Bug 1147026 - CSP should ignore query string when checking a resource load. r=dveditz, a=sledru
authorChristoph Kerschbaumer <mozilla@christophkerschbaumer.com>
Wed, 25 Mar 2015 22:09:10 -0700
changeset 258332 c2f29d6648e8
parent 258331 9adbbf9a8784
child 258333 6d1efbb2c76c
push id4647
push userryanvm@gmail.com
push date2015-04-07 21:15 +0000
treeherdermozilla-beta@6d1efbb2c76c [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersdveditz, sledru
bugs1147026
milestone38.0
Bug 1147026 - CSP should ignore query string when checking a resource load. r=dveditz, a=sledru
dom/security/nsCSPUtils.cpp
--- a/dom/security/nsCSPUtils.cpp
+++ b/dom/security/nsCSPUtils.cpp
@@ -403,22 +403,26 @@ nsCSPHostSrc::permits(nsIURI* aUri, cons
   else if (!mHost.Equals(NS_ConvertUTF8toUTF16(uriHost))) {
     return false;
   }
 
   // 4.9) Path matching: If there is a path, we have to enforce
   // path-level matching, unless the channel got redirected, see:
   // http://www.w3.org/TR/CSP11/#source-list-paths-and-redirects
   if (!aWasRedirected && !mPath.IsEmpty()) {
-    // cloning uri so we can ignore the ref
-    nsCOMPtr<nsIURI> uri;
-    aUri->CloneIgnoringRef(getter_AddRefs(uri));
-
+    // converting aUri into nsIURL so we can strip query and ref
+    // example.com/test#foo     -> example.com/test
+    // example.com/test?val=foo -> example.com/test
+    nsCOMPtr<nsIURL> url = do_QueryInterface(aUri);
+    if (!url) {
+      NS_ASSERTION(false, "can't QI into nsIURI");
+      return false;
+    }
     nsAutoCString uriPath;
-    rv = uri->GetPath(uriPath);
+    rv = url->GetFilePath(uriPath);
     NS_ENSURE_SUCCESS(rv, false);
     // check if the last character of mPath is '/'; if so
     // we just have to check loading resource is within
     // the allowed path.
     if (mPath.Last() == '/') {
       if (!StringBeginsWith(NS_ConvertUTF8toUTF16(uriPath), mPath)) {
         return false;
       }