Bug 1421099 - System principal does not need to match originAttributes. r=baku, a=jcristau
authorAndrew Sutherland <asutherland@asutherland.org>
Wed, 06 Dec 2017 14:53:02 -0500
changeset 445293 051581a5ece8983b8f8ee3d13bd56e8eb63b84b8
parent 445292 ace0ea8bb81b0ff60f26dcdfc30743914858cbb1
child 445294 996b3de167b7097dfa198cb79412f3d914f5f949
push id1618
push userCallek@gmail.com
push dateThu, 11 Jan 2018 17:45:48 +0000
treeherdermozilla-release@882ca853e05a [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbaku, jcristau
bugs1421099
milestone58.0
Bug 1421099 - System principal does not need to match originAttributes. r=baku, a=jcristau
dom/file/nsHostObjectProtocolHandler.cpp
--- a/dom/file/nsHostObjectProtocolHandler.cpp
+++ b/dom/file/nsHostObjectProtocolHandler.cpp
@@ -837,17 +837,24 @@ nsHostObjectProtocolHandler::NewChannel2
   // Info can be null, in case this blob URL has been revoked already.
   DataInfo* info = GetDataInfoFromURI(uri);
   MOZ_ASSERT_IF(info, info->mPrincipal == principal);
 #endif
 
   // We want to be sure that we stop the creation of the channel if the blob URL
   // is copy-and-pasted on a different context (ex. private browsing or
   // containers).
+  //
+  // We also allow the system principal to create the channel regardless of the
+  // OriginAttributes.  This is primarily for the benefit of mechanisms like
+  // the Download API that explicitly create a channel with the system
+  // principal and which is never mutated to have a non-zero mPrivateBrowsingId
+  // or container.
   if (aLoadInfo &&
+      !nsContentUtils::IsSystemPrincipal(aLoadInfo->LoadingPrincipal()) &&
       !ChromeUtils::IsOriginAttributesEqualIgnoringFPD(aLoadInfo->GetOriginAttributes(),
                                                          BasePrincipal::Cast(principal)->OriginAttributesRef())) {
     return NS_ERROR_DOM_BAD_URI;
   }
 
   ErrorResult error;
   nsCOMPtr<nsIInputStream> stream;
   blobImpl->CreateInputStream(getter_AddRefs(stream), error);