Bug 1572301 - Provide correct loadinfo in feedwriter.js. r=IanN a=IanN
authorFrank-Rainer Grahl <frgrahl@gmx.net>
Sun, 11 Aug 2019 14:18:43 +0200
changeset 32264 9808d6a96ac92330212e2c8a9e441e6550dae2f3
parent 32263 70f19359835b5bb33f830cd140d0e5159a120701
child 32265 b5591f82670fdfc851993e69e7821b36b78f8801
push id209
push userfrgrahl@gmx.net
push dateSun, 11 Aug 2019 12:21:39 +0000
treeherdercomm-esr60@7a01e33fff91 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersIanN, IanN
bugs1572301
Bug 1572301 - Provide correct loadinfo in feedwriter.js. r=IanN a=IanN
suite/components/feeds/FeedWriter.js
--- a/suite/components/feeds/FeedWriter.js
+++ b/suite/components/feeds/FeedWriter.js
@@ -1,27 +1,27 @@
 /* -*- Mode: Javascript; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 ChromeUtils.import("resource://gre/modules/Services.jsm");
 ChromeUtils.import("resource://gre/modules/XPCOMUtils.jsm");
+ChromeUtils.import("resource://gre/modules/NetUtil.jsm");
 
 const FEEDWRITER_CID = Components.ID("{49bb6593-3aff-4eb3-a068-2712c28bd58e}");
 const FEEDWRITER_CONTRACTID = "@mozilla.org/browser/feeds/result-writer;1";
 
 const XML_NS = "http://www.w3.org/XML/1998/namespace";
 const HTML_NS = "http://www.w3.org/1999/xhtml";
 const XUL_NS = "http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul";
 const TYPE_MAYBE_FEED = "application/vnd.mozilla.maybe.feed";
 const TYPE_MAYBE_AUDIO_FEED = "application/vnd.mozilla.maybe.audio.feed";
 const TYPE_MAYBE_VIDEO_FEED = "application/vnd.mozilla.maybe.video.feed";
 const STRING_BUNDLE_URI = "chrome://communicator/locale/feeds/subscribe.properties";
-const FEEDHANDLER_URI = "about:feeds";
 
 const PREF_SELECTED_APP = "browser.feeds.handlers.application";
 const PREF_SELECTED_WEB = "browser.feeds.handlers.webservice";
 const PREF_SELECTED_ACTION = "browser.feeds.handler";
 const PREF_SELECTED_READER = "browser.feeds.handler.default";
 
 const PREF_VIDEO_SELECTED_APP = "browser.videoFeeds.handlers.application";
 const PREF_VIDEO_SELECTED_WEB = "browser.videoFeeds.handlers.webservice";
@@ -968,29 +968,35 @@ FeedWriter.prototype = {
 
   /**
    * Returns the original URI object of the feed and ensures that this
    * component is only ever invoked from the preview document.
    * @param aWindow
    *        The window of the document invoking the BrowserFeedWriter
    */
   _getOriginalURI: function getOriginalURI(aWindow) {
-    var chan = aWindow.QueryInterface(Ci.nsIInterfaceRequestor)
-                      .getInterface(Ci.nsIWebNavigation)
-                      .QueryInterface(Ci.nsIDocShell)
-                      .currentDocumentChannel;
-    // The following channel is never openend, so it does not matter what
-    // securityFlags we pass; let's follow the principle of least privilege.
-    var ios = Services.io;
-    var channel = ios.newChannel2(FEEDHANDLER_URI, null, null, null,
-                                  this._feedprincipal,
-                                  null,
-                                  Ci.nsILoadInfo.SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED,
-                                  Ci.nsIContentPolicy.TYPE_OTHER);
-    var resolvedURI = channel.URI;
+    let docShell = aWindow.QueryInterface(Ci.nsIInterfaceRequestor)
+                          .getInterface(Ci.nsIWebNavigation)
+                          .QueryInterface(Ci.nsIDocShell);
+    let chan = docShell.currentDocumentChannel;
+
+    // We probably need to call Inherit() for this, but right now we can't call
+    // it from JS.
+    let attrs = docShell.getOriginAttributes();
+    let nullPrincipal = Services.scriptSecurityManager
+                                .createNullPrincipal(attrs);
+
+    // This channel is not going to be opened, use a nullPrincipal
+    // and the most restrictive securityFlag.
+    let resolvedURI = NetUtil.newChannel({
+      uri: "about:feeds",
+      loadingPrincipal: nullPrincipal,
+      securityFlags: Ci.nsILoadInfo.SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED,
+      contentPolicyType: Ci.nsIContentPolicy.TYPE_OTHER
+    }).URI;
 
     if (resolvedURI.equals(chan.URI))
       return chan.originalURI;
 
     return null;
   },
 
   _window: null,