Bug 1199049 - Part 11: Make it impossible to start CORS preflights from outside of Necko; r=jduell,ckerschb,sicking
authorEhsan Akhgari <ehsan@mozilla.com>
Fri, 28 Aug 2015 11:25:04 -0400
changeset 294830 7117493f38b2712ef8d0713a55a44d8a83cb2200
parent 294829 f3e4bb1f935c7fcaa794df46781591c78ba5d4e6
child 294831 b0ee24b21b2ad27962d6affa3ec06c652af68a53
push id5245
push userraliiev@mozilla.com
push dateThu, 29 Oct 2015 11:30:51 +0000
treeherdermozilla-beta@dac831dc1bd0 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjduell, ckerschb, sicking
bugs1199049
milestone43.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1199049 - Part 11: Make it impossible to start CORS preflights from outside of Necko; r=jduell,ckerschb,sicking
netwerk/protocol/http/nsCORSListenerProxy.cpp
netwerk/protocol/http/nsCORSListenerProxy.h
netwerk/protocol/http/nsHttpChannel.cpp
--- a/netwerk/protocol/http/nsCORSListenerProxy.cpp
+++ b/netwerk/protocol/http/nsCORSListenerProxy.cpp
@@ -1285,23 +1285,23 @@ nsCORSListenerProxy::RemoveFromCorsPrefl
 {
   MOZ_ASSERT(XRE_IsParentProcess());
   if (sPreflightCache) {
     sPreflightCache->RemoveEntries(aURI, aRequestingPrincipal);
   }
 }
 
 nsresult
-NS_StartCORSPreflight(nsIChannel* aRequestChannel,
-                      nsIStreamListener* aListener,
-                      nsIPrincipal* aPrincipal,
-                      nsICorsPreflightCallback* aCallback,
-                      bool aWithCredentials,
-                      nsTArray<nsCString>& aUnsafeHeaders,
-                      nsIChannel** aPreflightChannel)
+nsCORSListenerProxy::StartCORSPreflight(nsIChannel* aRequestChannel,
+                                        nsIStreamListener* aListener,
+                                        nsIPrincipal* aPrincipal,
+                                        nsICorsPreflightCallback* aCallback,
+                                        bool aWithCredentials,
+                                        nsTArray<nsCString>& aUnsafeHeaders,
+                                        nsIChannel** aPreflightChannel)
 {
   *aPreflightChannel = nullptr;
 
   nsAutoCString method;
   nsCOMPtr<nsIHttpChannel> httpChannel(do_QueryInterface(aRequestChannel));
   NS_ENSURE_TRUE(httpChannel, NS_ERROR_UNEXPECTED);
   httpChannel->GetRequestMethod(method);
 
--- a/netwerk/protocol/http/nsCORSListenerProxy.h
+++ b/netwerk/protocol/http/nsCORSListenerProxy.h
@@ -19,28 +19,20 @@
 #include "nsIThreadRetargetableStreamListener.h"
 #include "mozilla/Attributes.h"
 
 class nsIURI;
 class nsIPrincipal;
 class nsINetworkInterceptController;
 class nsICorsPreflightCallback;
 
-nsresult
-NS_StartCORSPreflight(nsIChannel* aRequestChannel,
-                      nsIStreamListener* aListener,
-                      nsIPrincipal* aPrincipal,
-                      nsICorsPreflightCallback* aCallback,
-                      bool aWithCredentials,
-                      nsTArray<nsCString>& aACUnsafeHeaders,
-                      nsIChannel** aPreflightChannel);
-
 namespace mozilla {
 namespace net {
 class HttpChannelParent;
+class nsHttpChannel;
 }
 }
 
 enum class DataURIHandling
 {
   Allow,
   Disallow
 };
@@ -50,21 +42,16 @@ class nsCORSListenerProxy final : public
                                   public nsIChannelEventSink,
                                   public nsIAsyncVerifyRedirectCallback,
                                   public nsIThreadRetargetableStreamListener
 {
 public:
   nsCORSListenerProxy(nsIStreamListener* aOuter,
                       nsIPrincipal* aRequestingPrincipal,
                       bool aWithCredentials);
-  nsCORSListenerProxy(nsIStreamListener* aOuter,
-                      nsIPrincipal* aRequestingPrincipal,
-                      bool aWithCredentials,
-                      const nsCString& aPreflightMethod,
-                      const nsTArray<nsCString>& aPreflightHeaders);
 
