Backed out changeset 59e30ba1b38f (bug 1339823) on a CLOSED TREE
This commit is contained in:
Carsten "Tomcat" Book
@@ -1209,6 +1209,9 @@ private:
|
||||
mWorkerPrivate->SetBaseURI(finalURI);
|
||||
}
|
||||
|
||||
nsILoadGroup* loadGroup = mWorkerPrivate->GetLoadGroup();
|
||||
MOZ_DIAGNOSTIC_ASSERT(loadGroup);
|
||||
|
||||
#if defined(DEBUG) || !defined(RELEASE_OR_BETA)
|
||||
nsIPrincipal* principal = mWorkerPrivate->GetPrincipal();
|
||||
MOZ_DIAGNOSTIC_ASSERT(principal);
|
||||
@@ -1224,13 +1227,11 @@ private:
|
||||
|
||||
mWorkerPrivate->InitChannelInfo(aChannelInfo);
|
||||
|
||||
nsILoadGroup* loadGroup = mWorkerPrivate->GetLoadGroup();
|
||||
MOZ_DIAGNOSTIC_ASSERT(loadGroup);
|
||||
|
||||
// Override the principal on the WorkerPrivate. This is only necessary
|
||||
// in order to get a principal with exactly the correct URL. The fetch
|
||||
// referrer logic depends on the WorkerPrivate principal having a URL
|
||||
// that matches the worker script URL.
|
||||
// Override the principal on the WorkerPrivate. We just asserted that
|
||||
// this is the same as our current WorkerPrivate principal, so this is
|
||||
// almost a no-op. We must do, it though, in order to avoid accidentally
|
||||
// propagating the CSP object back to the ServiceWorkerRegistration
|
||||
// principal. If bug 965637 is fixed then this can be removed.
|
||||
rv = mWorkerPrivate->SetPrincipalOnMainThread(responsePrincipal, loadGroup);
|
||||
MOZ_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv));
|
||||
|
||||
|
||||
@@ -3219,8 +3219,35 @@ ServiceWorkerManager::CreateNewRegistration(const nsCString& aScope,
|
||||
MOZ_ASSERT(!tmp);
|
||||
#endif
|
||||
|
||||
// The environment that registers the document may have some CSP applied
|
||||
// to its principal. This should not be inherited by the registration
|
||||
// itself or the worker it creates. To avoid confusion in callsites
|
||||
// downstream we strip the CSP from the principal now.
|
||||
//
|
||||
// Unfortunately there is no API to clone a principal without its CSP. To
|
||||
// achieve the same thing we serialize to the IPC PrincipalInfo type and
|
||||
// back to an nsIPrincipal.
|
||||
PrincipalInfo principalInfo;
|
||||
rv = PrincipalToPrincipalInfo(aPrincipal, &principalInfo);
|
||||
if (NS_WARN_IF(NS_FAILED(rv))) {
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIPrincipal> cleanPrincipal =
|
||||
PrincipalInfoToPrincipal(principalInfo, &rv);
|
||||
if (NS_WARN_IF(NS_FAILED(rv))) {
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
// Verify that we do not have any CSP set on our principal "clone".
|
||||
#if defined(DEBUG) || !defined(RELEASE_OR_BETA)
|
||||
nsCOMPtr<nsIContentSecurityPolicy> csp;
|
||||
MOZ_ALWAYS_SUCCEEDS(cleanPrincipal->GetCsp(getter_AddRefs(csp)));
|
||||
MOZ_DIAGNOSTIC_ASSERT(!csp);
|
||||
#endif
|
||||
|
||||
RefPtr<ServiceWorkerRegistrationInfo> registration =
|
||||
new ServiceWorkerRegistrationInfo(aScope, aPrincipal, aLoadFlags);
|
||||
new ServiceWorkerRegistrationInfo(aScope, cleanPrincipal, aLoadFlags);
|
||||
// From now on ownership of registration is with
|
||||
// mServiceWorkerRegistrationInfos.
|
||||
AddScopeAndRegistration(aScope, registration);
|
||||
|
||||
@@ -1736,35 +1736,23 @@ ServiceWorkerPrivate::SpawnWorkerIfNeeded(WakeUpReason aWhy,
|
||||
return rv;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIURI> uri;
|
||||
rv = mInfo->GetPrincipal()->GetURI(getter_AddRefs(uri));
|
||||
if (NS_WARN_IF(NS_FAILED(rv))) {
|
||||
return rv;
|
||||
}
|
||||
|
||||
if (NS_WARN_IF(!uri)) {
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
|
||||
// Create a pristine codebase principal to avoid any possibility of inheriting
|
||||
// CSP values. The principal on the registration may be polluted with CSP
|
||||
// from the registering page or other places the principal is passed. If
|
||||
// bug 965637 is ever fixed this can be removed.
|
||||
info.mPrincipal =
|
||||
BasePrincipal::CreateCodebasePrincipal(uri, mInfo->GetOriginAttributes());
|
||||
if (NS_WARN_IF(!info.mPrincipal)) {
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
info.mPrincipal = mInfo->GetPrincipal();
|
||||
|
||||
nsContentUtils::StorageAccess access =
|
||||
nsContentUtils::StorageAllowedForPrincipal(info.mPrincipal);
|
||||
info.mStorageAllowed = access > nsContentUtils::StorageAccess::ePrivateBrowsing;
|
||||
info.mOriginAttributes = mInfo->GetOriginAttributes();
|
||||
|
||||
// Verify that we don't have any CSP on pristine principal.
|
||||
// The ServiceWorkerRegistration principal should never have any CSP
|
||||
// set. The CSP from the page that registered the SW should not be
|
||||
// inherited. Verify this is the case in non-release builds
|
||||
#if defined(DEBUG) || !defined(RELEASE_OR_BETA)
|
||||
nsCOMPtr<nsIContentSecurityPolicy> csp;
|
||||
Unused << info.mPrincipal->GetCsp(getter_AddRefs(csp));
|
||||
rv = info.mPrincipal->GetCsp(getter_AddRefs(csp));
|
||||
if (NS_WARN_IF(NS_FAILED(rv))) {
|
||||
return rv;
|
||||
}
|
||||
|
||||
MOZ_DIAGNOSTIC_ASSERT(!csp);
|
||||
#endif
|
||||
|
||||
|
||||
Reference in New Issue
Block a user