Bug 781331 - Hook up systemXHR to permissions manager. r=sicking
authorGregor Wagner <anygregor@gmail.com>
Fri, 17 Aug 2012 17:42:00 -0700
changeset 102691 07d5886658b2a4f48f5325c363512636e5cd4067
parent 102690 166b0fcabc73864fc9e463e32e50163ee4fd993e
child 102692 f450fe554bd686c9fd7bc7a3ca870b887db3c620
push id13594
push usergwagner@mozilla.com
push dateSat, 18 Aug 2012 00:42:24 +0000
treeherdermozilla-inbound@07d5886658b2 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssicking
bugs781331
milestone17.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 781331 - Hook up systemXHR to permissions manager. r=sicking
content/base/src/nsXMLHttpRequest.cpp
content/base/test/test_XHR_anon.html
content/base/test/test_XHR_parameters.html
content/base/test/test_XHR_system.html
--- a/content/base/src/nsXMLHttpRequest.cpp
+++ b/content/base/src/nsXMLHttpRequest.cpp
@@ -71,16 +71,17 @@
 #include "nsIFileChannel.h"
 #include "mozilla/Telemetry.h"
 #include "jsfriendapi.h"
 #include "sampler.h"
 #include "mozilla/dom/XMLHttpRequestBinding.h"
 #include "nsIDOMFormData.h"
 #include "DictionaryHelpers.h"
 #include "mozilla/Attributes.h"
+#include "nsIPermissionManager.h"
 
 #include "nsWrapperCacheInlines.h"
 #include "nsStreamListenerWrapper.h"
 
 using namespace mozilla;
 using namespace mozilla::dom;
 
 #define LOAD_STR "load"
@@ -567,19 +568,26 @@ nsXMLHttpRequest::InitParameters(bool aA
   // Chrome is always allowed access, so do the permission check only
   // for non-chrome pages.
   if (!nsContentUtils::IsCallerChrome()) {
     nsCOMPtr<nsIDocument> doc = do_QueryInterface(window->GetExtantDocument());
     if (!doc) {
       return;
     }
 
-    nsCOMPtr<nsIURI> uri;
-    doc->NodePrincipal()->GetURI(getter_AddRefs(uri));
-    if (!nsContentUtils::URIIsChromeOrInPref(uri, "dom.systemXHR.whitelist")) {
+    nsCOMPtr<nsIPrincipal> principal = doc->NodePrincipal();
+    nsCOMPtr<nsIPermissionManager> permMgr =
+      do_GetService(NS_PERMISSIONMANAGER_CONTRACTID);
+    if (!permMgr)
+      return;
+
+    PRUint32 permission;
+    nsresult rv =
+      permMgr->TestPermissionFromPrincipal(principal, "systemXHR", &permission);
+    if (NS_FAILED(rv) || permission != nsIPermissionManager::ALLOW_ACTION) {
       return;
     }
   }
 
   mIsAnon = aAnon;
   mIsSystem = aSystem;
 }
 
--- a/content/base/test/test_XHR_anon.html
+++ b/content/base/test/test_XHR_anon.html
@@ -23,22 +23,21 @@ function runTests() {
 
     const {classes: Cc, interfaces: Ci} = SpecialPowers.wrap(Components);
 
     let authMgr = Cc["@mozilla.org/network/http-auth-manager;1"]
                     .getService(Components.interfaces.nsIHttpAuthManager)
     authMgr.setAuthIdentity("http", "example.com", 80, "basic", "testrealm",
                             "", "example.com", "user1", "password1");
 
-    SpecialPowers.setCharPref("dom.systemXHR.whitelist",
-                              "http://mochi.test:8888");
+    SpecialPowers.addPermission("systemXHR", true, document);
 
     return function tearDown() {
       authMgr.clearAll();
-      SpecialPowers.clearUserPref("dom.systemXHR.whitelist");
+      SpecialPowers.removePermission("systemXHR", document);
       SimpleTest.finish();
     }
   }());
 
   // An XHR with the anon flag set will not send cookie and auth information.
 
   const TEST_URL = "http://example.com/tests/content/base/test/file_XHR_anon.sjs";
 
--- a/content/base/test/test_XHR_parameters.html
+++ b/content/base/test/test_XHR_parameters.html
@@ -79,21 +79,21 @@ function runTests() {
   }
 
   // Run the tests once without API privileges...
   validParameters.forEach(testValidParameter);
   invalidParameters.forEach(testInvalidParameter);
 
   // ...and once with privileges.
   havePrivileges = true;
-  SpecialPowers.setCharPref("dom.systemXHR.whitelist",
-                            "http://mochi.test:8888");
+  SpecialPowers.addPermission("systemXHR", true, document);
+
   validParameters.forEach(testValidParameter);
   invalidParameters.forEach(testInvalidParameter);
-  SpecialPowers.clearUserPref("dom.systemXHR.whitelist");
+  SpecialPowers.removePermission("systemXHR", document);
 
   SimpleTest.finish();
 }
 
 </script>
 </pre>
 </body>
 </html>
--- a/content/base/test/test_XHR_system.html
+++ b/content/base/test/test_XHR_system.html
@@ -11,22 +11,22 @@
 </p>
 <div id="content" style="display: none">
   
 </div>
 <pre id="test">
 <script class="testbody" type="application/javascript;version=1.8">
 
 function runTests() {
+  var comp = SpecialPowers.wrap(Components);
   SimpleTest.waitForExplicitFinish();
-  SpecialPowers.setCharPref("dom.systemXHR.whitelist",
-                            "http://mochi.test:8888");
+  SpecialPowers.addPermission("systemXHR", true, document);
 
   function tearDown() {
-    SpecialPowers.clearUserPref("dom.systemXHR.whitelist");
+    SpecialPowers.removePermission("systemXHR", document);
     SimpleTest.finish();
   }
 
   // An XHR with system privileges will be able to do cross-site calls.
 
   const TEST_URL = "http://example.com/tests/content/base/test/test_XHR_system.html";
   is(window.location.hostname, "mochi.test");