Bug 1147026 - CSP should ignore query string when checking a resource load (r=dveditz)
authorChristoph Kerschbaumer <mozilla@christophkerschbaumer.com>
Wed, 25 Mar 2015 22:09:10 -0700
changeset 235912 2b7ca45e0968
parent 235911 96aef1037d39
child 235913 fc15fab6d75b
push id57545
push usermozilla@christophkerschbaumer.com
push dateThu, 26 Mar 2015 21:35:29 +0000
treeherdermozilla-inbound@fc15fab6d75b [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersdveditz
bugs1147026
milestone39.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1147026 - CSP should ignore query string when checking a resource load (r=dveditz)
dom/security/nsCSPUtils.cpp
--- a/dom/security/nsCSPUtils.cpp
+++ b/dom/security/nsCSPUtils.cpp
@@ -403,22 +403,26 @@ nsCSPHostSrc::permits(nsIURI* aUri, cons
   else if (!mHost.Equals(NS_ConvertUTF8toUTF16(uriHost))) {
     return false;
   }
 
   // 4.9) Path matching: If there is a path, we have to enforce
   // path-level matching, unless the channel got redirected, see:
   // http://www.w3.org/TR/CSP11/#source-list-paths-and-redirects
   if (!aWasRedirected && !mPath.IsEmpty()) {
-    // cloning uri so we can ignore the ref
-    nsCOMPtr<nsIURI> uri;
-    aUri->CloneIgnoringRef(getter_AddRefs(uri));
-
+    // converting aUri into nsIURL so we can strip query and ref
+    // example.com/test#foo     -> example.com/test
+    // example.com/test?val=foo -> example.com/test
+    nsCOMPtr<nsIURL> url = do_QueryInterface(aUri);
+    if (!url) {
+      NS_ASSERTION(false, "can't QI into nsIURI");
+      return false;
+    }
     nsAutoCString uriPath;
-    rv = uri->GetPath(uriPath);
+    rv = url->GetFilePath(uriPath);
     NS_ENSURE_SUCCESS(rv, false);
     // check if the last character of mPath is '/'; if so
     // we just have to check loading resource is within
     // the allowed path.
     if (mPath.Last() == '/') {
       if (!StringBeginsWith(NS_ConvertUTF8toUTF16(uriPath), mPath)) {
         return false;
       }