Bug 1436241 - Check redirect status code before forwarding to NPAPI. r=jimm, r=pauljt, a=RyanVM
authorKyle Machulis <kyle@nonpolynomial.com>
Mon, 30 Apr 2018 12:49:15 -0700
changeset 473290 7002b1d37d0ce38568466a46f20ce425c2c7a8a6
parent 473289 47f7391d2bb0cdfea0cd05c91ed30a2fc067f6ee
child 473291 43bcbb69db2123e46600f7fa93842f87b70c977a
push id1728
push userjlund@mozilla.com
push dateMon, 18 Jun 2018 21:12:27 +0000
treeherdermozilla-release@c296fde26f5f [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjimm, pauljt, RyanVM
bugs1436241
milestone61.0
Bug 1436241 - Check redirect status code before forwarding to NPAPI. r=jimm, r=pauljt, a=RyanVM NPAPI may handle a 307 redirect across different origins, while they should only happen on same origin requests. Have the browser check this before forwarding to NPAPI. MozReview-Commit-ID: 5vxMooygI4g
dom/plugins/base/nsPluginStreamListenerPeer.cpp
--- a/dom/plugins/base/nsPluginStreamListenerPeer.cpp
+++ b/dom/plugins/base/nsPluginStreamListenerPeer.cpp
@@ -663,25 +663,16 @@ NS_IMETHODIMP
 nsPluginStreamListenerPeer::AsyncOnChannelRedirect(nsIChannel *oldChannel, nsIChannel *newChannel,
                                                    uint32_t flags, nsIAsyncVerifyRedirectCallback* callback)
 {
   // Disallow redirects if we don't have a stream listener.
   if (!mPStreamListener) {
     return NS_ERROR_FAILURE;
   }
 
-  nsCOMPtr<nsIAsyncVerifyRedirectCallback> proxyCallback =
-    new ChannelRedirectProxyCallback(this, callback, oldChannel, newChannel);
-
-  // Give NPAPI a chance to control redirects.
-  bool notificationHandled = mPStreamListener->HandleRedirectNotification(oldChannel, newChannel, proxyCallback);
-  if (notificationHandled) {
-    return NS_OK;
-  }
-
   // Don't allow cross-origin 307 POST redirects.
   nsCOMPtr<nsIHttpChannel> oldHttpChannel(do_QueryInterface(oldChannel));
   if (oldHttpChannel) {
     uint32_t responseStatus;
     nsresult rv = oldHttpChannel->GetResponseStatus(&responseStatus);
     if (NS_FAILED(rv)) {
       return rv;
     }
@@ -695,16 +686,25 @@ nsPluginStreamListenerPeer::AsyncOnChann
         rv = nsContentUtils::CheckSameOrigin(oldChannel, newChannel);
         if (NS_FAILED(rv)) {
           return rv;
         }
       }
     }
   }
 
+  nsCOMPtr<nsIAsyncVerifyRedirectCallback> proxyCallback =
+    new ChannelRedirectProxyCallback(this, callback, oldChannel, newChannel);
+
+  // Give NPAPI a chance to control redirects.
+  bool notificationHandled = mPStreamListener->HandleRedirectNotification(oldChannel, newChannel, proxyCallback);
+  if (notificationHandled) {
+    return NS_OK;
+  }
+
   // Fall back to channel event sink for window.
   nsCOMPtr<nsIChannelEventSink> channelEventSink;
   nsresult rv = GetInterfaceGlobal(NS_GET_IID(nsIChannelEventSink), getter_AddRefs(channelEventSink));
   if (NS_FAILED(rv)) {
     return rv;
   }
 
   return channelEventSink->AsyncOnChannelRedirect(oldChannel, newChannel, flags, proxyCallback);