Bug 1269253 - Blank error page in iframe with insecure connection. r=smaug a=ritu
authordimi <dlee@mozilla.com>
Tue, 16 Aug 2016 09:47:14 +0800
changeset 347893 c7673e35bbec1810373bf047ba9492fe17348855
parent 347892 20f87138518978764eec0c06541d7d58ddbd8d15
child 347894 7773a88b7025976105e73787e3f5e7541c6396df
push id6389
push userraliiev@mozilla.com
push dateMon, 19 Sep 2016 13:38:22 +0000
treeherdermozilla-beta@01d67bfe6c81 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssmaug, ritu
bugs1269253
milestone50.0a2
Bug 1269253 - Blank error page in iframe with insecure connection. r=smaug a=ritu MozReview-Commit-ID: 8WCI8cgRZIo
docshell/base/nsDocShell.cpp
dom/base/nsDocument.cpp
netwerk/base/LoadInfo.cpp
netwerk/base/nsILoadInfo.idl
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@@ -10665,27 +10665,16 @@ nsDocShell::DoURILoad(nsIURI* aURI,
   }
 
   nsresult rv;
   nsCOMPtr<nsIURILoader> uriLoader = do_GetService(NS_URI_LOADER_CONTRACTID, &rv);
   if (NS_FAILED(rv)) {
     return rv;
   }
 
-  nsLoadFlags loadFlags = mDefaultLoadFlags;
-  if (aFirstParty) {
-    // tag first party URL loads
-    loadFlags |= nsIChannel::LOAD_INITIAL_DOCUMENT_URI;
-  }
-
-  if (mLoadType == LOAD_ERROR_PAGE) {
-    // Error pages are LOAD_BACKGROUND
-    loadFlags |= nsIChannel::LOAD_BACKGROUND;
-  }
-
   if (IsFrame()) {
 
     MOZ_ASSERT(aContentPolicyType == nsIContentPolicy::TYPE_INTERNAL_IFRAME ||
                aContentPolicyType == nsIContentPolicy::TYPE_INTERNAL_FRAME,
                "DoURILoad thinks this is a frame and InternalLoad does not");
 
     // Only allow view-source scheme in top-level docshells. view-source is
     // the only scheme to which this applies at the moment due to potential
@@ -10792,17 +10781,30 @@ nsDocShell::DoURILoad(nsIURI* aURI,
   } else if (!triggeringPrincipal && aReferrerURI) {
     rv = CreatePrincipalFromReferrer(aReferrerURI,
                                      getter_AddRefs(triggeringPrincipal));
     NS_ENSURE_SUCCESS(rv, rv);
   } else {
     triggeringPrincipal = nsContentUtils::GetSystemPrincipal();
   }
 
+  nsLoadFlags loadFlags = mDefaultLoadFlags;
   nsSecurityFlags securityFlags = nsILoadInfo::SEC_NORMAL;
+
+  if (aFirstParty) {
+    // tag first party URL loads
+    loadFlags |= nsIChannel::LOAD_INITIAL_DOCUMENT_URI;
+  }
+
+  if (mLoadType == LOAD_ERROR_PAGE) {
+    // Error pages are LOAD_BACKGROUND
+    loadFlags |= nsIChannel::LOAD_BACKGROUND;
+    securityFlags |= nsILoadInfo::SEC_LOAD_ERROR_PAGE;
+  }
+
   if (inherit) {
     securityFlags |= nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL;
   }
   if (isSandBoxed) {
     securityFlags |= nsILoadInfo::SEC_SANDBOXED;
   }
 
   if (UsePrivateBrowsing()) {
--- a/dom/base/nsDocument.cpp
+++ b/dom/base/nsDocument.cpp
@@ -2559,17 +2559,19 @@ nsDocument::StartDocumentLoad(const char
     }
   }
 
   // If this document is being loaded by a docshell, copy its sandbox flags
   // to the document, and store the fullscreen enabled flag. These are
   // immutable after being set here.
   nsCOMPtr<nsIDocShell> docShell = do_QueryInterface(aContainer);
 
-  if (docShell) {
+  // If this is an error page, don't inherit sandbox flags from docshell
+  nsCOMPtr<nsILoadInfo> loadInfo = aChannel->GetLoadInfo();
+  if (docShell && !(loadInfo && loadInfo->GetLoadErrorPage())) {
     nsresult rv = docShell->GetSandboxFlags(&mSandboxFlags);
     NS_ENSURE_SUCCESS(rv, rv);
     WarnIfSandboxIneffective(docShell, mSandboxFlags, GetChannel());
   }
 
   // The CSP directive upgrade-insecure-requests not only applies to the
   // toplevel document, but also to nested documents. Let's propagate that
   // flag from the parent to the nested document.
--- a/netwerk/base/LoadInfo.cpp
+++ b/netwerk/base/LoadInfo.cpp
@@ -527,16 +527,24 @@ NS_IMETHODIMP
 LoadInfo::GetUsePrivateBrowsing(bool* aUsePrivateBrowsing)
 {
   *aUsePrivateBrowsing = (mSecurityFlags &
                           nsILoadInfo::SEC_FORCE_PRIVATE_BROWSING);
   return NS_OK;
 }
 
 NS_IMETHODIMP
+LoadInfo::GetLoadErrorPage(bool* aResult)
+{
+  *aResult =
+    (mSecurityFlags & nsILoadInfo::SEC_LOAD_ERROR_PAGE);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
 LoadInfo::GetExternalContentPolicyType(nsContentPolicyType* aResult)
 {
   *aResult = nsContentUtils::InternalContentPolicyTypeToExternal(mInternalContentPolicyType);
   return NS_OK;
 }
 
 nsContentPolicyType
 LoadInfo::InternalContentPolicyType()
--- a/netwerk/base/nsILoadInfo.idl
+++ b/netwerk/base/nsILoadInfo.idl
@@ -173,16 +173,22 @@ interface nsILoadInfo : nsISupports
    * enforce even when a loading is not happening in the context of a document.
    *
    * If the flag is true, even if a document context is present,
    * GetUsePrivateBrowsing will always return true.
    */
   const unsigned long SEC_FORCE_PRIVATE_BROWSING = (1<<13);
 
   /**
+   * Load an error page, it should be one of following : about:neterror,
+   * about:certerror, about:blocked, or about:tabcrashed.
+   */
+  const unsigned long SEC_LOAD_ERROR_PAGE = (1<<14);
+
+  /**
    * The loadingPrincipal is the principal that is responsible for the load.
    * It is *NOT* the principal tied to the resource/URI that this
    * channel is loading, it's the principal of the resource's
    * caller or requester. For example, if this channel is loading
    * an image from http://b.com that is embedded in a document
    * who's origin is http://a.com, the loadingPrincipal is http://a.com.
    *
    * The loadingPrincipal will never be null.
@@ -320,16 +326,21 @@ interface nsILoadInfo : nsISupports
   [infallible] readonly attribute boolean disallowScript;
 
   /**
    * Returns true if SEC_DONT_FOLLOW_REDIRECTS is set.
    */
   [infallible] readonly attribute boolean dontFollowRedirects;
 
   /**
+   * Returns true if SEC_LOAD_ERROR_PAGE is set.
+   */
+  [infallible] readonly attribute boolean loadErrorPage;
+
+  /**
    * The external contentPolicyType of the channel, used for security checks
    * like Mixed Content Blocking and Content Security Policy.
    *
    * Specifically, content policy types with _INTERNAL_ in their name will
    * never get returned from this attribute.
    */
   readonly attribute nsContentPolicyType externalContentPolicyType;