corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Backed out changeset 1313a6a0c641 (bug 1669453) for causing wpt failures in history_pushstate_url_rewriting.html CLOSED TREE

Browse Source
This commit is contained in:
Cristian Tuns
2024-01-10 21:16:11 -05:00
parent 6a38d98937
commit d59c68137e
3 changed files with 22 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
docshell/base/nsDocShell.cpp
View File

@@ -11264,19 +11264,16 @@ nsDocShell::AddState(JS::Handle<JS::Value> aData, const nsAString& aTitle,
// It's very important that we check that newURI is of the same
// origin as currentURI, not docBaseURI, because a page can
// set docBaseURI arbitrarily to any domain.
bool isPrivateWin =
document->NodePrincipal()->OriginAttributesRef().mPrivateBrowsingId >
0;
if (NS_FAILED(secMan->CheckSameOriginURI(currentURI, newURI, true,
isPrivateWin))) {
return NS_ERROR_DOM_SECURITY_ERR;
}
nsAutoCString currentUserPass, newUserPass;
NS_ENSURE_SUCCESS(currentURI->GetUserPass(currentUserPass),
NS_ERROR_FAILURE);
NS_ENSURE_SUCCESS(newURI->GetUserPass(newUserPass), NS_ERROR_FAILURE);
if (!currentUserPass.Equals(newUserPass)) {
bool isPrivateWin =
document->NodePrincipal()->OriginAttributesRef().mPrivateBrowsingId >
0;
if (NS_FAILED(secMan->CheckSameOriginURI(currentURI, newURI, true,
isPrivateWin)) ||
!currentUserPass.Equals(newUserPass)) {
return NS_ERROR_DOM_SECURITY_ERR;
}
} else {