Bug 1574676 - Obtaining COEP from the document through which target is nested r=mayhemer
authorJunior Hsu <juhsu@mozilla.com>
Thu, 22 Aug 2019 15:45:19 +0000
changeset 489459 3a1761599fa1a149b952d08075ee696f8dde249a
parent 489458 dd1ba2689a3b98d3f6b4bb34342766d7085e42d3
child 489460 d99e941429d0f5072a36684eab3f675a7cd467c7
push id36474
push usermalexandru@mozilla.com
push dateThu, 22 Aug 2019 21:54:53 +0000
treeherdermozilla-central@95ad10e13fb1 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmayhemer
bugs1574676
milestone70.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1574676 - Obtaining COEP from the document through which target is nested r=mayhemer Differential Revision: https://phabricator.services.mozilla.com/D42397
netwerk/protocol/http/nsHttpChannel.cpp
--- a/netwerk/protocol/http/nsHttpChannel.cpp
+++ b/netwerk/protocol/http/nsHttpChannel.cpp
@@ -7493,22 +7493,17 @@ nsresult nsHttpChannel::ProcessCrossOrig
   if (mLoadInfo->GetExternalContentPolicyType() !=
           nsIContentPolicy::TYPE_DOCUMENT &&
       mLoadInfo->GetExternalContentPolicyType() !=
           nsIContentPolicy::TYPE_SUBDOCUMENT) {
     return NS_OK;
   }
 
   RefPtr<mozilla::dom::BrowsingContext> ctx;
-  if (mLoadInfo->GetExternalContentPolicyType() ==
-      nsIContentPolicy::TYPE_DOCUMENT) {
-    mLoadInfo->GetBrowsingContext(getter_AddRefs(ctx));
-  } else {
-    mLoadInfo->GetFrameBrowsingContext(getter_AddRefs(ctx));
-  }
+  mLoadInfo->GetBrowsingContext(getter_AddRefs(ctx));
 
   if (!ctx) {
     return NS_OK;
   }
 
   nsILoadInfo::CrossOriginEmbedderPolicy documentPolicy =
       ctx->GetEmbedderPolicy();
   nsILoadInfo::CrossOriginEmbedderPolicy resultPolicy =
@@ -7521,17 +7516,27 @@ nsresult nsHttpChannel::ProcessCrossOrig
   // https://mikewest.github.io/corpp/#abstract-opdef-process-navigation-response
   if (mLoadInfo->GetExternalContentPolicyType() ==
           nsIContentPolicy::TYPE_SUBDOCUMENT &&
       documentPolicy != nsILoadInfo::EMBEDDER_POLICY_NULL &&
       resultPolicy != nsILoadInfo::EMBEDDER_POLICY_REQUIRE_CORP) {
     return NS_ERROR_BLOCKED_BY_POLICY;
   }
 
-  ctx->SetEmbedderPolicy(resultPolicy);
+  // XXX Bug 1572513 - we should have set the embedder policy during
+  // initializing docment object.
+  RefPtr<mozilla::dom::BrowsingContext> frameCtx = ctx;
+  if (mLoadInfo->GetExternalContentPolicyType() ==
+      nsIContentPolicy::TYPE_SUBDOCUMENT) {
+    mLoadInfo->GetFrameBrowsingContext(getter_AddRefs(frameCtx));
+  }
+
+  if (frameCtx) {
+    frameCtx->SetEmbedderPolicy(resultPolicy);
+  }
 
   return NS_OK;
 }
 
 // https://mikewest.github.io/corpp/#corp-check
 nsresult nsHttpChannel::ProcessCrossOriginResourcePolicyHeader() {
   if (!StaticPrefs::browser_tabs_remote_useCORP()) {
     return NS_OK;
@@ -7563,19 +7568,18 @@ nsresult nsHttpChannel::ProcessCrossOrig
   // 3.2.1.6 If policy is null, and embedder policy is "require-corp", set
   // policy to "same-origin".
   if (StaticPrefs::browser_tabs_remote_useCrossOriginEmbedderPolicy()) {
     RefPtr<mozilla::dom::BrowsingContext> ctx;
     mLoadInfo->GetBrowsingContext(getter_AddRefs(ctx));
 
     // Note that we treat invalid value as "cross-origin", which spec indicates.
     // We might want to make that stricter.
-    if ((content.IsEmpty() && ctx &&
-         ctx->GetEmbedderPolicy() ==
-             nsILoadInfo::EMBEDDER_POLICY_REQUIRE_CORP)) {
+    if (content.IsEmpty() && ctx &&
+        ctx->GetEmbedderPolicy() == nsILoadInfo::EMBEDDER_POLICY_REQUIRE_CORP) {
       content = NS_LITERAL_CSTRING("same-origin");
     }
   }
 
   if (content.IsEmpty()) {
     return NS_OK;
   }