Feodor2
/
Mypal
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Check for triggering principal URI in FTP subresource check.

master
Fedor 2021-02-07 17:32:58 +02:00
parent 0b5dd854b9
commit 8098b926f8
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
dom/security/nsContentSecurityManager.cpp
View File

@ -149,8 +149,16 @@ nsContentSecurityManager::CheckFTPSubresourceLoad(nsIChannel* aChannel)
nsIPrincipal* triggeringPrincipal = loadInfo->TriggeringPrincipal();
nsCOMPtr<nsIURI> tURI;
triggeringPrincipal->GetURI(getter_AddRefs(tURI));
if (!tURI) {
// We don't have a triggering principal URI, meaning this isn't actually
// a subresource, but rather a top-level document, i.e. something we can
// display in-browser and might be saving as-is. Allow the load.
return NS_OK;
}
bool isTrigFtpURI = (NS_SUCCEEDED(tURI->SchemeIs("ftp", &isTrigFtpURI)) && isTrigFtpURI);
if (isTrigFtpURI) {
// The document loading this resource is also on FTP, satisfying the SOP.
// Allow the load.
return NS_OK;
}