71 lines
2.4 KiB
Diff
71 lines
2.4 KiB
Diff
From a522e727bff0fb69cb0d34c2d2ad89168d15158d Mon Sep 17 00:00:00 2001
|
|
From: Ehsan Akhgari <ehsan@mozilla.com>
|
|
Date: Sat, 12 Sep 2015 17:38:51 -0400
|
|
Subject: [PATCH] Bug 1204269 - Use the worker private in order to determine
|
|
the origin of the entry settings object for workers; r=smaug a=me
|
|
|
|
---
|
|
dom/base/WebSocket.cpp | 46 ++++++++++++++++++++++++++--------------------
|
|
1 file changed, 26 insertions(+), 20 deletions(-)
|
|
|
|
diff --git a/dom/base/WebSocket.cpp b/dom/base/WebSocket.cpp
|
|
index ea91232..26b94d0 100644
|
|
--- a/dom/base/WebSocket.cpp
|
|
+++ b/dom/base/WebSocket.cpp
|
|
@@ -1503,26 +1503,32 @@ WebSocketImpl::Init(JSContext* aCx,
|
|
!Preferences::GetBool("network.websocket.allowInsecureFromHTTPS",
|
|
false)) {
|
|
// Confirmed we are opening plain ws:// and want to prevent this from a
|
|
- // secure context (e.g. https). Check the principal's uri to determine if
|
|
- // we were loaded from https.
|
|
- nsCOMPtr<nsIGlobalObject> globalObject(GetEntryGlobal());
|
|
- if (globalObject) {
|
|
- nsCOMPtr<nsIPrincipal> principal(globalObject->PrincipalOrNull());
|
|
- if (principal) {
|
|
- nsCOMPtr<nsIURI> uri;
|
|
- principal->GetURI(getter_AddRefs(uri));
|
|
- if (uri) {
|
|
- bool originIsHttps = false;
|
|
- aRv = uri->SchemeIs("https", &originIsHttps);
|
|
- if (NS_WARN_IF(aRv.Failed())) {
|
|
- return;
|
|
- }
|
|
-
|
|
- if (originIsHttps) {
|
|
- aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
|
|
- return;
|
|
- }
|
|
- }
|
|
+ // secure context (e.g. https).
|
|
+ nsCOMPtr<nsIPrincipal> principal;
|
|
+ nsCOMPtr<nsIURI> originURI;
|
|
+ if (mWorkerPrivate) {
|
|
+ // For workers, retrieve the URI from the WorkerPrivate
|
|
+ principal = mWorkerPrivate->GetPrincipal();
|
|
+ } else {
|
|
+ // Check the principal's uri to determine if we were loaded from https.
|
|
+ nsCOMPtr<nsIGlobalObject> globalObject(GetEntryGlobal());
|
|
+ if (globalObject) {
|
|
+ principal = globalObject->PrincipalOrNull();
|
|
+ }
|
|
+ }
|
|
+
|
|
+ if (principal) {
|
|
+ principal->GetURI(getter_AddRefs(originURI));
|
|
+ }
|
|
+ if (originURI) {
|
|
+ bool originIsHttps = false;
|
|
+ aRv = originURI->SchemeIs("https", &originIsHttps);
|
|
+ if (NS_WARN_IF(aRv.Failed())) {
|
|
+ return;
|
|
+ }
|
|
+ if (originIsHttps) {
|
|
+ aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
|
|
+ return;
|
|
}
|
|
}
|
|
}
|
|
--
|
|
2.5.0
|
|
|