Bug 762409 - localStorage throws 'The operation is insecure.' error with document.domain, r=bz
authorHonza Bambas <honzab.moz@firemni.cz>
Thu, 14 Jun 2012 02:48:09 +0200
changeset 96606 b30e903d23a0
parent 96605 8cf5423b0213
child 96607 7625b37383fe
child 96646 2de6261cc1e8
push id22923
push userhonzab.moz@firemni.cz
push date2012-06-14 00:48 +0000
treeherdermozilla-central@b30e903d23a0 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbz
bugs762409
milestone16.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 762409 - localStorage throws 'The operation is insecure.' error with document.domain, r=bz
dom/src/storage/nsDOMStorage.cpp
--- a/dom/src/storage/nsDOMStorage.cpp
+++ b/dom/src/storage/nsDOMStorage.cpp
@@ -1694,21 +1694,32 @@ nsDOMStorage::CanAccessSystem(nsIPrincip
 bool
 nsDOMStorage::CanAccess(nsIPrincipal *aPrincipal)
 {
   // Allow C++ callers to access the storage
   if (!aPrincipal)
     return true;
 
   // Allow more powerful principals (e.g. system) to access the storage
+
+  // For content, either the code base or domain must be the same.  When code
+  // base is the same, this is enough to say it is safe for a page to access
+  // this storage.
+
   bool subsumes;
   nsresult rv = aPrincipal->SubsumesIgnoringDomain(mPrincipal, &subsumes);
   if (NS_FAILED(rv))
     return false;
 
+  if (!subsumes) {
+    nsresult rv = aPrincipal->Subsumes(mPrincipal, &subsumes);
+    if (NS_FAILED(rv))
+      return false;
+  }
+
   return subsumes;
 }
 
 nsPIDOMStorage::nsDOMStorageType
 nsDOMStorage::StorageType()
 {
   return mStorageType;
 }