Bug 1468912 - Don't use system principal for calendar server connections; r=philipp
authorMakeMyDay <makemyday@gmx-topmail.de>
Sun, 20 Jan 2019 16:44:07 +0100
changeset 34261 94a2a4100e98356c27dbe3f9eeda80a20bf32135
parent 34260 51560879ea988f7a0fe45a6d9ccadca995948f91
child 34262 a0a854d99ee07836775ef135aab693f53ce3ccc2
push id389
push userclokep@gmail.com
push dateMon, 18 Mar 2019 19:01:53 +0000
reviewersphilipp
bugs1468912
Bug 1468912 - Don't use system principal for calendar server connections; r=philipp
calendar/base/modules/utils/calProviderUtils.jsm
--- a/calendar/base/modules/utils/calProviderUtils.jsm
+++ b/calendar/base/modules/utils/calProviderUtils.jsm
@@ -32,19 +32,23 @@ var calprovider = {
      *                                                            string will be converted to an
      *                                                            input stream.
      * @param {String} aContentType                             Value for Content-Type header, if any
      * @param {nsIInterfaceRequestor} aNotificationCallbacks    Calendar using channel
      * @param {?nsIChannel} aExisting                           An existing channel to modify (optional)
      * @return {nsIChannel}                                     The prepared channel
      */
     prepHttpChannel: function(aUri, aUploadData, aContentType, aNotificationCallbacks, aExisting=null) {
+        // We cannot use a system principal here, since the conncetion setup would fail if
+        // same-site cookie protection is enabled in TB and server-side.
+        let principal = aExisting ? null
+                                  : Services.scriptSecurityManager.createCodebasePrincipal(aUri, {});
         let channel = aExisting || Services.io.newChannelFromURI2(aUri,
                                                                   null,
-                                                                  Services.scriptSecurityManager.getSystemPrincipal(),
+                                                                  principal,
                                                                   null,
                                                                   Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
                                                                   Ci.nsIContentPolicy.TYPE_OTHER);
         let httpchannel = channel.QueryInterface(Ci.nsIHttpChannel);
 
         httpchannel.setRequestHeader("Accept", "text/xml", false);
         httpchannel.setRequestHeader("Accept-Charset", "utf-8,*;q=0.1", false);
         httpchannel.loadFlags |= Ci.nsIRequest.LOAD_BYPASS_CACHE;