Bug 1093642 - Part 2: Decide if we allow mixed content before sending click event to remote tab. r=tanvi.
authorHenry Chang <hchang@mozilla.com>
Thu, 21 Apr 2016 11:07:40 +0800
changeset 332157 c6b548af3126ba9e95aa9d2f840d14785e396a37
parent 332156 220a41ef6ffa6801ad923650d182234a2d956588
child 332158 5f04a61564c8c6979ba9d3cf7339846301b3f7f6
push id6048
push userkmoir@mozilla.com
push dateMon, 06 Jun 2016 19:02:08 +0000
treeherdermozilla-beta@46d72a56c57d [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerstanvi
bugs1093642
milestone48.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1093642 - Part 2: Decide if we allow mixed content before sending click event to remote tab. r=tanvi.
browser/base/content/content.js
browser/modules/ContentClick.jsm
--- a/browser/base/content/content.js
+++ b/browser/base/content/content.js
@@ -401,16 +401,32 @@ var ClickEventHandler = {
           json.bookmark = node.getAttribute("rel") == "sidebar";
           if (json.bookmark) {
             event.preventDefault(); // Need to prevent the pageload.
           }
         }
       }
       json.noReferrer = BrowserUtils.linkHasNoReferrer(node)
 
+      // Check if the link needs to be opened with mixed content allowed.
+      // Only when the owner doc has |mixedContentChannel| and the same origin
+      // should we allow mixed content.
+      json.allowMixedContent = false;
+      let docshell = ownerDoc.defaultView.QueryInterface(Ci.nsIInterfaceRequestor)
+                             .getInterface(Ci.nsIWebNavigation)
+                             .QueryInterface(Ci.nsIDocShell);
+      if (docShell.mixedContentChannel) {
+        const sm = Services.scriptSecurityManager;
+        try {
+          let targetURI = BrowserUtils.makeURI(href);
+          sm.checkSameOriginURI(docshell.mixedContentChannel.URI, targetURI, false);
+          json.allowMixedContent = true;
+        } catch (e) {}
+      }
+
       sendAsyncMessage("Content:Click", json);
       return;
     }
 
     // This might be middle mouse navigation.
     if (event.button == 1) {
       sendAsyncMessage("Content:Click", json);
     }
--- a/browser/modules/ContentClick.jsm
+++ b/browser/modules/ContentClick.jsm
@@ -75,12 +75,14 @@ var ContentClick = {
     if (where == "current")
       return;
 
     // Todo(903022): code for where == save
 
     let params = { charset: browser.characterSet,
                    referrerURI: browser.documentURI,
                    referrerPolicy: json.referrerPolicy,
-                   noReferrer: json.noReferrer };
+                   noReferrer: json.noReferrer,
+                   allowMixedContent: json.allowMixedContent };
+
     window.openLinkIn(json.href, where, params);
   }
 };