merge mozilla-inbound to mozilla-central a=merge
This commit is contained in:
Carsten "Tomcat" Book
@@ -3573,8 +3573,54 @@ nsDocShell::CanAccessItem(nsIDocShellTreeItem* aTargetItem,
|
||||
return false;
|
||||
}
|
||||
|
||||
if (static_cast<nsDocShell*>(targetDS.get())->GetOriginAttributes() !=
|
||||
static_cast<nsDocShell*>(accessingDS.get())->GetOriginAttributes()) {
|
||||
nsCOMPtr<nsIDocShellTreeItem> accessingRoot;
|
||||
aAccessingItem->GetSameTypeRootTreeItem(getter_AddRefs(accessingRoot));
|
||||
nsCOMPtr<nsIDocShell> accessingRootDS = do_QueryInterface(accessingRoot);
|
||||
|
||||
nsCOMPtr<nsIDocShellTreeItem> targetRoot;
|
||||
aTargetItem->GetSameTypeRootTreeItem(getter_AddRefs(targetRoot));
|
||||
nsCOMPtr<nsIDocShell> targetRootDS = do_QueryInterface(targetRoot);
|
||||
|
||||
DocShellOriginAttributes targetOA =
|
||||
static_cast<nsDocShell*>(targetDS.get())->GetOriginAttributes();
|
||||
DocShellOriginAttributes accessingOA =
|
||||
static_cast<nsDocShell*>(accessingDS.get())->GetOriginAttributes();
|
||||
|
||||
// When the first party isolation is on, the top-level docShell may not have
|
||||
// the firstPartyDomain in its originAttributes, but its document will have
|
||||
// it. So we get the firstPartyDomain from the nodePrincipal of the document
|
||||
// before we compare the originAttributes.
|
||||
if (OriginAttributes::IsFirstPartyEnabled()) {
|
||||
if (accessingDS == accessingRootDS &&
|
||||
aAccessingItem->ItemType() == nsIDocShellTreeItem::typeContent &&
|
||||
!accessingDS->GetIsMozBrowserOrApp()) {
|
||||
|
||||
nsCOMPtr<nsIDocument> accessingDoc = aAccessingItem->GetDocument();
|
||||
|
||||
if (accessingDoc) {
|
||||
nsCOMPtr<nsIPrincipal> accessingPrincipal = accessingDoc->NodePrincipal();
|
||||
|
||||
accessingOA.mFirstPartyDomain =
|
||||
BasePrincipal::Cast(accessingPrincipal)->OriginAttributesRef().mFirstPartyDomain;
|
||||
}
|
||||
}
|
||||
|
||||
if (targetDS == targetRootDS &&
|
||||
aTargetItem->ItemType() == nsIDocShellTreeItem::typeContent &&
|
||||
!targetDS->GetIsMozBrowserOrApp()) {
|
||||
|
||||
nsCOMPtr<nsIDocument> targetDoc = aAccessingItem->GetDocument();
|
||||
|
||||
if (targetDoc) {
|
||||
nsCOMPtr<nsIPrincipal> targetPrincipal = targetDoc->NodePrincipal();
|
||||
|
||||
targetOA.mFirstPartyDomain =
|
||||
BasePrincipal::Cast(targetPrincipal)->OriginAttributesRef().mFirstPartyDomain;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (targetOA != accessingOA) {
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -3584,10 +3630,6 @@ nsDocShell::CanAccessItem(nsIDocShellTreeItem* aTargetItem,
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
nsCOMPtr<nsIDocShellTreeItem> accessingRoot;
|
||||
aAccessingItem->GetSameTypeRootTreeItem(getter_AddRefs(accessingRoot));
|
||||
|
||||
if (aTargetItem == accessingRoot) {
|
||||
// A frame can navigate its root.
|
||||
return true;
|
||||
@@ -3605,9 +3647,6 @@ nsDocShell::CanAccessItem(nsIDocShellTreeItem* aTargetItem,
|
||||
parent.swap(target);
|
||||
} while (target);
|
||||
|
||||
nsCOMPtr<nsIDocShellTreeItem> targetRoot;
|
||||
aTargetItem->GetSameTypeRootTreeItem(getter_AddRefs(targetRoot));
|
||||
|
||||
if (aTargetItem != targetRoot) {
|
||||
// target is a subframe, not in accessor's frame hierarchy, and all its
|
||||
// ancestors have origins different from that of the accessor. Don't
|
||||
|
||||
Reference in New Issue
Block a user