Bug 515460 - enforce CSP during object redirects, r=jst, a=dholbert_sheriff
authorBrandon Sterne <bsterne@mozilla.com>
Fri, 23 Apr 2010 12:51:25 -0700
changeset 41208 1a5ca9c3093dbd1bb07c4e14186c0285de627329
parent 41207 8a61833bbd337138eb355faf4cc7633b8d451e9a
child 41209 58a2e617bf997dcf8558cff9a32cea7f6846d88d
push idunknown
push userunknown
push dateunknown
reviewersjst, dholbert_sheriff
bugs515460
milestone1.9.3a5pre
Bug 515460 - enforce CSP during object redirects, r=jst, a=dholbert_sheriff
content/base/src/nsObjectLoadingContent.cpp
--- a/content/base/src/nsObjectLoadingContent.cpp
+++ b/content/base/src/nsObjectLoadingContent.cpp
@@ -87,16 +87,19 @@
 #include "nsStyleUtil.h"
 #include "nsGUIEvent.h"
 
 // Concrete classes
 #include "nsFrameLoader.h"
 
 #include "nsObjectLoadingContent.h"
 #include "mozAutoDocUpdate.h"
+#include "nsIContentSecurityPolicy.h"
+#include "nsIChannelPolicy.h"
+#include "nsChannelPolicy.h"
 
 #ifdef PR_LOGGING
 static PRLogModuleInfo* gObjectLog = PR_NewLogModule("objlc");
 #endif
 
 #define LOG(args) PR_LOG(gObjectLog, PR_LOG_DEBUG, args)
 #define LOG_ENABLED() PR_LOG_TEST(gObjectLog, PR_LOG_DEBUG)
 
@@ -1418,18 +1421,28 @@ nsObjectLoadingContent::LoadObject(nsIUR
       UpdateFallbackState(thisContent, fallback, aTypeHint);
     }
 
     return NS_OK;
   }
 
   nsCOMPtr<nsILoadGroup> group = doc->GetDocumentLoadGroup();
   nsCOMPtr<nsIChannel> chan;
+  nsCOMPtr<nsIChannelPolicy> channelPolicy;
+  nsCOMPtr<nsIContentSecurityPolicy> csp;
+  rv = doc->NodePrincipal()->GetCsp(getter_AddRefs(csp));
+  NS_ENSURE_SUCCESS(rv, rv);
+  if (csp) {
+    channelPolicy = do_CreateInstance("@mozilla.org/nschannelpolicy;1");
+    channelPolicy->SetContentSecurityPolicy(csp);
+    channelPolicy->SetLoadType(nsIContentPolicy::TYPE_OBJECT);
+  }
   rv = NS_NewChannel(getter_AddRefs(chan), aURI, nsnull, group, this,
-                     nsIChannel::LOAD_CALL_CONTENT_SNIFFERS);
+                     nsIChannel::LOAD_CALL_CONTENT_SNIFFERS, 
+                     channelPolicy);
   NS_ENSURE_SUCCESS(rv, rv);
 
   // Referrer
   nsCOMPtr<nsIHttpChannel> httpChan(do_QueryInterface(chan));
   if (httpChan) {
     httpChan->SetReferrer(doc->GetDocumentURI());
   }