   NS_DECL_ISUPPORTS
   NS_DECL_NSIREQUESTOBSERVER
   NS_DECL_NSISTREAMLISTENER
   NS_DECL_NSIINTERFACEREQUESTOR
   NS_DECL_NSICHANNELEVENTSINK
   NS_DECL_NSIASYNCVERIFYREDIRECTCALLBACK
   NS_DECL_NSITHREADRETARGETABLESTREAMLISTENER
@@ -76,20 +63,36 @@ public:
 
   nsresult Init(nsIChannel* aChannel, DataURIHandling aAllowDataURI);
 
   void SetInterceptController(nsINetworkInterceptController* aInterceptController);
 
 private:
   // Only HttpChannelParent can call RemoveFromCorsPreflightCache
   friend class mozilla::net::HttpChannelParent;
+  // Only nsHttpChannel can invoke CORS preflights
+  friend class mozilla::net::nsHttpChannel;
 
   static void RemoveFromCorsPreflightCache(nsIURI* aURI,
                                            nsIPrincipal* aRequestingPrincipal);
 
+  nsCORSListenerProxy(nsIStreamListener* aOuter,
+                      nsIPrincipal* aRequestingPrincipal,
+                      bool aWithCredentials,
+                      const nsCString& aPreflightMethod,
+                      const nsTArray<nsCString>& aPreflightHeaders);
+
+  static nsresult StartCORSPreflight(nsIChannel* aRequestChannel,
+                                     nsIStreamListener* aListener,
+                                     nsIPrincipal* aPrincipal,
+                                     nsICorsPreflightCallback* aCallback,
+                                     bool aWithCredentials,
+                                     nsTArray<nsCString>& aACUnsafeHeaders,
+                                     nsIChannel** aPreflightChannel);
+
   ~nsCORSListenerProxy();
 
   nsresult UpdateChannel(nsIChannel* aChannel, DataURIHandling aAllowDataURI);
   nsresult CheckRequestApproved(nsIRequest* aRequest);
 
   nsCOMPtr<nsIStreamListener> mOuterListener;
   // The principal that originally kicked off the request
   nsCOMPtr<nsIPrincipal> mRequestingPrincipal;
--- a/netwerk/protocol/http/nsHttpChannel.cpp
+++ b/netwerk/protocol/http/nsHttpChannel.cpp
@@ -448,20 +448,22 @@ nsHttpChannel::Connect()
 nsresult
 nsHttpChannel::ContinueConnect()
 {
     // If we need to start a CORS preflight, do it now!
     // Note that it is important to do this before the early returns below.
     if (!mIsCorsPreflightDone && mRequireCORSPreflight &&
         mInterceptCache != INTERCEPTED) {
         nsCOMPtr<nsIChannel> preflightChannel;
-        nsresult rv = NS_StartCORSPreflight(this, mListener,
-                                            mPreflightPrincipal, this,
-                                            mWithCredentials, mUnsafeHeaders,
-                                            getter_AddRefs(preflightChannel));
+        nsresult rv =
+            nsCORSListenerProxy::StartCORSPreflight(this, mListener,
+                                                    mPreflightPrincipal, this,
+                                                    mWithCredentials,
+                                                    mUnsafeHeaders,
+                                                    getter_AddRefs(preflightChannel));
         return rv;
     }
 
     MOZ_RELEASE_ASSERT(!(mRequireCORSPreflight &&
                          mInterceptCache != INTERCEPTED) ||
                        mIsCorsPreflightDone,
                        "CORS preflight must have been finished by the time we "
                        "do the rest of ContinueConnect");