[Pkg-mozext-commits] [requestpolicy] 03/08: If the referrer is moz-nullprincipal in Fx >= 16, assume there really isn't a referrer and allow the request (fix for #318).
David Prévot
taffit at moszumanska.debian.org
Fri Sep 19 17:44:28 UTC 2014
This is an automated email from the git hooks/post-receive script.
taffit pushed a commit to annotated tag release-0.5.27
in repository requestpolicy.
commit 4d17d3e1bd7f99d87c291aa847b1a827096a165c
Author: Justin Samuel <js at justinsamuel.com>
Date: Mon Jul 9 15:33:43 2012 -0700
If the referrer is moz-nullprincipal in Fx >= 16, assume there really isn't a referrer and allow the request (fix for #318).
---
src/components/requestpolicyService.js | 21 ++++++++++++++++++++-
1 file changed, 20 insertions(+), 1 deletion(-)
diff --git a/src/components/requestpolicyService.js b/src/components/requestpolicyService.js
index d7b1b9f..b8abca3 100644
--- a/src/components/requestpolicyService.js
+++ b/src/components/requestpolicyService.js
@@ -2003,7 +2003,7 @@ RequestPolicyService.prototype = {
// https://developer.mozilla.org/en/nsIContentPolicy
shouldLoad : function(aContentType, aContentLocation, aRequestOrigin,
- aContext, aMimeTypeGuess, aExtra) {
+ aContext, aMimeTypeGuess, aExtra, aRequestPrincipal) {
try {
if (this._isInternalRequest(aContentLocation, aRequestOrigin)) {
@@ -2019,6 +2019,25 @@ RequestPolicyService.prototype = {
var dest = requestpolicy.mod.DomainUtil
.stripFragment(aContentLocation.spec);
+ // Fx 16 changed the following: 1) we should be able to count on the
+ // referrer (aRequestOrigin) being set to something besides
+ // moz-nullprincipal when there is a referrer, and 2) the new argument
+ // aRequestPrincipal is provided. This means our hackery to set the
+ // referrer based on aContext when aRequestOrigin is moz-nullprincipal
+ // is now causing requests that don't have a referrer (namely, URLs
+ // entered in the address bar) to be blocked and trigger a top-level
+ // document redirect notification.
+ if (aRequestOrigin.scheme == "moz-nullprincipal" && aRequestPrincipal) {
+ requestpolicy.mod.Logger.warning(
+ requestpolicy.mod.Logger.TYPE_CONTENT,
+ "Allowing request that appears to be a URL entered in the "
+ + "location bar or some other good explanation: " + dest);
+ return CP_OK;
+ }
+
+ // Note: Assuming the Fx 16 moz-nullprincipal+aRequestPrincipal check
+ // above is correct, this should be able to be removed when Fx < 16 is
+ // no longer supported.
if (aRequestOrigin.scheme == "moz-nullprincipal" && aContext) {
var newOrigin = requestpolicy.mod.DomainUtil
.stripFragment(aContext.contentDocument.documentURI);
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-mozext/requestpolicy.git
More information about the Pkg-mozext-commits
mailing list