Check for triggering principal URI in FTP subresource check.
parent
0b5dd854b9
commit
8098b926f8
|
@ -149,8 +149,16 @@ nsContentSecurityManager::CheckFTPSubresourceLoad(nsIChannel* aChannel)
|
||||||
nsIPrincipal* triggeringPrincipal = loadInfo->TriggeringPrincipal();
|
nsIPrincipal* triggeringPrincipal = loadInfo->TriggeringPrincipal();
|
||||||
nsCOMPtr<nsIURI> tURI;
|
nsCOMPtr<nsIURI> tURI;
|
||||||
triggeringPrincipal->GetURI(getter_AddRefs(tURI));
|
triggeringPrincipal->GetURI(getter_AddRefs(tURI));
|
||||||
|
if (!tURI) {
|
||||||
|
// We don't have a triggering principal URI, meaning this isn't actually
|
||||||
|
// a subresource, but rather a top-level document, i.e. something we can
|
||||||
|
// display in-browser and might be saving as-is. Allow the load.
|
||||||
|
return NS_OK;
|
||||||
|
}
|
||||||
bool isTrigFtpURI = (NS_SUCCEEDED(tURI->SchemeIs("ftp", &isTrigFtpURI)) && isTrigFtpURI);
|
bool isTrigFtpURI = (NS_SUCCEEDED(tURI->SchemeIs("ftp", &isTrigFtpURI)) && isTrigFtpURI);
|
||||||
if (isTrigFtpURI) {
|
if (isTrigFtpURI) {
|
||||||
|
// The document loading this resource is also on FTP, satisfying the SOP.
|
||||||
|
// Allow the load.
|
||||||
return NS_OK;
|
return NS_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue