Bug 1501695 - ClearSiteData should be enabled for localhost, r=ckerschb
authorAndrea Marchesini <amarchesini@mozilla.com>
Thu, 25 Oct 2018 19:03:57 +0200
changeset 491321 0bc87bd86202e86e7d07ffc3dcea6bc0a0303c2d
parent 491320 efe5af408bffa6ef648efd2152405ffa8ddecafe
child 491322 6d897bc50f753ff04a58d8fae3e7996b72a5e81d
push id247
push userfmarier@mozilla.com
push dateSat, 27 Oct 2018 01:06:44 +0000
reviewersckerschb
bugs1501695
milestone65.0a1
Bug 1501695 - ClearSiteData should be enabled for localhost, r=ckerschb
toolkit/components/clearsitedata/ClearSiteData.cpp
toolkit/components/clearsitedata/ClearSiteData.h
--- a/toolkit/components/clearsitedata/ClearSiteData.cpp
+++ b/toolkit/components/clearsitedata/ClearSiteData.cpp
@@ -8,23 +8,25 @@
 
 #include "mozilla/OriginAttributes.h"
 #include "mozilla/Preferences.h"
 #include "mozilla/Services.h"
 #include "mozilla/StaticPrefs.h"
 #include "mozilla/Unused.h"
 #include "nsASCIIMask.h"
 #include "nsCharSeparatedTokenizer.h"
+#include "nsContentSecurityManager.h"
 #include "nsContentUtils.h"
 #include "nsIClearDataService.h"
 #include "nsIHttpChannel.h"
 #include "nsIHttpProtocolHandler.h"
 #include "nsIObserverService.h"
 #include "nsIPrincipal.h"
 #include "nsIScriptError.h"
+#include "nsIScriptSecurityManager.h"
 #include "nsNetUtil.h"
 
 using namespace mozilla;
 
 namespace {
 
 StaticRefPtr<ClearSiteData> gClearSiteData;
 
@@ -189,44 +191,49 @@ ClearSiteData::Observe(nsISupports* aSub
 }
 
 void
 ClearSiteData::ClearDataFromChannel(nsIHttpChannel* aChannel)
 {
   nsresult rv;
   nsCOMPtr<nsIURI> uri;
 
+  nsIScriptSecurityManager* ssm = nsContentUtils::GetSecurityManager();
+  if (NS_WARN_IF(!ssm)) {
+    return;
+  }
+
+  nsCOMPtr<nsIPrincipal> principal;
+  rv = ssm->GetChannelResultPrincipal(aChannel, getter_AddRefs(principal));
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return;
+  }
+
+  nsCOMPtr<nsIContentSecurityManager> csm =
+    do_GetService(NS_CONTENTSECURITYMANAGER_CONTRACTID);
+
+  bool secure;
+  rv = csm->IsOriginPotentiallyTrustworthy(principal, &secure);
+  if (NS_WARN_IF(NS_FAILED(rv)) || !secure) {
+    return;
+  }
+
   // We want to use the final URI to check if Clear-Site-Data should be allowed
   // or not.
   rv = aChannel->GetURI(getter_AddRefs(uri));
   if (NS_WARN_IF(NS_FAILED(rv))) {
     return;
   }
 
-  if (!IsSecureURI(uri)) {
-    return;
-  }
-
   uint32_t flags = ParseHeader(aChannel, uri);
   if (flags == 0) {
     // Nothing to do.
     return;
   }
 
-  nsIScriptSecurityManager* ssm = nsContentUtils::GetSecurityManager();
-  if (NS_WARN_IF(!ssm)) {
-    return;
-  }
-
-  nsCOMPtr<nsIPrincipal> principal;
-  rv = ssm->GetChannelURIPrincipal(aChannel, getter_AddRefs(principal));
-  if (NS_WARN_IF(NS_FAILED(rv)) || !principal) {
-    return;
-  }
-
   int32_t cleanFlags = 0;
   RefPtr<PendingCleanupHolder> holder = new PendingCleanupHolder(aChannel);
 
   if (flags & eCache) {
     LogOpToConsole(aChannel, uri, eCache);
     cleanFlags |= nsIClearDataService::CLEAR_ALL_CACHES;
   }
 
@@ -259,31 +266,16 @@ ClearSiteData::ClearDataFromChannel(nsIH
   }
 
   if (flags & eExecutionContexts) {
     LogOpToConsole(aChannel, uri, eExecutionContexts);
     BrowsingContextsReload(holder, principal);
   }
 }
 
-bool
-ClearSiteData::IsSecureURI(nsIURI* aURI) const
-{
-  MOZ_ASSERT(aURI);
-
-  bool prioriAuthenticated = false;
-  if (NS_WARN_IF(NS_FAILED(NS_URIChainHasFlags(aURI,
-                                               nsIProtocolHandler::URI_IS_POTENTIALLY_TRUSTWORTHY,
-                                               &prioriAuthenticated)))) {
-    return false;
-  }
-
-  return prioriAuthenticated;
-}
-
 uint32_t
 ClearSiteData::ParseHeader(nsIHttpChannel* aChannel, nsIURI* aURI) const
 {
   MOZ_ASSERT(aChannel);
 
   nsAutoCString headerValue;
   nsresult rv = aChannel->GetResponseHeader(NS_LITERAL_CSTRING("Clear-Site-Data"),
                                             headerValue);
--- a/toolkit/components/clearsitedata/ClearSiteData.h
+++ b/toolkit/components/clearsitedata/ClearSiteData.h
@@ -34,21 +34,16 @@ private:
 
   class PendingCleanupHolder;
 
   // Starts the cleanup if the channel contains the Clear-Site-Data header and
   // if the URI is secure.
   void
   ClearDataFromChannel(nsIHttpChannel* aChannel);
 
-  // This method checks if the protocol handler of the URI has the
-  // URI_IS_POTENTIALLY_TRUSTWORTHY flag.
-  bool
-  IsSecureURI(nsIURI* aURI) const;
-
   // From the Clear-Site-Data header, it returns a bitmap with Type values.
   uint32_t
   ParseHeader(nsIHttpChannel* aChannel, nsIURI* aURI) const;
 
   enum Type
   {
     eCache = 0x01,
     eCookies = 0x02,