corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 600813 - Removing PUT and DELETE form methods. a=blocking-b7

Browse Source
This commit is contained in:
Mounir Lamouri
2010-09-30 16:55:11 -07:00
parent c50d0e91e9
commit 26df3b68ae
19 changed files with 59 additions and 531 deletions
Download Patch File Download Diff File Expand all files Collapse all files

111
docshell/base/nsDocShell.cpp
View File

@@ -1412,8 +1412,7 @@ nsDocShell::LoadURI(nsIURI * aURI,
nsnull, // No SHEntry
aFirstParty,
nsnull, // No nsIDocShell
nsnull, // No nsIRequest
nsnull); // Use default HTTP method
nsnull); // No nsIRequest
}
NS_IMETHODIMP
@@ -4096,7 +4095,7 @@ nsDocShell::LoadErrorPage(nsIURI *aURI, const PRUnichar *aURL,
return InternalLoad(errorPageURI, nsnull, nsnull,
INTERNAL_LOAD_FLAGS_INHERIT_OWNER, nsnull, nsnull,
nsnull, nsnull, LOAD_ERROR_PAGE,
nsnull, PR_TRUE, nsnull, nsnull, nsnull);
nsnull, PR_TRUE, nsnull, nsnull);
}
@@ -4160,8 +4159,7 @@ nsDocShell::Reload(PRUint32 aReloadFlags)
nsnull, // No SHEntry
PR_TRUE,
nsnull, // No nsIDocShell
nsnull, // No nsIRequest
nsnull); // Use default HTTP method
nsnull); // No nsIRequest
}
@@ -5871,7 +5869,7 @@ nsDocShell::OnLocationChange(nsIWebProgress * aProgress,
return NS_OK;
}
nsresult
void
nsDocShell::OnRedirectStateChange(nsIChannel* aOldChannel,
nsIChannel* aNewChannel,
PRUint32 aRedirectFlags,
@@ -5880,44 +5878,13 @@ nsDocShell::OnRedirectStateChange(nsIChannel* aOldChannel,
NS_ASSERTION(aStateFlags & STATE_REDIRECTING,
"Calling OnRedirectStateChange when there is no redirect");
if (!(aStateFlags & STATE_IS_DOCUMENT))
return NS_OK; // not a toplevel document
return; // not a toplevel document
nsCOMPtr<nsIURI> oldURI, newURI;
aOldChannel->GetURI(getter_AddRefs(oldURI));
aNewChannel->GetURI(getter_AddRefs(newURI));
if (!oldURI || !newURI) {
return NS_OK;
}
// HTTP channel with unsafe methods should not be redirected to a cross-domain.
if (!ChannelIsSafeMethod(aNewChannel)) {
// This code is very similar to the code of nsSameOriginChecker in
// nsContentUtils but we can't use nsSameOriginChecker because it
// needs to use a channel callback (which we already use).
// If nsSameOriginChecker happens to not use a channel callback
// anymore, this code would be a good candidate for refactoring.
nsCOMPtr<nsIPrincipal> oldPrincipal;
nsresult rv;
nsCOMPtr<nsIScriptSecurityManager> secMan =
do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
rv = secMan->GetChannelPrincipal(aOldChannel,
getter_AddRefs(oldPrincipal));
NS_ENSURE_SUCCESS(rv, NS_OK);
NS_ASSERTION(oldPrincipal, "oldPrincipal should not be null!");
nsCOMPtr<nsIURI> newOriginalURI;
aNewChannel->GetOriginalURI(getter_AddRefs(newOriginalURI));
rv = oldPrincipal->CheckMayLoad(newURI, PR_FALSE);
if (NS_SUCCEEDED(rv) && newOriginalURI != newURI) {
rv = oldPrincipal->CheckMayLoad(newOriginalURI, PR_FALSE);
}
// The requested tried to be redirected, we have to cancel it.
NS_ENSURE_SUCCESS(rv, rv);
return;
}
// Below a URI visit is saved (see AddURIVisit method doc).
@@ -5968,8 +5935,6 @@ nsDocShell::OnRedirectStateChange(nsIChannel* aOldChannel,
mLoadType = LOAD_NORMAL_REPLACE;
SetHistoryEntry(&mLSHE, nsnull);
}
return NS_OK;
}
NS_IMETHODIMP
@@ -6341,8 +6306,7 @@ nsDocShell::EndPageLoad(nsIWebProgress * aProgress,
nsnull, // No SHEntry
PR_TRUE, // first party site
nsnull, // No nsIDocShell
nsnull, // No nsIRequest
nsnull); // Use default HTTP method
nsnull); // No nsIRequest
}
else {
DisplayLoadError(aStatus, url, nsnull, aChannel);
@@ -7786,7 +7750,7 @@ public:
return mDocShell->InternalLoad(mURI, mReferrer, mOwner, mFlags,
nsnull, mTypeHint.get(),
mPostData, mHeadersData, mLoadType,
mSHEntry, mFirstParty, nsnull, nsnull, nsnull);
mSHEntry, mFirstParty, nsnull, nsnull);
}
private:
@@ -7820,8 +7784,7 @@ nsDocShell::InternalLoad(nsIURI * aURI,
