Bug 1316256 - Allow passing nullptr as principal to content policy check. r=bz
☠☠ backed out by d3bd1851509f ☠ ☠
authorJOrg K <jorgk@jorgk.com>
Thu, 01 Dec 2016 15:32:11 +0800
changeset 325385 5ac1114601887748a9ed081909a4c915ff1cee36
parent 325384 719400a726eef1237a1a6249d4e0b724b6df1e59
child 325386 d3bd1851509f1619ad5be143d1aff50d6a39a004
push id24
push usermaklebus@msu.edu
push dateTue, 20 Dec 2016 03:11:33 +0000
reviewersbz
bugs1316256
milestone53.0a1
Bug 1316256 - Allow passing nullptr as principal to content policy check. r=bz
docshell/base/nsDocShell.cpp
docshell/base/nsIDocShell.idl
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@@ -1500,30 +1500,38 @@ nsDocShell::LoadURI(nsIURI* aURI,
     inheritPrincipal = nsContentUtils::LegacyIsCallerChromeOrNativeCode();
   }
 
   if (aLoadFlags & LOAD_FLAGS_DISALLOW_INHERIT_PRINCIPAL) {
     inheritPrincipal = false;
     principalToInherit = nsNullPrincipal::CreateWithInheritedAttributes(this);
   }
 
+  // Save the triggering principal for the content policy check. If it's null,
+  // we don't want to use the system principal so the content policy check
+  // is still executed.
+  nsCOMPtr<nsIPrincipal> principalForContentPolicyChecks = triggeringPrincipal;
+
   // If the triggeringPrincipal is not passed explicitly, we first try to create
   // a principal from the referrer, since the referrer URI reflects the web origin
   // that triggered the load. If there is no referrer URI, we fall back to using
   // the SystemPrincipal. It's safe to assume that no provided triggeringPrincipal
   // and no referrer simulate a load that was triggered by the system.
   // It's important to note that this block of code needs to appear *after* the block
   // where we munge the principalToInherit, because otherwise we would never enter
   // code blocks checking if the principalToInherit is null and we will end up with
   // a wrong inheritPrincipal flag.
   if (!triggeringPrincipal) {
     if (referrer) {
       nsresult rv = CreatePrincipalFromReferrer(referrer,
                                                 getter_AddRefs(triggeringPrincipal));
       NS_ENSURE_SUCCESS(rv, rv);
+
+      // Assign triggering principal from referrer.
+      principalForContentPolicyChecks = triggeringPrincipal;
     }
     else {
       triggeringPrincipal = nsContentUtils::GetSystemPrincipal();
     }
   }
 
   uint32_t flags = 0;
 
@@ -1557,16 +1565,17 @@ nsDocShell::LoadURI(nsIURI* aURI,
 
   return InternalLoad(aURI,
                       originalURI,
                       loadReplace,
                       referrer,
                       referrerPolicy,
                       triggeringPrincipal,
                       principalToInherit,
+                      principalForContentPolicyChecks,
                       flags,
                       target,
                       nullptr,      // No type hint
                       NullString(), // No forced download
                       postStream,
                       headersStream,
                       loadType,
                       nullptr, // No SHEntry
@@ -5355,16 +5364,17 @@ nsDocShell::LoadErrorPage(nsIURI* aURI, 
 
   nsCOMPtr<nsIURI> errorPageURI;
   nsresult rv = NS_NewURI(getter_AddRefs(errorPageURI), errorPageUrl);
   NS_ENSURE_SUCCESS(rv, rv);
 
   return InternalLoad(errorPageURI, nullptr, false, nullptr,
                       mozilla::net::RP_Default,
                       nsContentUtils::GetSystemPrincipal(), nullptr,
+                      nsContentUtils::GetSystemPrincipal(),
                       INTERNAL_LOAD_FLAGS_NONE, EmptyString(),
                       nullptr, NullString(), nullptr, nullptr, LOAD_ERROR_PAGE,
                       nullptr, true, NullString(), this, nullptr, nullptr,
                       nullptr);
 }
 
