corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 1914286 - Remove NS_RelaxStrictFileOriginPolicy. r=smaug,necko-reviewers,kershaw

Browse Source 
Differential Revision: https://phabricator.services.mozilla.com/D219921
This commit is contained in:
Masatoshi Kimura
2024-08-23 10:13:35 +00:00
parent bfb53ac9de
commit e697accc65
8 changed files with 1 additions and 100 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
caps/BasePrincipal.cpp
View File

@@ -793,18 +793,6 @@ BasePrincipal::IsL10nAllowed(nsIURI* aURI, bool* aRes) {
return NS_OK; return NS_OK;
} }
NS_IMETHODIMP
BasePrincipal::AllowsRelaxStrictFileOriginPolicy(nsIURI* aURI, bool* aRes) {
*aRes = false;
nsCOMPtr<nsIURI> prinURI;
nsresult rv = GetURI(getter_AddRefs(prinURI));
if (NS_FAILED(rv) || !prinURI) {
return NS_OK;
}
*aRes = NS_RelaxStrictFileOriginPolicy(aURI, prinURI);
return NS_OK;
}
NS_IMETHODIMP NS_IMETHODIMP
BasePrincipal::GetPrefLightCacheKey(nsIURI* aURI, bool aWithCredentials, BasePrincipal::GetPrefLightCacheKey(nsIURI* aURI, bool aWithCredentials,
const OriginAttributes& aOriginAttributes, const OriginAttributes& aOriginAttributes,

2
caps/BasePrincipal.h
View File

@@ -182,8 +182,6 @@ class BasePrincipal : public nsJSPrincipals {
bool* aOutAllowed) override; bool* aOutAllowed) override;
NS_IMETHOD GetAsciiHost(nsACString& aAsciiHost) override; NS_IMETHOD GetAsciiHost(nsACString& aAsciiHost) override;
NS_IMETHOD GetLocalStorageQuotaKey(nsACString& aRes) override; NS_IMETHOD GetLocalStorageQuotaKey(nsACString& aRes) override;
NS_IMETHOD AllowsRelaxStrictFileOriginPolicy(nsIURI* aURI,
bool* aRes) override;
NS_IMETHOD CreateReferrerInfo(mozilla::dom::ReferrerPolicy aReferrerPolicy, NS_IMETHOD CreateReferrerInfo(mozilla::dom::ReferrerPolicy aReferrerPolicy,
nsIReferrerInfo** _retval) override; nsIReferrerInfo** _retval) override;
NS_IMETHOD GetIsScriptAllowedByPolicy( NS_IMETHOD GetIsScriptAllowedByPolicy(

8
caps/ContentPrincipal.cpp
View File

@@ -305,14 +305,6 @@ bool ContentPrincipal::MayLoadInternal(nsIURI* aURI) {
return true; return true;
} }
// If strict file origin policy is in effect, local files will always fail
// SecurityCompareURIs unless they are identical. Explicitly check file origin
// policy, in that case.
if (nsScriptSecurityManager::GetStrictFileOriginPolicy() &&
NS_URIIsLocalFile(aURI) && NS_RelaxStrictFileOriginPolicy(aURI, mURI)) {
return true;
}
return false; return false;
} }

8
caps/nsIPrincipal.idl
View File

@@ -419,14 +419,6 @@ interface nsIPrincipal : nsISupports
[infallible] [infallible]
boolean isSameOrigin(in nsIURI otherURI); boolean isSameOrigin(in nsIURI otherURI);
/*
* Checks if the Principal is allowed to load the Provided file:// URI
* using NS_RelaxStrictFileOriginPolicy
*
* May be called from any thread.
*/
boolean allowsRelaxStrictFileOriginPolicy(in nsIURI aURI);
/* /*
* Generates a Cache-Key for the Cors-Preflight Cache * Generates a Cache-Key for the Cors-Preflight Cache

14
dom/workers/WorkerLoadInfo.cpp
View File

@@ -333,20 +333,6 @@ bool WorkerLoadInfo::PrincipalURIMatchesScriptURL() {
return true; return true;
} }
// If strict file origin policy is in effect, local files will always fail
// IsSameOrigin unless they are identical. Explicitly check file origin
// policy, in that case.
bool allowsRelaxedOriginPolicy = false;
rv = mPrincipal->AllowsRelaxStrictFileOriginPolicy(
mBaseURI, &allowsRelaxedOriginPolicy);
if (nsScriptSecurityManager::GetStrictFileOriginPolicy() &&
NS_URIIsLocalFile(mBaseURI) &&
(NS_SUCCEEDED(rv) && allowsRelaxedOriginPolicy)) {
return true;
}
return false; return false;
} }
#endif // MOZ_DIAGNOSTIC_ASSERT_ENABLED #endif // MOZ_DIAGNOSTIC_ASSERT_ENABLED

