Bug 1063730 - Require HTTPS for Screen/window sharing. r=mt,sstamm
authorEKR <ekr@rtfm.com>
Wed, 10 Sep 2014 15:01:44 -0700
changeset 227912 b0f9e80e8255e2ecc3af882403251d01c2e631ae
parent 227911 b58fabead3f9f059f5f1f0f75ed9f92cb2c22716
child 227913 bbbe6b29420691d62894f1c718eaf81590ae1f1b
push id4187
push userbhearsum@mozilla.com
push dateFri, 28 Nov 2014 15:29:12 +0000
treeherdermozilla-beta@f23cc6a30c11 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmt, sstamm
bugs1063730
milestone35.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1063730 - Require HTTPS for Screen/window sharing. r=mt,sstamm
dom/media/MediaManager.cpp
--- a/dom/media/MediaManager.cpp
+++ b/dom/media/MediaManager.cpp
@@ -130,27 +130,37 @@ HostInDomain(const nsCString &aHost, con
 
   nsDependentCString hostRoot(aHost, hostOffset);
   return hostRoot.EqualsIgnoreCase(aPattern.BeginReading() + patternOffset);
 }
 
 static bool
 HostHasPermission(nsIURI &docURI)
 {
+  nsresult rv;
+
+  bool isHttps;
+  rv = docURI.SchemeIs("https",&isHttps);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return false;
+  }
+  if (!isHttps) {
+    return false;
+  }
+
   nsAdoptingCString hostName;
   docURI.GetAsciiHost(hostName); //normalize UTF8 to ASCII equivalent
   nsAdoptingCString domainWhiteList =
     Preferences::GetCString("media.getusermedia.screensharing.allowed_domains");
   domainWhiteList.StripWhitespace();
 
   if (domainWhiteList.IsEmpty() || hostName.IsEmpty()) {
     return false;
   }
 
-  nsresult rv;
   // Get UTF8 to ASCII domain name normalization service
   nsCOMPtr<nsIIDNService> idnService
     = do_GetService("@mozilla.org/network/idn-service;1", &rv);
   if (NS_WARN_IF(NS_FAILED(rv))) {
     return false;
   }
 
   uint32_t begin = 0;