Bug 1317641 - Some loadinfo security flags should not apply in case of a redirect. r=bz

2016-11-23 17:54:58 -05:00
parent 324acce7c1
commit e4c246fda6
1 changed files with 6 additions and 3 deletions
--- a/caps/nsScriptSecurityManager.cpp
+++ b/caps/nsScriptSecurityManager.cpp
@@ -326,9 +326,12 @@ nsScriptSecurityManager::GetChannelResultPrincipal(nsIChannel* aChannel,
        }

        nsSecurityFlags securityFlags = loadInfo->GetSecurityMode();
-        if (securityFlags == nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS ||
-            securityFlags == nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS ||
-            securityFlags == nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS) {
+        // The data: inheritance flags should only apply to the initial load,
+        // not to loads that it might have redirected to.
+        if (loadInfo->RedirectChain().IsEmpty() &&
+            (securityFlags == nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS ||
+             securityFlags == nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS ||
+             securityFlags == nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS)) {

            nsCOMPtr<nsIURI> uri;
            nsresult rv = NS_GetFinalChannelURI(aChannel, getter_AddRefs(uri));