Bug 1038756: Refactor SetUpChannelOwner to ChannelShouldInheritPrincipal (r=bz)

2014-07-17 16:07:58 -07:00
parent 9e6399cd21
commit 967667dee4
6 changed files with 84 additions and 86 deletions
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@@ -9369,7 +9369,7 @@ nsDocShell::InternalLoad(nsIURI * aURI,
    {
        bool willInherit;
        // This condition needs to match the one in
-        // nsContentUtils::SetUpChannelOwner.
+        // nsContentUtils::ChannelShouldInheritPrincipal.
        // Except we reverse the rv check to be safe in case
        // nsContentUtils::URIInheritsSecurityContext fails here and
        // succeeds there.
@@ -10147,8 +10147,19 @@ nsDocShell::DoURILoad(nsIURI * aURI,
        requestingNode = mScriptGlobal->GetExtantDoc();
      }
    }
+
+    bool isSandBoxed = mSandboxFlags & SANDBOXED_ORIGIN;
+    // only inherit if we have a requestingPrincipal
+    bool inherit = false;
+
    nsCOMPtr<nsIPrincipal> requestingPrincipal = do_QueryInterface(aOwner);
-    if (!requestingPrincipal && aReferrerURI) {
+    if (requestingPrincipal) {
+      inherit = nsContentUtils::ChannelShouldInheritPrincipal(requestingPrincipal,
+                                                              aURI,
+                                                              true, // aInheritForAboutBlank
+                                                              isSrcdoc);
+    }
+    else if (!requestingPrincipal && aReferrerURI) {
      rv = CreatePrincipalFromReferrer(aReferrerURI,
                                       getter_AddRefs(requestingPrincipal));
      NS_ENSURE_SUCCESS(rv, rv);
@@ -10157,12 +10168,20 @@ nsDocShell::DoURILoad(nsIURI * aURI,
      requestingPrincipal = nsContentUtils::GetSystemPrincipal();
    }

+    nsSecurityFlags securityFlags = nsILoadInfo::SEC_NORMAL;
+    if (inherit) {
+      securityFlags |= nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL;
+    }
+    if (isSandBoxed) {
+      securityFlags |= nsILoadInfo::SEC_SANDBOXED;
+    }
+
    if (!isSrcdoc) {
        rv = NS_NewChannelInternal(getter_AddRefs(channel),
                                   aURI,
                                   requestingNode,
                                   requestingPrincipal,
-                                   nsILoadInfo::SEC_NORMAL,
+                                   securityFlags,
                                   aContentPolicyType,
                                   channelPolicy,
                                   nullptr,   // loadGroup
@@ -10221,7 +10240,7 @@ nsDocShell::DoURILoad(nsIURI * aURI,
        nsCOMPtr<nsILoadInfo> loadInfo =
          new LoadInfo(requestingPrincipal,
                       requestingNode,
-                       nsILoadInfo::SEC_NORMAL,
+                       securityFlags,
                       aContentPolicyType);
        channel->SetLoadInfo(loadInfo);
    }
@@ -10386,11 +10405,6 @@ nsDocShell::DoURILoad(nsIURI * aURI,
        }
    }

-    nsCOMPtr<nsIPrincipal> ownerPrincipal = do_QueryInterface(aOwner);
-    nsContentUtils::SetUpChannelOwner(ownerPrincipal, channel, aURI, true,
-                                      mSandboxFlags & SANDBOXED_ORIGIN,
-                                      isSrcdoc);
-
    nsCOMPtr<nsIScriptChannel> scriptChannel = do_QueryInterface(channel);
    if (scriptChannel) {
        // Allow execution against our context if the principals match