nsISHEntry * aSHEntry,
PRBool aFirstParty,
nsIDocShell** aDocShell,
nsIRequest** aRequest,
const char* aHttpMethod)
nsIRequest** aRequest)
{
nsresult rv = NS_OK;
@@ -8023,8 +7986,7 @@ nsDocShell::InternalLoad(nsIURI * aURI,
aSHEntry,
aFirstParty,
aDocShell,
aRequest,
aHttpMethod);
aRequest);
if (rv == NS_ERROR_NO_CONTENT) {
// XXXbz except we never reach this code!
if (isNewWindow) {
@@ -8459,8 +8421,7 @@ nsDocShell::InternalLoad(nsIURI * aURI,
aDocShell, getter_AddRefs(req),
(aFlags & INTERNAL_LOAD_FLAGS_FIRST_LOAD) != 0,
(aFlags & INTERNAL_LOAD_FLAGS_BYPASS_CLASSIFIER) != 0,
(aFlags & INTERNAL_LOAD_FLAGS_FORCE_ALLOW_COOKIES) != 0,
aHttpMethod);
(aFlags & INTERNAL_LOAD_FLAGS_FORCE_ALLOW_COOKIES) != 0);
if (req && aRequest)
NS_ADDREF(*aRequest = req);
@@ -8541,8 +8502,7 @@ nsDocShell::DoURILoad(nsIURI * aURI,
nsIRequest ** aRequest,
PRBool aIsNewWindowTarget,
PRBool aBypassClassifier,
PRBool aForceAllowCookies,
const char* aHttpMethod)
PRBool aForceAllowCookies)
{
nsresult rv;
nsCOMPtr<nsIURILoader> uriLoader;
@@ -8725,20 +8685,6 @@ nsDocShell::DoURILoad(nsIURI * aURI,
// Referrer is currenly only set for link clicks here.
httpChannel->SetReferrer(aReferrerURI);
}
// If a specific HTTP method has been requested, set it.
if (aHttpMethod) {
// Tell the cache it _has_ to open a cache entry.
PRUint32 loadFlags;
if (NS_SUCCEEDED(channel->GetLoadFlags(&loadFlags))) {
channel->SetLoadFlags(loadFlags | nsICachingChannel::FORCE_OPEN_CACHE_ENTRY);
}
// The method name have to be correct.
// Otherwise SetRequestMethod will return a failure.
rv = httpChannel->SetRequestMethod(nsDependentCString(aHttpMethod));
NS_ENSURE_SUCCESS(rv, rv);
}
}
//
// Set the owner of the channel, but only for channels that can't
@@ -8789,14 +8735,6 @@ nsDocShell::DoURILoad(nsIURI * aURI,
}
}
// If a specific HTTP channel has been set and it is not a safe method,
// we should prevent cross-origin requests.
if (aHttpMethod && ownerPrincipal && !ChannelIsSafeMethod(channel)) {
if (NS_FAILED(ownerPrincipal->CheckMayLoad(aURI, PR_FALSE))) {
return NS_OK;
}
}
nsCOMPtr<nsIScriptChannel> scriptChannel = do_QueryInterface(channel);
if (scriptChannel) {
// Allow execution against our context if the principals match
@@ -10008,8 +9946,7 @@ nsDocShell::LoadHistoryEntry(nsISHEntry * aEntry, PRUint32 aLoadType)
aEntry, // SHEntry
PR_TRUE,
nsnull, // No nsIDocShell
nsnull, // No nsIRequest
nsnull); // Use default HTTP method
nsnull); // No nsIRequest
return rv;
}
@@ -10422,7 +10359,6 @@ NS_IMETHODIMP nsDocShell::MakeEditable(PRBool inWaitForUriLoad)
return mEditorData->MakeEditable(inWaitForUriLoad);
}
/* static */
bool
nsDocShell::ChannelIsPost(nsIChannel* aChannel)
{
@@ -10436,21 +10372,6 @@ nsDocShell::ChannelIsPost(nsIChannel* aChannel)
return method.Equals("POST");
}
/* static */
bool
nsDocShell::ChannelIsSafeMethod(nsIChannel* aChannel)
{
nsCOMPtr<nsIHttpChannel> httpChannel(do_QueryInterface(aChannel));
if (!httpChannel) {
return false;
}
nsCAutoString method;
httpChannel->GetRequestMethod(method);
return method.Equals("GET") || method.Equals("POST") ||
method.Equals("HEAD");
}
void
nsDocShell::ExtractLastVisit(nsIChannel* aChannel,
nsIURI** aURI,
@@ -11381,8 +11302,7 @@ nsDocShell::OnLinkClickSync(nsIContent *aContent,
nsIInputStream* aPostDataStream,
nsIInputStream* aHeadersDataStream,
nsIDocShell** aDocShell,
nsIRequest** aRequest,
const char* aHttpMethod)
nsIRequest** aRequest)
{
// Initialize the DocShell / Request
if (aDocShell) {
@@ -11458,8 +11378,7 @@ nsDocShell::OnLinkClickSync(nsIContent *aContent,
nsnull, // No SHEntry
PR_TRUE, // first party site
aDocShell, // DocShell out-param
aRequest, // Request out-param
aHttpMethod); // HTTP Method
aRequest); // Request out-param
if (NS_SUCCEEDED(rv)) {
DispatchPings(aContent, referer);
}