Bug 1543804 - Don't allow cross-origin POST redirects on 308 codes; r=jmathies, a=jcristau
authorKyle Machulis <kyle@nonpolynomial.com>
Tue, 21 May 2019 15:05:23 +0000
changeset 536801 2fb5251ef5f1e4067935d3ad3f908facea2d296f
parent 536800 82341a825fbc89e41510a73db6880fbc7b4dde1c
child 536802 109cefe117fbdd1764097e06796960082f4fee4e
push id2082
push userffxbld-merge
push dateMon, 01 Jul 2019 08:34:18 +0000
treeherdermozilla-release@2fb19d0466d2 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjmathies, jcristau
bugs1543804
milestone68.0
Bug 1543804 - Don't allow cross-origin POST redirects on 308 codes; r=jmathies, a=jcristau We already don't allow cross origin POST redirects on 307 redirects, this adds extra guards to make sure we don't allow them on 308s either. Differential Revision: https://phabricator.services.mozilla.com/D28927
dom/plugins/base/nsPluginStreamListenerPeer.cpp
--- a/dom/plugins/base/nsPluginStreamListenerPeer.cpp
+++ b/dom/plugins/base/nsPluginStreamListenerPeer.cpp
@@ -562,25 +562,25 @@ NS_IMETHODIMP
 nsPluginStreamListenerPeer::AsyncOnChannelRedirect(
     nsIChannel* oldChannel, nsIChannel* newChannel, uint32_t flags,
     nsIAsyncVerifyRedirectCallback* callback) {
   // Disallow redirects if we don't have a stream listener.
   if (!mPStreamListener) {
     return NS_ERROR_FAILURE;
   }
 
-  // Don't allow cross-origin 307 POST redirects.
+  // Don't allow cross-origin 307/308 POST redirects.
   nsCOMPtr<nsIHttpChannel> oldHttpChannel(do_QueryInterface(oldChannel));
   if (oldHttpChannel) {
     uint32_t responseStatus;
     nsresult rv = oldHttpChannel->GetResponseStatus(&responseStatus);
     if (NS_FAILED(rv)) {
       return rv;
     }
-    if (responseStatus == 307) {
+    if (responseStatus == 307 || responseStatus == 308) {
       nsAutoCString method;
       rv = oldHttpChannel->GetRequestMethod(method);
       if (NS_FAILED(rv)) {
         return rv;
       }
       if (method.EqualsLiteral("POST")) {
         rv = nsContentUtils::CheckSameOrigin(oldChannel, newChannel);
         if (NS_FAILED(rv)) {