Bug 1608876 Refactor FramingChecker.cpp r=ckerschb
authorSebastian Streich <sstreich@mozilla.com>
Thu, 16 Jan 2020 13:13:10 +0000
changeset 510467 77f1197c3135a084da4257a90686ebb811f65c73
parent 510466 ec30f3802e220c0ba8251211237c560c97841e25
child 510468 22da0002e4a6d36022b83ad6ece81c3b9f4645f5
push id37023
push userncsoregi@mozilla.com
push dateThu, 16 Jan 2020 21:45:49 +0000
treeherdermozilla-central@3f72a81bd12c [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersckerschb
bugs1608876
milestone74.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1608876 Refactor FramingChecker.cpp r=ckerschb Differential Revision: https://phabricator.services.mozilla.com/D59745
dom/security/FramingChecker.cpp
--- a/dom/security/FramingChecker.cpp
+++ b/dom/security/FramingChecker.cpp
@@ -130,49 +130,46 @@ bool FramingChecker::CheckOneFrameOption
       !aPolicy.LowerCaseEqualsLiteral("sameorigin")) {
     ReportError("XFOInvalid", ctx, uri, aPolicy, innerWindowID);
     return true;
   }
 
   // If the X-Frame-Options value is SAMEORIGIN, then the top frame in the
   // parent chain must be from the same origin as this document.
   bool checkSameOrigin = aPolicy.LowerCaseEqualsLiteral("sameorigin");
-  nsCOMPtr<nsIScriptSecurityManager> ssm = nsContentUtils::GetSecurityManager();
-  nsCOMPtr<nsIURI> topUri;
 
   while (ctx) {
     nsCOMPtr<nsIPrincipal> principal;
     // If fission is enabled, then CheckOneFrameOptionsPolicy is called in the
     // parent process, otherwise in the content process. After Bug 1574372 we
     // should be able to remove that branching code for querying principal.
     if (XRE_IsParentProcess()) {
       WindowGlobalParent* window = ctx->Canonical()->GetCurrentWindowGlobal();
       if (window) {
         // Using the URI of the Principal and not the document because e.g.
         // window.open inherits the principal and hence the URI of the
         // opening context needed for same origin checks.
         principal = window->DocumentPrincipal();
-        principal->GetURI(getter_AddRefs(topUri));
       }
     } else if (nsPIDOMWindowOuter* windowOuter = ctx->GetDOMWindow()) {
       principal = nsGlobalWindowOuter::Cast(windowOuter)->GetPrincipal();
-      principal->GetURI(getter_AddRefs(topUri));
     }
 
     if (principal && principal->IsSystemPrincipal()) {
       return true;
     }
 
     if (checkSameOrigin) {
       bool isPrivateWin =
           principal && principal->OriginAttributesRef().mPrivateBrowsingId > 0;
-      nsresult rv = ssm->CheckSameOriginURI(uri, topUri, true, isPrivateWin);
+      bool isSameOrigin = false;
+      principal->IsSameOrigin(uri, isPrivateWin, &isSameOrigin);
       // one of the ancestors is not same origin as this document
-      if (NS_FAILED(rv)) {
-        ReportError("XFOSameOrigin", topUri, uri, aPolicy, innerWindowID);
+      if (!isSameOrigin) {
+        ReportError("XFOSameOrigin", ctx, uri, aPolicy, innerWindowID);
         return false;
       }
     }
     ctx = ctx->GetParent();
   }
 
   // If the value of the header is DENY, and the previous condition is
   // not met (current docshell is not the top docshell), prohibit the