 NS_IMETHODIMP
 nsDocShell::Reload(uint32_t aReloadFlags)
@@ -5438,16 +5448,17 @@ nsDocShell::Reload(uint32_t aReloadFlags
 
     rv = InternalLoad(mCurrentURI,
                       originalURI,
                       loadReplace,
                       mReferrerURI,
                       mReferrerPolicy,
                       triggeringPrincipal,
                       triggeringPrincipal,
+                      triggeringPrincipal,
                       flags,
                       EmptyString(),   // No window target
                       NS_LossyConvertUTF16toASCII(contentTypeHint).get(),
                       NullString(),    // No forced download
                       nullptr,         // No post data
                       nullptr,         // No headers data
                       loadType,        // Load type
                       nullptr,         // No SHEntry
@@ -9598,16 +9609,17 @@ public:
   NS_IMETHOD
   Run() override
   {
     return mDocShell->InternalLoad(mURI, mOriginalURI,
                                    mLoadReplace,
                                    mReferrer,
                                    mReferrerPolicy,
                                    mTriggeringPrincipal, mPrincipalToInherit,
+                                   mTriggeringPrincipal,
                                    mFlags, EmptyString(), mTypeHint.get(),
                                    NullString(), mPostData, mHeadersData,
                                    mLoadType, mSHEntry, mFirstParty,
                                    mSrcdoc, mSourceDocShell, mBaseURI,
                                    nullptr, nullptr);
   }
 
 private:
@@ -9687,16 +9699,17 @@ nsDocShell::IsAboutNewtab(nsIURI* aURI)
 NS_IMETHODIMP
 nsDocShell::InternalLoad(nsIURI* aURI,
                          nsIURI* aOriginalURI,
                          bool aLoadReplace,
                          nsIURI* aReferrer,
                          uint32_t aReferrerPolicy,
                          nsIPrincipal* aTriggeringPrincipal,
                          nsIPrincipal* aPrincipalToInherit,
+                         nsIPrincipal* aPrincipalForContentPolicyChecks,
                          uint32_t aFlags,
                          const nsAString& aWindowTarget,
                          const char* aTypeHint,
                          const nsAString& aFileName,
                          nsIInputStream* aPostData,
                          nsIInputStream* aHeadersData,
                          uint32_t aLoadType,
                          nsISHEntry* aSHEntry,
@@ -9843,17 +9856,17 @@ nsDocShell::InternalLoad(nsIURI* aURI,
       MOZ_ASSERT(mItemType == elementDocShell->ItemType(),
                 "subframes should have the same docshell type as their parent");
 #endif
     }
 
     int16_t shouldLoad = nsIContentPolicy::ACCEPT;
     rv = NS_CheckContentLoadPolicy(contentType,
                                    aURI,
-                                   aTriggeringPrincipal,
+                                   aPrincipalForContentPolicyChecks,
                                    requestingContext,
                                    EmptyCString(),  // mime guess
                                    nullptr,  // extra
                                    &shouldLoad);
 
