Bug 1277524 - Add moz-extension to the list of potentially trustworthy origins. r=tanvi
authorJohann Hofmann <jhofmann@mozilla.com>
Thu, 02 Jun 2016 17:14:27 +0200
changeset 346675 82e3f2a1196a227ce83ae8e0d53d5c2b273205a5
parent 346572 94968a940273882150fc98556d4abf961b287ad8
child 346676 e1ac106612412ecf23e8cc0faff7519b03728c37
push id6389
push userraliiev@mozilla.com
push dateMon, 19 Sep 2016 13:38:22 +0000
treeherdermozilla-beta@01d67bfe6c81 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerstanvi
bugs1277524
milestone50.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1277524 - Add moz-extension to the list of potentially trustworthy origins. r=tanvi MozReview-Commit-ID: BvR7Xb0AE9N
dom/security/nsContentSecurityManager.cpp
dom/security/test/unit/test_isOriginPotentiallyTrustworthy.js
--- a/dom/security/nsContentSecurityManager.cpp
+++ b/dom/security/nsContentSecurityManager.cpp
@@ -640,16 +640,17 @@ nsContentSecurityManager::IsOriginPotent
   // trust to other, vendor-specific URL schemes. We use this for "resource:",
   // which is technically a substituting protocol handler that is not limited to
   // local resource mapping, but in practice is never mapped remotely as this
   // would violate assumptions a lot of code makes.
   if (scheme.EqualsLiteral("https") ||
       scheme.EqualsLiteral("file") ||
       scheme.EqualsLiteral("resource") ||
       scheme.EqualsLiteral("app") ||
+      scheme.EqualsLiteral("moz-extension") ||
       scheme.EqualsLiteral("wss")) {
     *aIsTrustWorthy = true;
     return NS_OK;
   }
 
   nsAutoCString host;
   rv = uri->GetHost(host);
   if (NS_FAILED(rv)) {
--- a/dom/security/test/unit/test_isOriginPotentiallyTrustworthy.js
+++ b/dom/security/test/unit/test_isOriginPotentiallyTrustworthy.js
@@ -22,16 +22,17 @@ XPCOMUtils.defineLazyServiceGetter(this,
 add_task(function* test_isOriginPotentiallyTrustworthy() {
   for (let [uriSpec, expectedResult] of [
     ["http://example.com/", false],
     ["https://example.com/", true],
     ["http://localhost/", true],
     ["http://127.0.0.1/", true],
     ["file:///", true],
     ["resource:///", true],
+    ["moz-extension://", true],
     ["about:config", false],
     ["urn:generic", false],
   ]) {
     let uri = NetUtil.newURI(uriSpec);
     let principal = gScriptSecurityManager.getCodebasePrincipal(uri);
     Assert.equal(gContentSecurityManager.isOriginPotentiallyTrustworthy(principal),
                  expectedResult);
   }