corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 1550743 - Change DoSecureToInsecureSubmitCheck to use IsSecureContext; r=ckerschb

Browse Source 
Differential Revision: https://phabricator.services.mozilla.com/D176319
This commit is contained in:
june wilde
2023-06-06 15:04:41 +00:00
parent 495ba94c73
commit 69995f692b
1 changed files with 16 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
dom/html/HTMLFormElement.cpp
View File

@@ -876,19 +876,6 @@ nsresult HTMLFormElement::DoSecureToInsecureSubmitCheck(nsIURI* aActionURL,
return NS_OK;
}
nsIPrincipal* principal = NodePrincipal();
if (!principal) {
*aCancelSubmit = true;
return NS_OK;
}
bool formIsHTTPS = principal->SchemeIs("https");
if (principal->IsSystemPrincipal() || principal->GetIsExpandedPrincipal()) {
formIsHTTPS = OwnerDoc()->GetDocumentURI()->SchemeIs("https");
}
if (!formIsHTTPS) {
return NS_OK;
}
if (nsMixedContentBlocker::IsPotentiallyTrustworthyLoopbackURL(aActionURL)) {
return NS_OK;
}
@@ -905,6 +892,22 @@ nsresult HTMLFormElement::DoSecureToInsecureSubmitCheck(nsIURI* aActionURL,
if (!window) {
return NS_ERROR_FAILURE;
}
// Now that we know the action URI is insecure check if we're submitting from
// a secure URI and if so fall thru and prompt user about posting.
if (nsCOMPtr<nsPIDOMWindowInner> innerWindow = OwnerDoc()->GetInnerWindow()) {
if (!innerWindow->IsSecureContext()) {
return NS_OK;
}
}
// Bug 1351358: While file URIs are considered to be secure contexts we allow
// submitting a form to an insecure URI from a file URI without an alert in an
// attempt to avoid compatibility issues.
if (window->GetDocumentURI()->SchemeIs("file")) {
return NS_OK;
}
nsCOMPtr<nsIDocShell> docShell = window->GetDocShell();
if (!docShell) {
return NS_ERROR_FAILURE;