     if (NS_FAILED(rv) || NS_CP_REJECTED(shouldLoad)) {
       if (NS_SUCCEEDED(rv) && shouldLoad == nsIContentPolicy::REJECT_TYPE) {
         return NS_ERROR_CONTENT_BLOCKED_SHOW_ALT;
@@ -10046,16 +10059,17 @@ nsDocShell::InternalLoad(nsIURI* aURI,
     if (NS_SUCCEEDED(rv) && targetDocShell) {
       rv = targetDocShell->InternalLoad(aURI,
                                         aOriginalURI,
                                         aLoadReplace,
                                         aReferrer,
                                         aReferrerPolicy,
                                         aTriggeringPrincipal,
                                         principalToInherit,
+                                        aPrincipalForContentPolicyChecks,
                                         aFlags,
                                         EmptyString(),   // No window target
                                         aTypeHint,
                                         NullString(),    // No forced download
                                         aPostData,
                                         aHeadersData,
                                         aLoadType,
                                         aSHEntry,
@@ -12507,16 +12521,17 @@ nsDocShell::LoadHistoryEntry(nsISHEntry*
   // first created. bug 947716 has been created to address this issue.
   rv = InternalLoad(uri,
                     originalURI,
                     loadReplace,
                     referrerURI,
                     referrerPolicy,
                     triggeringPrincipal,
                     principalToInherit,
+                    triggeringPrincipal,
                     flags,
                     EmptyString(),      // No window target
                     contentType.get(),  // Type hint
                     NullString(),       // No forced file download
                     postData,           // Post data stream
                     nullptr,            // No headers stream
                     aLoadType,          // Load type
                     aEntry,             // SHEntry
@@ -14012,16 +14027,17 @@ nsDocShell::OnLinkClickSync(nsIContent* 
   nsresult rv = InternalLoad(clonedURI,                 // New URI
                              nullptr,                   // Original URI
                              false,                     // LoadReplace
                              referer,                   // Referer URI
                              refererPolicy,             // Referer policy
                              aContent->NodePrincipal(), // Triggering is our node's
                                                         // principal
                              aContent->NodePrincipal(),
+                             aContent->NodePrincipal(),
                              flags,
                              target,                    // Window target
                              NS_LossyConvertUTF16toASCII(typeHint).get(),
                              aFileName,                 // Download as file
                              aPostDataStream,           // Post data stream
                              aHeadersDataStream,        // Headers stream
                              LOAD_LINK,                 // Load type
                              nullptr,                   // No SHEntry
--- a/docshell/base/nsIDocShell.idl
+++ b/docshell/base/nsIDocShell.idl
@@ -146,16 +146,21 @@ interface nsIDocShell : nsIDocShellTreeI
    *                                  principalToInherit is set to the current
    *                                  document's principal, or parent document if
    *                                  there is not a current document.
    *                               b) If principalToInherit is still null (e.g. if
    *                                  some of the conditions of (a) were not satisfied),
    *                                  then no inheritance of any sort will happen: the
    *                                  load will just get a principal based on the URI
    *                                  being loaded.
+   * @param aPrincipalForContentPolicyChecks - Principal to be passed to content policy
+   *                               check. This should match the triggering principal,
+   *                               but may be nullptr in some cases where the
+   *                               triggering principal is system but we want to
+   *                               perform a content policy check anyway.
    * @param aFlags               - Any of the load flags defined within above.
    * @param aStopActiveDoc       - Flag indicating whether loading the current
    *                               document should be stopped.
    * @param aWindowTarget        - Window target for the load.
    * @param aTypeHint            - A hint as to the content-type of the resulting
    *                               data.  May be null or empty if no hint.
    * @param aFileName            - Non-null when the link should be downloaded as
                                    the given filename.
@@ -174,16 +179,17 @@ interface nsIDocShell : nsIDocShellTreeI
    */
   [noscript]void internalLoad(in nsIURI aURI,
                               in nsIURI aOriginalURI,
                               in boolean aLoadReplace,
                               in nsIURI aReferrer,
                               in unsigned long aReferrerPolicy,
                               in nsIPrincipal aTriggeringPrincipal,
                               in nsIPrincipal aPrincipalToInherit,
+                              in nsIPrincipal aPrincipalForContentPolicyChecks,
                               in uint32_t aFlags,
                               in AString aWindowTarget,
                               in string aTypeHint,
                               in AString aFileName,
                               in nsIInputStream aPostDataStream,
                               in nsIInputStream aHeadersStream,
                               in unsigned long aLoadFlags,
                               in nsISHEntry aSHEntry,