Treat all file: URIs as having a unique origin.
This commit is contained in:
parent
2c720730d7
commit
f431ddbece
|
@ -1335,6 +1335,10 @@ pref("image.animation_mode", "normal");
|
||||||
// Same-origin policy for file URIs, "false" is traditional
|
// Same-origin policy for file URIs, "false" is traditional
|
||||||
pref("security.fileuri.strict_origin_policy", true);
|
pref("security.fileuri.strict_origin_policy", true);
|
||||||
|
|
||||||
|
// Treat all file URIs as having a unique origin.
|
||||||
|
// Only has an effect if strict origin policy is true.
|
||||||
|
pref("security.fileuri.unique_origin", true);
|
||||||
|
|
||||||
// If this pref is true, prefs in the logging.config branch will be cleared on
|
// If this pref is true, prefs in the logging.config branch will be cleared on
|
||||||
// startup. This is done so that setting a log-file and log-modules at runtime
|
// startup. This is done so that setting a log-file and log-modules at runtime
|
||||||
// doesn't persist across restarts leading to huge logfile and low disk space.
|
// doesn't persist across restarts leading to huge logfile and low disk space.
|
||||||
|
|
|
@ -10,6 +10,7 @@
|
||||||
#include "mozilla/LoadContext.h"
|
#include "mozilla/LoadContext.h"
|
||||||
#include "mozilla/LoadInfo.h"
|
#include "mozilla/LoadInfo.h"
|
||||||
#include "mozilla/BasePrincipal.h"
|
#include "mozilla/BasePrincipal.h"
|
||||||
|
#include "mozilla/Preferences.h"
|
||||||
#include "mozilla/Telemetry.h"
|
#include "mozilla/Telemetry.h"
|
||||||
#include "nsNetUtil.h"
|
#include "nsNetUtil.h"
|
||||||
#include "nsNetUtilInlines.h"
|
#include "nsNetUtilInlines.h"
|
||||||
|
@ -1821,33 +1822,40 @@ NS_RelaxStrictFileOriginPolicy(nsIURI *aTargetURI,
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
//
|
bool uniqueOrigin = true;
|
||||||
// If the file to be loaded is in a subdirectory of the source
|
uniqueOrigin = Preferences::GetBool("security.fileuri.unique_origin");
|
||||||
// (or same-dir if source is not a directory) then it will
|
|
||||||
// inherit its source principal and be scriptable by that source.
|
// If treating all files as unique origins, we can skip this because
|
||||||
//
|
// it should always be refused.
|
||||||
bool sourceIsDir;
|
if (!uniqueOrigin) {
|
||||||
bool allowed = false;
|
//
|
||||||
nsresult rv = sourceFile->IsDirectory(&sourceIsDir);
|
// If the file to be loaded is in a subdirectory of the source
|
||||||
if (NS_SUCCEEDED(rv) && sourceIsDir) {
|
// (or same-dir if source is not a directory) then it will
|
||||||
rv = sourceFile->Contains(targetFile, &allowed);
|
// inherit its source principal and be scriptable by that source.
|
||||||
} else {
|
//
|
||||||
nsCOMPtr<nsIFile> sourceParent;
|
bool sourceIsDir;
|
||||||
rv = sourceFile->GetParent(getter_AddRefs(sourceParent));
|
bool allowed = false;
|
||||||
if (NS_SUCCEEDED(rv) && sourceParent) {
|
nsresult rv = sourceFile->IsDirectory(&sourceIsDir);
|
||||||
rv = sourceParent->Equals(targetFile, &allowed);
|
if (NS_SUCCEEDED(rv) && sourceIsDir) {
|
||||||
if (NS_FAILED(rv) || !allowed) {
|
rv = sourceFile->Contains(targetFile, &allowed);
|
||||||
rv = sourceParent->Contains(targetFile, &allowed);
|
} else {
|
||||||
} else {
|
nsCOMPtr<nsIFile> sourceParent;
|
||||||
MOZ_ASSERT(aAllowDirectoryTarget,
|
rv = sourceFile->GetParent(getter_AddRefs(sourceParent));
|
||||||
"sourceFile->Parent == targetFile, but targetFile "
|
if (NS_SUCCEEDED(rv) && sourceParent) {
|
||||||
"should've been disallowed if it is a directory");
|
rv = sourceParent->Equals(targetFile, &allowed);
|
||||||
|
if (NS_FAILED(rv) || !allowed) {
|
||||||
|
rv = sourceParent->Contains(targetFile, &allowed);
|
||||||
|
} else {
|
||||||
|
MOZ_ASSERT(aAllowDirectoryTarget,
|
||||||
|
"sourceFile->Parent == targetFile, but targetFile "
|
||||||
|
"should've been disallowed if it is a directory");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
if (NS_SUCCEEDED(rv) && allowed) {
|
if (NS_SUCCEEDED(rv) && allowed) {
|
||||||
return true;
|
return true;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return false;
|
return false;
|
||||||
|
|
Loading…
Reference in New Issue
Block a user