diff options
author | janekptacijarabaci <janekptacijarabaci@seznam.cz> | 2017-08-25 09:25:03 +0200 |
---|---|---|
committer | wolfbeast <mcwerewolf@gmail.com> | 2018-02-22 11:18:23 +0100 |
commit | 018a6599a12489a92c4e8b6b2a548276a98769ef (patch) | |
tree | d55ccf486d68b1dde83f56a95bb6e8121a7ba48f /docshell | |
parent | 4ee10e06a28f46681d0c794f4877dd6ca241b7bd (diff) | |
download | uxp-018a6599a12489a92c4e8b6b2a548276a98769ef.tar.gz |
CSP: Upgrade SO navigational requests per spec.
Diffstat (limited to 'docshell')
-rw-r--r-- | docshell/base/nsDocShell.cpp | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/docshell/base/nsDocShell.cpp b/docshell/base/nsDocShell.cpp index ab119a016a..2e08e67207 100644 --- a/docshell/base/nsDocShell.cpp +++ b/docshell/base/nsDocShell.cpp @@ -11025,6 +11025,29 @@ nsDocShell::DoURILoad(nsIURI* aURI, } } + // Navigational requests that are same origin need to be upgraded in case + // upgrade-insecure-requests is present. Please note that in that case + // the triggeringPrincipal is holding the CSP that potentially + // holds upgrade-insecure-requests. + nsCOMPtr<nsIContentSecurityPolicy> csp; + aTriggeringPrincipal->GetCsp(getter_AddRefs(csp)); + if (csp) { + bool upgradeInsecureRequests = false; + csp->GetUpgradeInsecureRequests(&upgradeInsecureRequests); + if (upgradeInsecureRequests) { + // only upgrade if the navigation is same origin + nsCOMPtr<nsIPrincipal> resultPrincipal; + rv = nsContentUtils::GetSecurityManager()-> + GetChannelResultPrincipal(channel, + getter_AddRefs(resultPrincipal)); + NS_ENSURE_SUCCESS(rv, rv); + if (resultPrincipal->Equals(aTriggeringPrincipal)) { + static_cast<mozilla::LoadInfo*>(loadInfo.get())->SetUpgradeInsecureRequests(); + } + } + } + + nsCOMPtr<nsIApplicationCacheChannel> appCacheChannel = do_QueryInterface(channel); if (appCacheChannel) { |