Treat all file: URIs as having a unique origin.
This commit is contained in:
parent
2c720730d7
commit
f431ddbece
|
@ -1335,6 +1335,10 @@ pref("image.animation_mode", "normal");
|
|||
// Same-origin policy for file URIs, "false" is traditional
|
||||
pref("security.fileuri.strict_origin_policy", true);
|
||||
|
||||
// Treat all file URIs as having a unique origin.
|
||||
// Only has an effect if strict origin policy is true.
|
||||
pref("security.fileuri.unique_origin", true);
|
||||
|
||||
// If this pref is true, prefs in the logging.config branch will be cleared on
|
||||
// startup. This is done so that setting a log-file and log-modules at runtime
|
||||
// doesn't persist across restarts leading to huge logfile and low disk space.
|
||||
|
|
|
@ -10,6 +10,7 @@
|
|||
#include "mozilla/LoadContext.h"
|
||||
#include "mozilla/LoadInfo.h"
|
||||
#include "mozilla/BasePrincipal.h"
|
||||
#include "mozilla/Preferences.h"
|
||||
#include "mozilla/Telemetry.h"
|
||||
#include "nsNetUtil.h"
|
||||
#include "nsNetUtilInlines.h"
|
||||
|
@ -1821,33 +1822,40 @@ NS_RelaxStrictFileOriginPolicy(nsIURI *aTargetURI,
|
|||
return false;
|
||||
}
|
||||
|
||||
//
|
||||
// If the file to be loaded is in a subdirectory of the source
|
||||
// (or same-dir if source is not a directory) then it will
|
||||
// inherit its source principal and be scriptable by that source.
|
||||
//
|
||||
bool sourceIsDir;
|
||||
bool allowed = false;
|
||||
nsresult rv = sourceFile->IsDirectory(&sourceIsDir);
|
||||
if (NS_SUCCEEDED(rv) && sourceIsDir) {
|
||||
rv = sourceFile->Contains(targetFile, &allowed);
|
||||
} else {
|
||||
nsCOMPtr<nsIFile> sourceParent;
|
||||
rv = sourceFile->GetParent(getter_AddRefs(sourceParent));
|
||||
if (NS_SUCCEEDED(rv) && sourceParent) {
|
||||
rv = sourceParent->Equals(targetFile, &allowed);
|
||||
if (NS_FAILED(rv) || !allowed) {
|
||||
rv = sourceParent->Contains(targetFile, &allowed);
|
||||
} else {
|
||||
MOZ_ASSERT(aAllowDirectoryTarget,
|
||||
"sourceFile->Parent == targetFile, but targetFile "
|
||||
"should've been disallowed if it is a directory");
|
||||
bool uniqueOrigin = true;
|
||||
uniqueOrigin = Preferences::GetBool("security.fileuri.unique_origin");
|
||||
|
||||
// If treating all files as unique origins, we can skip this because
|
||||
// it should always be refused.
|
||||
if (!uniqueOrigin) {
|
||||
//
|
||||
// If the file to be loaded is in a subdirectory of the source
|
||||
// (or same-dir if source is not a directory) then it will
|
||||
// inherit its source principal and be scriptable by that source.
|
||||
//
|
||||
bool sourceIsDir;
|
||||
bool allowed = false;
|
||||
nsresult rv = sourceFile->IsDirectory(&sourceIsDir);
|
||||
if (NS_SUCCEEDED(rv) && sourceIsDir) {
|
||||
rv = sourceFile->Contains(targetFile, &allowed);
|
||||
} else {
|
||||
nsCOMPtr<nsIFile> sourceParent;
|
||||
rv = sourceFile->GetParent(getter_AddRefs(sourceParent));
|
||||
if (NS_SUCCEEDED(rv) && sourceParent) {
|
||||
rv = sourceParent->Equals(targetFile, &allowed);
|
||||
if (NS_FAILED(rv) || !allowed) {
|
||||
rv = sourceParent->Contains(targetFile, &allowed);
|
||||
} else {
|
||||
MOZ_ASSERT(aAllowDirectoryTarget,
|
||||
"sourceFile->Parent == targetFile, but targetFile "
|
||||
"should've been disallowed if it is a directory");
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (NS_SUCCEEDED(rv) && allowed) {
|
||||
return true;
|
||||
if (NS_SUCCEEDED(rv) && allowed) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
|
|
Loading…
Reference in New Issue