // namespace mozilla