Bug 1054646 - Part 1: Change nsNullPrincipal::CheckMayLoad to always allow loads when the principal of the URI in the principal doing the load. r=bz
authorBob Owen <bobowencode@gmail.com>
Tue, 30 Sep 2014 09:09:36 +0100
changeset 231139 b98c10254b3d46592b3ac60a969f9b64af03debd
parent 231138 e600bf4561424b35f4ed36c710d06fc34c72e922
child 231140 1fd5ac4a729ac8cb48b2471ed602f0bcd607648d
push id4187
push userbhearsum@mozilla.com
push dateFri, 28 Nov 2014 15:29:12 +0000
treeherdermozilla-beta@f23cc6a30c11 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbz
bugs1054646
milestone35.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1054646 - Part 1: Change nsNullPrincipal::CheckMayLoad to always allow loads when the principal of the URI in the principal doing the load. r=bz
caps/nsIPrincipal.idl
caps/nsNullPrincipal.cpp
--- a/caps/nsIPrincipal.idl
+++ b/caps/nsIPrincipal.idl
@@ -108,23 +108,19 @@ interface nsIPrincipal : nsISerializable
     }
     %}
 
     /**
      * Checks whether this principal is allowed to load the network resource
      * located at the given URI under the same-origin policy. This means that
      * codebase principals are only allowed to load resources from the same
      * domain, the system principal is allowed to load anything, and null
-     * principals are not allowed to load anything. This is changed slightly
-     * by the optional flag allowIfInheritsPrincipal (which defaults to false)
-     * which allows the load of a data: URI (which inherits the principal of
-     * its loader) or a URI with the same principal as its loader (eg. a
-     * Blob URI).
-     * In these cases, with allowIfInheritsPrincipal set to true, the URI can
-     * be loaded by a null principal.
+     * principals can only load URIs where they are the principal. This is
+     * changed by the optional flag allowIfInheritsPrincipal (which defaults to
+     * false) which allows URIs that inherit their loader's principal.
      *
      * If the load is allowed this function does nothing. If the load is not
      * allowed the function throws NS_ERROR_DOM_BAD_URI.
      *
      * NOTE: Other policies might override this, such as the Access-Control
      *       specification.
      * NOTE: The 'domain' attribute has no effect on the behaviour of this
      *       function.
--- a/caps/nsNullPrincipal.cpp
+++ b/caps/nsNullPrincipal.cpp
@@ -234,27 +234,26 @@ nsNullPrincipal::SubsumesConsideringDoma
 
 NS_IMETHODIMP
 nsNullPrincipal::CheckMayLoad(nsIURI* aURI, bool aReport, bool aAllowIfInheritsPrincipal)
  {
   if (aAllowIfInheritsPrincipal) {
     if (nsPrincipal::IsPrincipalInherited(aURI)) {
       return NS_OK;
     }
+  }
 
-    // Also allow the load if the principal of the URI being checked is exactly
-    // us ie this.
-    nsCOMPtr<nsIURIWithPrincipal> uriPrinc = do_QueryInterface(aURI);
-    if (uriPrinc) {
-      nsCOMPtr<nsIPrincipal> principal;
-      uriPrinc->GetPrincipal(getter_AddRefs(principal));
+  // Also allow the load if we are the principal of the URI being checked.
+  nsCOMPtr<nsIURIWithPrincipal> uriPrinc = do_QueryInterface(aURI);
+  if (uriPrinc) {
+    nsCOMPtr<nsIPrincipal> principal;
+    uriPrinc->GetPrincipal(getter_AddRefs(principal));
 
-      if (principal && principal == this) {
-        return NS_OK;
-      }
+    if (principal == this) {
+      return NS_OK;
     }
   }
 
   if (aReport) {
     nsScriptSecurityManager::ReportError(
       nullptr, NS_LITERAL_STRING("CheckSameOriginError"), mURI, aURI);
   }