diff options
author | Kyle Machulis <kyle@nonpolynomial.com> | 2019-07-20 15:27:48 +0200 |
---|---|---|
committer | wolfbeast <mcwerewolf@wolfbeast.com> | 2019-07-20 15:28:48 +0200 |
commit | 8b7daa5369f74b4402f0912c0c64be474f053b0a (patch) | |
tree | b510c161aa5e8baadbf611403ab1a8bde5d4602f /dom/plugins | |
parent | c3643770724119efc1ec8b3fe4e2571db0f897b6 (diff) | |
download | uxp-8b7daa5369f74b4402f0912c0c64be474f053b0a.tar.gz |
Don't allow cross-origin POST redirects on 308 codes.
We already don't allow cross origin POST redirects on 307 redirects;
this adds extra guards to make sure we don't allow them on 308s either.
Diffstat (limited to 'dom/plugins')
-rw-r--r-- | dom/plugins/base/nsPluginStreamListenerPeer.cpp | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/dom/plugins/base/nsPluginStreamListenerPeer.cpp b/dom/plugins/base/nsPluginStreamListenerPeer.cpp index 665e11ec13..0476315d58 100644 --- a/dom/plugins/base/nsPluginStreamListenerPeer.cpp +++ b/dom/plugins/base/nsPluginStreamListenerPeer.cpp @@ -1381,7 +1381,7 @@ nsPluginStreamListenerPeer::AsyncOnChannelRedirect(nsIChannel *oldChannel, nsICh return NS_ERROR_FAILURE; } - // Don't allow cross-origin 307 POST redirects. + // Don't allow cross-origin 307/308 POST redirects. nsCOMPtr<nsIHttpChannel> oldHttpChannel(do_QueryInterface(oldChannel)); if (oldHttpChannel) { uint32_t responseStatus; @@ -1389,7 +1389,7 @@ nsPluginStreamListenerPeer::AsyncOnChannelRedirect(nsIChannel *oldChannel, nsICh if (NS_FAILED(rv)) { return rv; } - if (responseStatus == 307) { + if (responseStatus == 307 || responseStatus == 308) { nsAutoCString method; rv = oldHttpChannel->GetRequestMethod(method); if (NS_FAILED(rv)) { |