Bug 707893 - Ignore X-Frame-Options on b2g. r=bz
authorJustin Lebar <justin.lebar@gmail.com>
Thu, 22 Dec 2011 11:51:00 -0500
changeset 84563 00f4c8c5bcc7d1663303111fb8e82e4c11c37391
parent 84562 d25808a37646338e1d88031d45aef5422a916777
child 84564 25224a78f895a98acca5cc9db2d47239fb266d84
push id805
push userakeybl@mozilla.com
push dateWed, 01 Feb 2012 18:17:35 +0000
treeherdermozilla-aurora@6fb3bf232436 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbz
bugs707893
milestone12.0a1
Bug 707893 - Ignore X-Frame-Options on b2g. r=bz
b2g/app/b2g.js
docshell/base/nsDSURIContentListener.cpp
--- a/b2g/app/b2g.js
+++ b/b2g/app/b2g.js
@@ -385,8 +385,11 @@ pref("security.fileuri.strict_origin_pol
 // Temporarily force-enable GL compositing.  This is default-disabled
 // deep within the bowels of the widgetry system.  Remove me when GL
 // compositing isn't default disabled in widget/src/android.
 pref("layers.acceleration.force-enabled", true);
 
 // screen.enabled and screen.brightness properties.
 pref("dom.screenEnabledProperty.enabled", true);
 pref("dom.screenBrightnessProperty.enabled", true);
+
+// Ignore X-Frame-Options headers.
+pref("b2g.ignoreXFrameOptions", true);
--- a/docshell/base/nsDSURIContentListener.cpp
+++ b/docshell/base/nsDSURIContentListener.cpp
@@ -43,25 +43,41 @@
 #include "nsXPIDLString.h"
 #include "nsDocShellCID.h"
 #include "nsIWebNavigationInfo.h"
 #include "nsIDOMWindow.h"
 #include "nsAutoPtr.h"
 #include "nsIHttpChannel.h"
 #include "nsIScriptSecurityManager.h"
 #include "nsNetError.h"
+#include "mozilla/Preferences.h"
+
+using namespace mozilla;
+
+static bool sIgnoreXFrameOptions = false;
 
 //*****************************************************************************
 //***    nsDSURIContentListener: Object Management
 //*****************************************************************************
 
 nsDSURIContentListener::nsDSURIContentListener(nsDocShell* aDocShell)
     : mDocShell(aDocShell), 
       mParentContentListener(nsnull)
 {
+  static bool initializedPrefCache = false;
+
+  // Set up a pref cache for sIgnoreXFrameOptions, if we haven't already.
+  if (NS_UNLIKELY(!initializedPrefCache)) {
+    // Lock the pref so that the user's changes to it, if any, are ignored.
+    nsIPrefBranch2 *root = Preferences::GetRootBranch();
+    root->LockPref("b2g.ignoreXFrameOptions");
+
+    Preferences::AddBoolVarCache(&sIgnoreXFrameOptions, "b2g.ignoreXFrameOptions");
+    initializedPrefCache = true;
+  }
 }
 
 nsDSURIContentListener::~nsDSURIContentListener()
 {
 }
 
 nsresult
 nsDSURIContentListener::Init() 
@@ -116,17 +132,18 @@ nsDSURIContentListener::DoContent(const 
                                   nsIStreamListener** aContentHandler,
                                   bool* aAbortProcess)
 {
     nsresult rv;
     NS_ENSURE_ARG_POINTER(aContentHandler);
     NS_ENSURE_TRUE(mDocShell, NS_ERROR_FAILURE);
 
     // Check whether X-Frame-Options permits us to load this content in an
-    // iframe
+    // iframe and abort the load (unless we've disabled x-frame-options
+    // checking).
     if (!CheckFrameOptions(request)) {
         *aAbortProcess = true;
         return NS_OK;
     }
 
     *aAbortProcess = false;
 
     // determine if the channel has just been retargeted to us...
@@ -282,16 +299,21 @@ nsDSURIContentListener::SetParentContent
         mParentContentListener = nsnull;
     }
     return NS_OK;
 }
 
 // Check if X-Frame-Options permits this document to be loaded as a subdocument.
 bool nsDSURIContentListener::CheckFrameOptions(nsIRequest* request)
 {
+    // If X-Frame-Options checking is disabled, return true unconditionally.
+    if (sIgnoreXFrameOptions) {
+        return true;
+    }
+
     nsCAutoString xfoHeaderValue;
 
     nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(request);
     if (!httpChannel) {
         return true;
     }
 
     httpChannel->GetResponseHeader(NS_LITERAL_CSTRING("X-Frame-Options"),