Bug 786009: Give about:feeds pages the rigth principal so that they work even when the user has disabled JS. r=bz
authorJonas Sicking <jonas@sicking.cc>
Mon, 22 Oct 2012 18:05:46 -0700
changeset 111222 e2594523cb92d7ea78eb45cc819b93facf664724
parent 111221 74dd92789173f64e8992fc607d377e01a66e76bc
child 111223 f0dc54155f65fe63e0392233f6c0c78416deb58d
push id93
push usernmatsakis@mozilla.com
push dateWed, 31 Oct 2012 21:26:57 +0000
reviewersbz
bugs786009
milestone19.0a1
Bug 786009: Give about:feeds pages the rigth principal so that they work even when the user has disabled JS. r=bz
browser/components/about/AboutRedirector.cpp
--- a/browser/components/about/AboutRedirector.cpp
+++ b/browser/components/about/AboutRedirector.cpp
@@ -119,21 +119,34 @@ AboutRedirector::NewChannel(nsIURI *aURI
       rv = ioService->NewChannel(nsDependentCString(kRedirMap[i].url),
                                  nullptr, nullptr, getter_AddRefs(tempChannel));
       NS_ENSURE_SUCCESS(rv, rv);
 
       tempChannel->SetOriginalURI(aURI);
 
       // Keep the page from getting unnecessary privileges unless it needs them
       if (kRedirMap[i].flags & nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT) {
-        // Setting the owner to null means that we'll go through the normal
-        // path in GetChannelPrincipal and create a codebase principal based
-        // on the channel's originalURI
-        rv = tempChannel->SetOwner(nullptr);
-        NS_ENSURE_SUCCESS(rv, rv);
+        if (path.EqualsLiteral("feeds")) {
+          nsCOMPtr<nsIScriptSecurityManager> securityManager =
+            do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
+          NS_ENSURE_SUCCESS(rv, rv);
+  
+          nsCOMPtr<nsIPrincipal> principal;
+          rv = securityManager->GetNoAppCodebasePrincipal(aURI, getter_AddRefs(principal));
+          NS_ENSURE_SUCCESS(rv, rv);
+  
+          rv = tempChannel->SetOwner(principal);
+        }
+        else {
+          // Setting the owner to null means that we'll go through the normal
+          // path in GetChannelPrincipal and create a codebase principal based
+          // on the channel's originalURI
+          rv = tempChannel->SetOwner(nullptr);
+          NS_ENSURE_SUCCESS(rv, rv);
+        }
       }
 
       NS_ADDREF(*result = tempChannel);
       return rv;
     }
   }
 
   return NS_ERROR_ILLEGAL_VALUE;