47
netwerk/base/nsNetUtil.cpp
View File

@@ -2450,8 +2450,7 @@ bool NS_SecurityCompareURIs(nsIURI* aSourceURI, nsIURI* aTargetURI,
return false; return false;
} }
// For file scheme, reject unless the files are identical. See // For file scheme, reject unless the files are identical.
// NS_RelaxStrictFileOriginPolicy for enforcing file same-origin checking
if (targetScheme.EqualsLiteral("file")) { if (targetScheme.EqualsLiteral("file")) {
// in traditional unsafe behavior all files are the same origin // in traditional unsafe behavior all files are the same origin
if (!aStrictFileOriginPolicy) return true; if (!aStrictFileOriginPolicy) return true;
@@ -2520,50 +2519,6 @@ bool NS_URIIsLocalFile(nsIURI* aURI) {
isFile; isFile;
} }
bool NS_RelaxStrictFileOriginPolicy(nsIURI* aTargetURI, nsIURI* aSourceURI,
bool aAllowDirectoryTarget /* = false */) {
if (!NS_URIIsLocalFile(aTargetURI)) {
// This is probably not what the caller intended
MOZ_ASSERT_UNREACHABLE(
"NS_RelaxStrictFileOriginPolicy called with non-file URI");
return false;
}
if (!NS_URIIsLocalFile(aSourceURI)) {
// If the source is not also a file: uri then forget it
// (don't want resource: principals in a file: doc)
//
// note: we're not de-nesting jar: uris here, we want to
// keep archive content bottled up in its own little island
return false;
}
//
// pull out the internal files
//
nsCOMPtr<nsIFileURL> targetFileURL(do_QueryInterface(aTargetURI));
nsCOMPtr<nsIFileURL> sourceFileURL(do_QueryInterface(aSourceURI));
nsCOMPtr<nsIFile> targetFile;
nsCOMPtr<nsIFile> sourceFile;
bool targetIsDir;
// Make sure targetFile is not a directory (bug 209234)
// and that it exists w/out unescaping (bug 395343)
if (!sourceFileURL || !targetFileURL ||
NS_FAILED(targetFileURL->GetFile(getter_AddRefs(targetFile))) ||
NS_FAILED(sourceFileURL->GetFile(getter_AddRefs(sourceFile))) ||
!targetFile || !sourceFile || NS_FAILED(targetFile->Normalize()) ||
#ifndef MOZ_WIDGET_ANDROID
NS_FAILED(sourceFile->Normalize()) ||
#endif
(!aAllowDirectoryTarget &&
(NS_FAILED(targetFile->IsDirectory(&targetIsDir)) || targetIsDir))) {
return false;
}
return false;
}
bool NS_IsInternalSameURIRedirect(nsIChannel* aOldChannel, bool NS_IsInternalSameURIRedirect(nsIChannel* aOldChannel,
nsIChannel* aNewChannel, uint32_t aFlags) { nsIChannel* aNewChannel, uint32_t aFlags) {
if (!(aFlags & nsIChannelEventSink::REDIRECT_INTERNAL)) { if (!(aFlags & nsIChannelEventSink::REDIRECT_INTERNAL)) {

9
netwerk/base/nsNetUtil.h
View File

@@ -878,15 +878,6 @@ bool NS_SecurityCompareURIs(nsIURI* aSourceURI, nsIURI* aTargetURI,
bool NS_URIIsLocalFile(nsIURI* aURI); bool NS_URIIsLocalFile(nsIURI* aURI);
// When strict file origin policy is enabled, SecurityCompareURIs will fail for
// file URIs that do not point to the same local file. This call provides an
// alternate file-specific origin check that allows target files that are
// contained in the same directory as the source.
//
// https://developer.mozilla.org/en-US/docs/Same-origin_policy_for_file:_URIs
bool NS_RelaxStrictFileOriginPolicy(nsIURI* aTargetURI, nsIURI* aSourceURI,
bool aAllowDirectoryTarget = false);
bool NS_IsInternalSameURIRedirect(nsIChannel* aOldChannel, bool NS_IsInternalSameURIRedirect(nsIChannel* aOldChannel,
nsIChannel* aNewChannel, uint32_t aFlags); nsIChannel* aNewChannel, uint32_t aFlags);

1
tools/@types/lib.gecko.xpcom.d.ts vendored
View File

@@ -1297,7 +1297,6 @@ interface nsIPrincipal extends nsISupports {
isURIInList(list: string): boolean; isURIInList(list: string): boolean;
isContentAccessibleAboutURI(): boolean; isContentAccessibleAboutURI(): boolean;
isSameOrigin(otherURI: nsIURI): boolean; isSameOrigin(otherURI: nsIURI): boolean;
allowsRelaxStrictFileOriginPolicy(aURI: nsIURI): boolean;
hasFirstpartyStorageAccess(aWindow: mozIDOMWindow, rejectedReason: OutParam<u32>): boolean; hasFirstpartyStorageAccess(aWindow: mozIDOMWindow, rejectedReason: OutParam<u32>): boolean;
readonly localStorageQuotaKey: string; readonly localStorageQuotaKey: string;
readonly isOriginPotentiallyTrustworthy: boolean; readonly isOriginPotentiallyTrustworthy: boolean;