Bug 1319904 - Ignore origin attributes in webchannel origin check. r=markh
authorRyan Kelly <rfkelly@mozilla.com>
Fri, 25 Nov 2016 15:52:02 +1100
changeset 324335 f485eaccbb98034a1111eaf4f4871de1868bcb70
parent 324331 f8f4eaac1701107f794b48891bcca2c95d39d503
child 324336 64b29e13e60f0468d041fa4148e6d1fc1613364f
push id24
push usermaklebus@msu.edu
push dateTue, 20 Dec 2016 03:11:33 +0000
reviewersmarkh
bugs1319904
milestone53.0a1
Bug 1319904 - Ignore origin attributes in webchannel origin check. r=markh Including the attributes in the origin check causes webchannels to fail in e.g. private browsing windows and container tabs. We only want to compare against the base origin URL. MozReview-Commit-ID: AMCjf4vJF9E
browser/base/content/test/general/browser_web_channel.js
toolkit/modules/WebChannel.jsm
--- a/browser/base/content/test/general/browser_web_channel.js
+++ b/browser/base/content/test/general/browser_web_channel.js
@@ -32,16 +32,36 @@ var gTests = [
           resolve();
         });
 
         tab = gBrowser.addTab(HTTP_PATH + HTTP_ENDPOINT + "?generic");
       });
     }
   },
   {
+    desc: "WebChannel generic message in a private window.",
+    run: function* () {
+      let promiseTestDone = new Promise(function(resolve, reject) {
+        let channel = new WebChannel("generic", Services.io.newURI(HTTP_PATH, null, null));
+        channel.listen(function(id, message, target) {
+          is(id, "generic");
+          is(message.something.nested, "hello");
+          channel.stopListening();
+          resolve();
+        });
+      });
+
+      const url = HTTP_PATH + HTTP_ENDPOINT + "?generic";
+      let privateWindow = yield BrowserTestUtils.openNewBrowserWindow({private: true});
+      yield BrowserTestUtils.openNewForegroundTab(privateWindow.gBrowser, url);
+      yield promiseTestDone;
+      yield BrowserTestUtils.closeWindow(privateWindow);
+    }
+  },
+  {
     desc: "WebChannel two way communication",
     run: function* () {
       return new Promise(function(resolve, reject) {
         let tab;
         let channel = new WebChannel("twoway", Services.io.newURI(HTTP_PATH, null, null));
 
         channel.listen(function(id, message, sender) {
           is(id, "twoway", "bad id");
--- a/toolkit/modules/WebChannel.jsm
+++ b/toolkit/modules/WebChannel.jsm
@@ -171,29 +171,29 @@ this.WebChannel = function(id, originOrP
   this.id = id;
   // originOrPermission can be either an nsIURI or a string representing a
   // permission name.
   if (typeof originOrPermission == "string") {
     this._originCheckCallback = requestPrincipal => {
       // The permission manager operates on domain names rather than true
       // origins (bug 1066517).  To mitigate that, we explicitly check that
       // the scheme is https://.
-      let uri = Services.io.newURI(requestPrincipal.origin, null, null);
+      let uri = Services.io.newURI(requestPrincipal.originNoSuffix, null, null);
       if (uri.scheme != "https") {
         return false;
       }
       // OK - we have https - now we can check the permission.
       let perm = Services.perms.testExactPermissionFromPrincipal(requestPrincipal,
                                                                  originOrPermission);
       return perm == Ci.nsIPermissionManager.ALLOW_ACTION;
     }
   } else {
     // a simple URI, so just check for an exact match.
     this._originCheckCallback = requestPrincipal => {
-      return originOrPermission.prePath === requestPrincipal.origin;
+      return originOrPermission.prePath === requestPrincipal.originNoSuffix;
     }
   }
   this._originOrPermission = originOrPermission;
 };
 
 this.WebChannel.prototype = {
 
   /**