Bug 1277524 - Add moz-extension to the list of potentially trustworthy origins. r?tanvi draft
authorJohann Hofmann <jhofmann@mozilla.com>
Thu, 02 Jun 2016 17:14:27 +0200
changeset 392304 dfe2d600b15a6cffd49be454b3394106c3ff9bb3
parent 392299 7c669d5d63efceb12696cd65cfa72c296013dafb
child 392305 759718dea882e10ce1307fca1b9d415c8f10c067
push id24006
push usermail@johann-hofmann.com
push dateMon, 25 Jul 2016 12:25:04 +0000
reviewerstanvi
bugs1277524
milestone50.0a1
Bug 1277524 - Add moz-extension to the list of potentially trustworthy origins. r?tanvi MozReview-Commit-ID: BvR7Xb0AE9N
dom/security/nsContentSecurityManager.cpp
dom/security/test/unit/test_isOriginPotentiallyTrustworthy.js
--- a/dom/security/nsContentSecurityManager.cpp
+++ b/dom/security/nsContentSecurityManager.cpp
@@ -640,16 +640,17 @@ nsContentSecurityManager::IsOriginPotent
   // trust to other, vendor-specific URL schemes. We use this for "resource:",
   // which is technically a substituting protocol handler that is not limited to
   // local resource mapping, but in practice is never mapped remotely as this
   // would violate assumptions a lot of code makes.
   if (scheme.EqualsLiteral("https") ||
       scheme.EqualsLiteral("file") ||
       scheme.EqualsLiteral("resource") ||
       scheme.EqualsLiteral("app") ||
+      scheme.EqualsLiteral("moz-extension") ||
       scheme.EqualsLiteral("wss")) {
     *aIsTrustWorthy = true;
     return NS_OK;
   }
 
   nsAutoCString host;
   rv = uri->GetHost(host);
   if (NS_FAILED(rv)) {
--- a/dom/security/test/unit/test_isOriginPotentiallyTrustworthy.js
+++ b/dom/security/test/unit/test_isOriginPotentiallyTrustworthy.js
@@ -22,16 +22,17 @@ XPCOMUtils.defineLazyServiceGetter(this,
 add_task(function* test_isOriginPotentiallyTrustworthy() {
   for (let [uriSpec, expectedResult] of [
     ["http://example.com/", false],
     ["https://example.com/", true],
     ["http://localhost/", true],
     ["http://127.0.0.1/", true],
     ["file:///", true],
     ["resource:///", true],
+    ["moz-extension://", true],
     ["about:config", false],
     ["urn:generic", false],
   ]) {
     let uri = NetUtil.newURI(uriSpec);
     let principal = gScriptSecurityManager.getCodebasePrincipal(uri);
     Assert.equal(gContentSecurityManager.isOriginPotentiallyTrustworthy(principal),
                  expectedResult);
   }