Bug 1508609 - Add strict checking of principals into DocShell LoadURI. r=ckerschb
authorJonathan Kingston <jkt@mozilla.com>
Tue, 20 Nov 2018 18:08:03 +0000
changeset 447356 50ebcb8ac1d8d42b4b65611e537a8c40eabd95d1
parent 447355 f5c1dbff0c9afe001c1f32576058138c7b799d2b
child 447357 54005d7b0a86809d8ed4f8d0537681523f952859
push id35075
push usershindli@mozilla.com
push dateWed, 21 Nov 2018 04:04:02 +0000
treeherdermozilla-central@8540104bb0bd [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersckerschb
bugs1508609
milestone65.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1508609 - Add strict checking of principals into DocShell LoadURI. r=ckerschb Differential Revision: https://phabricator.services.mozilla.com/D12425
docshell/base/nsDocShell.cpp
docshell/shistory/nsSHistory.cpp
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@@ -674,16 +674,21 @@ nsDocShell::GetInterface(const nsIID& aI
 NS_IMETHODIMP
 nsDocShell::LoadURI(nsDocShellLoadState* aLoadState)
 {
   MOZ_ASSERT(aLoadState, "Must have a valid load state!");
   MOZ_ASSERT((aLoadState->LoadFlags() & INTERNAL_LOAD_FLAGS_LOADURI_SETUP_FLAGS) == 0,
              "Should not have these flags set");
   MOZ_ASSERT(aLoadState->URI(), "Should have a valid URI to load");
 
+  if (mUseStrictSecurityChecks && !aLoadState->TriggeringPrincipal()) {
+    MOZ_ASSERT(false, "LoadURI must have a triggering principal");
+    return NS_ERROR_FAILURE;
+  }
+
   // Note: we allow loads to get through here even if mFiredUnloadEvent is
   // true; that case will get handled in LoadInternal or LoadHistoryEntry,
   // so we pass false as the second parameter to IsNavigationAllowed.
   // However, we don't allow the page to change location *in the middle of*
   // firing beforeunload, so we do need to check if *beforeunload* is currently
   // firing, so we call IsNavigationAllowed rather than just IsPrintingOrPP.
   if (!IsNavigationAllowed(true, false)) {
     return NS_OK; // JS may not handle returning of an error code
--- a/docshell/shistory/nsSHistory.cpp
+++ b/docshell/shistory/nsSHistory.cpp
@@ -3,16 +3,17 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "nsSHistory.h"
 
 #include <algorithm>
 
+#include "nsContentUtils.h"
 #include "nsCOMArray.h"
 #include "nsComponentManagerUtils.h"
 #include "nsDocShell.h"
 #include "nsIContentViewer.h"
 #include "nsIDocShell.h"
 #include "nsDocShellLoadState.h"
 #include "nsIDocShellTreeItem.h"
 #include "nsILayoutHistoryState.h"
@@ -1589,16 +1590,18 @@ nsSHistory::InitiateLoad(nsISHEntry* aFr
   nsCOMPtr<nsIURI> originalURI = aFrameEntry->GetOriginalURI();
   loadState->SetOriginalURI(originalURI);
 
   loadState->SetLoadReplace(aFrameEntry->GetLoadReplace());
 
   nsCOMPtr<nsIURI> newURI = aFrameEntry->GetURI();
   loadState->SetURI(newURI);
   loadState->SetLoadFlags(nsIWebNavigation::LOAD_FLAGS_NONE);
+  // TODO fix principal here in Bug 1508642
+  loadState->SetTriggeringPrincipal(nsContentUtils::GetSystemPrincipal());
   loadState->SetFirstParty(false);
 
   // Time to initiate a document load
   return aFrameDS->LoadURI(loadState);
 }
 
 NS_IMETHODIMP_(void)
 nsSHistory::SetRootDocShell(nsIDocShell* aDocShell)