Bug 1181370: Update CheckURL to set the incumbent document's principal as the triggeringPrincipal. r=bz
authorChristoph Kerschbaumer <ckerschb@christophkerschbaumer.com>
Tue, 26 Jul 2016 12:46:01 +0200
changeset 331774 1b0a671de425ccad3460a9e9d02935a4472f04df
parent 331773 64900003b7cc5cc029f9b77110cf778056851589
child 331775 6d182ecbd61eed21483fbbacc2241098ce70793e
push id9858
push userjlund@mozilla.com
push dateMon, 01 Aug 2016 14:37:10 +0000
treeherdermozilla-aurora@203106ef6cb6 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbz
bugs1181370
milestone50.0a1
Bug 1181370: Update CheckURL to set the incumbent document's principal as the triggeringPrincipal. r=bz
docshell/base/nsDocShell.cpp
dom/base/nsLocation.cpp
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@@ -10779,17 +10779,18 @@ nsDocShell::DoURILoad(nsIURI* aURI,
       return NS_OK;
     }
   }
 
   bool isSandBoxed = mSandboxFlags & SANDBOXED_ORIGIN;
   // only inherit if we have a triggeringPrincipal
   bool inherit = false;
 
-  // Get triggeringPrincipal.  This code should be updated by bug 1181370.
+  // Getting the right triggeringPrincipal needs to be updated and is only
+  // ready for use once bug 1182569 landed.
   // Until then, we cannot rely on the triggeringPrincipal for TYPE_DOCUMENT
   // or TYPE_SUBDOCUMENT loads.  Notice the triggeringPrincipal falls back to
   // systemPrincipal below.
   nsCOMPtr<nsIPrincipal> triggeringPrincipal = do_QueryInterface(aOwner);
   if (triggeringPrincipal) {
     inherit = nsContentUtils::ChannelShouldInheritPrincipal(
       triggeringPrincipal,
       aURI,
--- a/dom/base/nsLocation.cpp
+++ b/dom/base/nsLocation.cpp
@@ -128,56 +128,68 @@ nsLocation::CheckURL(nsIURI* aURI, nsIDo
     NS_ENSURE_SUCCESS(rv, rv);
 
     // Make the load's referrer reflect changes to the document's URI caused by
     // push/replaceState, if possible.  First, get the document corresponding to
     // fp.  If the document's original URI (i.e. its URI before
     // push/replaceState) matches the principal's URI, use the document's
     // current URI as the referrer.  If they don't match, use the principal's
     // URI.
+    //
+    // The triggering principal for this load should be the principal of the
+    // incumbent document (which matches where the referrer information is
+    // coming from) when there is an incumbent document, and the subject
+    // principal otherwise.  Note that the URI in the triggering principal
+    // may not match the referrer URI in various cases, notably including
+    // the cases when the incumbent document's document URI was modified
+    // after the document was loaded.
 
-    nsCOMPtr<nsIDocument> doc;
-    nsCOMPtr<nsIURI> docOriginalURI, docCurrentURI, principalURI;
     nsCOMPtr<nsPIDOMWindowInner> incumbent =
       do_QueryInterface(mozilla::dom::GetIncumbentGlobal());
-    if (incumbent) {
-      doc = incumbent->GetDoc();
-    }
+    nsCOMPtr<nsIDocument> doc = incumbent ? incumbent->GetDoc() : nullptr;
+
     if (doc) {
+      nsCOMPtr<nsIURI> docOriginalURI, docCurrentURI, principalURI;
       docOriginalURI = doc->GetOriginalURI();
       docCurrentURI = doc->GetDocumentURI();
       rv = doc->NodePrincipal()->GetURI(getter_AddRefs(principalURI));
       NS_ENSURE_SUCCESS(rv, rv);
+
+      owner = doc->NodePrincipal();
       referrerPolicy = doc->GetReferrerPolicy();
-    }
-
-    bool urisEqual = false;
-    if (docOriginalURI && docCurrentURI && principalURI) {
-      principalURI->Equals(docOriginalURI, &urisEqual);
-    }
 
-    if (urisEqual) {
-      sourceURI = docCurrentURI;
-    }
-    else {
-      // Use principalURI as long as it is not an nsNullPrincipalURI.
-      // We could add a method such as GetReferrerURI to principals to make this
-      // cleaner, but given that we need to start using Source Browsing Context
-      // for referrer (see Bug 960639) this may be wasted effort at this stage.
-      if (principalURI) {
-        bool isNullPrincipalScheme;
-        rv = principalURI->SchemeIs(NS_NULLPRINCIPAL_SCHEME,
-                                    &isNullPrincipalScheme);
-        if (NS_SUCCEEDED(rv) && !isNullPrincipalScheme) {
-          sourceURI = principalURI;
+      bool urisEqual = false;
+      if (docOriginalURI && docCurrentURI && principalURI) {
+        principalURI->Equals(docOriginalURI, &urisEqual);
+      }
+      if (urisEqual) {
+        sourceURI = docCurrentURI;
+      }
+      else {
+        // Use principalURI as long as it is not an nsNullPrincipalURI.
+        // We could add a method such as GetReferrerURI to principals to make this
+        // cleaner, but given that we need to start using Source Browsing Context
+        // for referrer (see Bug 960639) this may be wasted effort at this stage.
+        if (principalURI) {
+          bool isNullPrincipalScheme;
+          rv = principalURI->SchemeIs(NS_NULLPRINCIPAL_SCHEME,
+                                     &isNullPrincipalScheme);
+          if (NS_SUCCEEDED(rv) && !isNullPrincipalScheme) {
+            sourceURI = principalURI;
+          }
         }
       }
     }
-
-    owner = nsContentUtils::SubjectPrincipal();
+    else {
+      // No document; determine triggeringPrincipal by quering the
+      // subjectPrincipal, wich is the principal of the current JS
+      // compartment, or a null principal in case there is no
+      // compartment yet.
+      owner = nsContentUtils::SubjectPrincipal();
+    }
   }
 
   // Create load info
   nsCOMPtr<nsIDocShellLoadInfo> loadInfo;
   docShell->CreateLoadInfo(getter_AddRefs(loadInfo));
   NS_ENSURE_TRUE(loadInfo, NS_ERROR_FAILURE);
 
   loadInfo->SetOwner(owner);