Bug 948574 - Provide limited access to nsISiteSecurityService apis in the child, and prevent the direct creation of nsISiteSecurityService. r=bz, sr=ptheriault, original author: David Keeler <dkeeler@mozilla.com>
This commit is contained in:
Jim Mathies
@@ -22,6 +22,7 @@
|
||||
#include "mozilla/Telemetry.h"
|
||||
#include "mozilla/unused.h"
|
||||
#include "mozilla/VisualEventTracer.h"
|
||||
#include "URIUtils.h"
|
||||
|
||||
#ifdef MOZ_LOGGING
|
||||
// so we can get logging even in release builds (but only for some things)
|
||||
@@ -4559,16 +4560,24 @@ nsDocShell::DisplayLoadError(nsresult aError, nsIURI *aURI,
|
||||
|
||||
// if this is a Strict-Transport-Security host and the cert
|
||||
// is bad, don't allow overrides (STS Spec section 7.3).
|
||||
nsCOMPtr<nsISiteSecurityService> sss =
|
||||
do_GetService(NS_SSSERVICE_CONTRACTID, &rv);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
uint32_t flags =
|
||||
mInPrivateBrowsing ? nsISocketProvider::NO_PERMANENT_STORAGE : 0;
|
||||
|
||||
uint32_t type = nsISiteSecurityService::HEADER_HSTS;
|
||||
uint32_t flags = mInPrivateBrowsing
|
||||
? nsISocketProvider::NO_PERMANENT_STORAGE
|
||||
: 0;
|
||||
bool isStsHost = false;
|
||||
rv = sss->IsSecureURI(nsISiteSecurityService::HEADER_HSTS,
|
||||
aURI, flags, &isStsHost);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
if (XRE_GetProcessType() == GeckoProcessType_Default) {
|
||||
nsCOMPtr<nsISiteSecurityService> sss =
|
||||
do_GetService(NS_SSSERVICE_CONTRACTID, &rv);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
rv = sss->IsSecureURI(type, aURI, flags, &isStsHost);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
} else {
|
||||
mozilla::dom::ContentChild* cc =
|
||||
mozilla::dom::ContentChild::GetSingleton();
|
||||
mozilla::ipc::URIParams uri;
|
||||
SerializeURI(aURI, uri);
|
||||
cc->SendIsSecureURI(type, uri, flags, &isStsHost);
|
||||
}
|
||||
|
||||
uint32_t bucketId;
|
||||
if (isStsHost) {
|
||||
|
||||
Reference in New Issue
Block a user