Bug 600813 - Remove PUT and DELETE form methods. r=backout a=blocking-b7
authorMounir Lamouri <mounir.lamouri@gmail.com>
Thu, 30 Sep 2010 16:48:52 -0700
changeset 54821 decd45d66d66d6b4b91b4186ca6e40b2a63efdea
parent 52368 83bcf895eff70ada0a8213ebd068be2335ea2ba6
child 54822 b57b428e8e7100de54ae94ff723719665222936a
push id16042
push usermlamouri@mozilla.com
push dateFri, 01 Oct 2010 00:12:59 +0000
treeherdermozilla-central@669eb2d837d7 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbackout, blocking-b7
bugs600813
milestone2.0b6pre
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 600813 - Remove PUT and DELETE form methods. r=backout a=blocking-b7
docshell/base/nsDocShell.cpp
docshell/base/nsDocShell.h
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@@ -5885,17 +5885,17 @@ nsDocShell::OnRedirectStateChange(nsICha
     nsCOMPtr<nsIURI> oldURI, newURI;
     aOldChannel->GetURI(getter_AddRefs(oldURI));
     aNewChannel->GetURI(getter_AddRefs(newURI));
     if (!oldURI || !newURI) {
         return NS_OK;
     }
 
     // HTTP channel with unsafe methods should not be redirected to a cross-domain.
-    if (!ChannelIsSafeHTTPMethod(aNewChannel)) {
+    if (!ChannelIsSafeMethod(aNewChannel)) {
         // This code is very similar to the code of nsSameOriginChecker in
         // nsContentUtils but we can't use nsSameOriginChecker because it
         // needs to use a channel callback (which we already use).
         // If nsSameOriginChecker happens to not use a channel callback
         // anymore, this code would be a good candidate for refactoring.
         nsCOMPtr<nsIPrincipal> oldPrincipal;
         nsresult rv;
 
@@ -8786,17 +8786,17 @@ nsDocShell::DoURILoad(nsIURI * aURI,
                                                    &isSystem)) &&
             !isSystem) {
             channel->SetOwner(aOwner);
         }
     }
 
     // If a specific HTTP channel has been set and it is not a safe method,
     // we should prevent cross-origin requests.
-    if (aHttpMethod && ownerPrincipal && !ChannelIsSafeHTTPMethod(channel)) {
+    if (aHttpMethod && ownerPrincipal && !ChannelIsSafeMethod(channel)) {
         if (NS_FAILED(ownerPrincipal->CheckMayLoad(aURI, PR_FALSE))) {
             return NS_OK;
         }
     }
 
     nsCOMPtr<nsIScriptChannel> scriptChannel = do_QueryInterface(channel);
     if (scriptChannel) {
         // Allow execution against our context if the principals match
@@ -10433,21 +10433,21 @@ nsDocShell::ChannelIsPost(nsIChannel* aC
 
     nsCAutoString method;
     httpChannel->GetRequestMethod(method);
     return method.Equals("POST");
 }
 
 /* static */
 bool
-nsDocShell::ChannelIsSafeHTTPMethod(nsIChannel* aChannel)
+nsDocShell::ChannelIsSafeMethod(nsIChannel* aChannel)
 {
     nsCOMPtr<nsIHttpChannel> httpChannel(do_QueryInterface(aChannel));
     if (!httpChannel) {
-        return true;
+        return false;
     }
 
     nsCAutoString method;
     httpChannel->GetRequestMethod(method);
     return method.Equals("GET") || method.Equals("POST") ||
            method.Equals("HEAD");
 }
 
--- a/docshell/base/nsDocShell.h
+++ b/docshell/base/nsDocShell.h
@@ -452,19 +452,19 @@ protected:
      static bool ChannelIsPost(nsIChannel* aChannel);
 
      /**
       * Helper function that determines if the HTTP channel has a safe method
       *
       * @param aChannel The channel to test
       *
       * @return Whether the channel has a safe HTTP method.
-      * @note Will return true if the channel isn't an HTTP channel.
+      * @note Will return false if the channel isn't an HTTP channel.
       */
-     static bool ChannelIsSafeHTTPMethod(nsIChannel* aChannel);
+     static bool ChannelIsSafeMethod(nsIChannel* aChannel);
 
     /**
      * Helper function that finds the last URI and its transition flags for a
      * channel.
      *
      * This method first checks the channel's property bag to see if previous
      * info has been saved.  If not, it gives back the referrer of the channel.
      *