Bug 1277524 - Add moz-extension to the list of potentially trustworthy origins. r=tanvi
authorJohann Hofmann <jhofmann@mozilla.com>
Thu, 02 Jun 2016 17:14:27 +0200
changeset 348745 82e3f2a1196a227ce83ae8e0d53d5c2b273205a5
parent 348642 94968a940273882150fc98556d4abf961b287ad8
child 348746 e1ac106612412ecf23e8cc0faff7519b03728c37
push id1230
push userjlund@mozilla.com
push dateMon, 31 Oct 2016 18:13:35 +0000
treeherdermozilla-release@5e06e3766db2 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerstanvi
bugs1277524
milestone50.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1277524 - Add moz-extension to the list of potentially trustworthy origins. r=tanvi MozReview-Commit-ID: BvR7Xb0AE9N
dom/security/nsContentSecurityManager.cpp
dom/security/test/unit/test_isOriginPotentiallyTrustworthy.js
--- a/dom/security/nsContentSecurityManager.cpp
+++ b/dom/security/nsContentSecurityManager.cpp
@@ -640,16 +640,17 @@ nsContentSecurityManager::IsOriginPotent
   // trust to other, vendor-specific URL schemes. We use this for "resource:",
   // which is technically a substituting protocol handler that is not limited to
   // local resource mapping, but in practice is never mapped remotely as this
   // would violate assumptions a lot of code makes.
   if (scheme.EqualsLiteral("https") ||
       scheme.EqualsLiteral("file") ||
       scheme.EqualsLiteral("resource") ||
       scheme.EqualsLiteral("app") ||
+      scheme.EqualsLiteral("moz-extension") ||
       scheme.EqualsLiteral("wss")) {
     *aIsTrustWorthy = true;
     return NS_OK;
   }
 
   nsAutoCString host;
   rv = uri->GetHost(host);
   if (NS_FAILED(rv)) {
--- a/dom/security/test/unit/test_isOriginPotentiallyTrustworthy.js
+++ b/dom/security/test/unit/test_isOriginPotentiallyTrustworthy.js
@@ -22,16 +22,17 @@ XPCOMUtils.defineLazyServiceGetter(this,
 add_task(function* test_isOriginPotentiallyTrustworthy() {
   for (let [uriSpec, expectedResult] of [
     ["http://example.com/", false],
     ["https://example.com/", true],
     ["http://localhost/", true],
     ["http://127.0.0.1/", true],
     ["file:///", true],
     ["resource:///", true],
+    ["moz-extension://", true],
     ["about:config", false],
     ["urn:generic", false],
   ]) {
     let uri = NetUtil.newURI(uriSpec);
     let principal = gScriptSecurityManager.getCodebasePrincipal(uri);
     Assert.equal(gContentSecurityManager.isOriginPotentiallyTrustworthy(principal),
                  expectedResult);
   }