Bug 1054646 - Part 1: Change nsNullPrincipal::CheckMayLoad to always allow loads when the principal of the URI in the principal doing the load. r=bz
authorBob Owen <bobowencode@gmail.com>
Tue, 30 Sep 2014 09:09:36 +0100
changeset 207924 b98c10254b3d46592b3ac60a969f9b64af03debd
parent 207923 e600bf4561424b35f4ed36c710d06fc34c72e922
child 207925 1fd5ac4a729ac8cb48b2471ed602f0bcd607648d
push id1
push userroot
push dateMon, 20 Oct 2014 17:29:22 +0000
reviewersbz
bugs1054646
milestone35.0a1
Bug 1054646 - Part 1: Change nsNullPrincipal::CheckMayLoad to always allow loads when the principal of the URI in the principal doing the load. r=bz
caps/nsIPrincipal.idl
caps/nsNullPrincipal.cpp
--- a/caps/nsIPrincipal.idl
+++ b/caps/nsIPrincipal.idl
@@ -108,23 +108,19 @@ interface nsIPrincipal : nsISerializable
     }
     %}
 
     /**
      * Checks whether this principal is allowed to load the network resource
      * located at the given URI under the same-origin policy. This means that
      * codebase principals are only allowed to load resources from the same
      * domain, the system principal is allowed to load anything, and null
-     * principals are not allowed to load anything. This is changed slightly
-     * by the optional flag allowIfInheritsPrincipal (which defaults to false)
-     * which allows the load of a data: URI (which inherits the principal of
-     * its loader) or a URI with the same principal as its loader (eg. a
-     * Blob URI).
-     * In these cases, with allowIfInheritsPrincipal set to true, the URI can
-     * be loaded by a null principal.
+     * principals can only load URIs where they are the principal. This is
+     * changed by the optional flag allowIfInheritsPrincipal (which defaults to
+     * false) which allows URIs that inherit their loader's principal.
      *
      * If the load is allowed this function does nothing. If the load is not
      * allowed the function throws NS_ERROR_DOM_BAD_URI.
      *
      * NOTE: Other policies might override this, such as the Access-Control
      *       specification.
      * NOTE: The 'domain' attribute has no effect on the behaviour of this
      *       function.
--- a/caps/nsNullPrincipal.cpp
+++ b/caps/nsNullPrincipal.cpp
@@ -234,27 +234,26 @@ nsNullPrincipal::SubsumesConsideringDoma
 
 NS_IMETHODIMP
 nsNullPrincipal::CheckMayLoad(nsIURI* aURI, bool aReport, bool aAllowIfInheritsPrincipal)
  {
   if (aAllowIfInheritsPrincipal) {
     if (nsPrincipal::IsPrincipalInherited(aURI)) {
       return NS_OK;
     }
+  }
 
-    // Also allow the load if the principal of the URI being checked is exactly
-    // us ie this.
-    nsCOMPtr<nsIURIWithPrincipal> uriPrinc = do_QueryInterface(aURI);
-    if (uriPrinc) {
-      nsCOMPtr<nsIPrincipal> principal;
-      uriPrinc->GetPrincipal(getter_AddRefs(principal));
+  // Also allow the load if we are the principal of the URI being checked.
+  nsCOMPtr<nsIURIWithPrincipal> uriPrinc = do_QueryInterface(aURI);
+  if (uriPrinc) {
+    nsCOMPtr<nsIPrincipal> principal;
+    uriPrinc->GetPrincipal(getter_AddRefs(principal));
 
-      if (principal && principal == this) {
-        return NS_OK;
-      }
+    if (principal == this) {
+      return NS_OK;
     }
   }
 
   if (aReport) {
     nsScriptSecurityManager::ReportError(
       nullptr, NS_LITERAL_STRING("CheckSameOriginError"), mURI, aURI);
   }