Selectively allow ftp subresources in the blocked mode.
parent
99cf682187
commit
ebf9351ec5
|
@ -95,9 +95,11 @@ nsContentSecurityManager::AllowTopLevelNavigationToDataURI(nsIChannel* aChannel)
|
||||||
/* static */ nsresult
|
/* static */ nsresult
|
||||||
nsContentSecurityManager::CheckFTPSubresourceLoad(nsIChannel* aChannel)
|
nsContentSecurityManager::CheckFTPSubresourceLoad(nsIChannel* aChannel)
|
||||||
{
|
{
|
||||||
// We dissallow using FTP resources as a subresource everywhere.
|
// We dissallow using FTP resources as a subresource almost everywhere.
|
||||||
// The only valid way to use FTP resources is loading it as
|
// The only valid way to use FTP resources is loading it as
|
||||||
// a top level document.
|
// a top level document.
|
||||||
|
|
||||||
|
// Override blocking if the pref is set to allow.
|
||||||
if (!mozilla::net::nsIOService::BlockFTPSubresources()) {
|
if (!mozilla::net::nsIOService::BlockFTPSubresources()) {
|
||||||
return NS_OK;
|
return NS_OK;
|
||||||
}
|
}
|
||||||
|
@ -108,6 +110,13 @@ nsContentSecurityManager::CheckFTPSubresourceLoad(nsIChannel* aChannel)
|
||||||
}
|
}
|
||||||
|
|
||||||
nsContentPolicyType type = loadInfo->GetExternalContentPolicyType();
|
nsContentPolicyType type = loadInfo->GetExternalContentPolicyType();
|
||||||
|
|
||||||
|
// Allow save-as download of FTP files on HTTP pages.
|
||||||
|
if (type == nsIContentPolicy::TYPE_SAVEAS_DOWNLOAD) {
|
||||||
|
return NS_OK;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Allow direct document requests
|
||||||
if (type == nsIContentPolicy::TYPE_DOCUMENT) {
|
if (type == nsIContentPolicy::TYPE_DOCUMENT) {
|
||||||
return NS_OK;
|
return NS_OK;
|
||||||
}
|
}
|
||||||
|
@ -119,11 +128,22 @@ nsContentSecurityManager::CheckFTPSubresourceLoad(nsIChannel* aChannel)
|
||||||
return NS_OK;
|
return NS_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Allow if it's not the FTP protocol
|
||||||
bool isFtpURI = (NS_SUCCEEDED(uri->SchemeIs("ftp", &isFtpURI)) && isFtpURI);
|
bool isFtpURI = (NS_SUCCEEDED(uri->SchemeIs("ftp", &isFtpURI)) && isFtpURI);
|
||||||
if (!isFtpURI) {
|
if (!isFtpURI) {
|
||||||
return NS_OK;
|
return NS_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Allow loading FTP subresources in top-level FTP documents.
|
||||||
|
nsIPrincipal* triggeringPrincipal = loadInfo->TriggeringPrincipal();
|
||||||
|
nsCOMPtr<nsIURI> tURI;
|
||||||
|
triggeringPrincipal->GetURI(getter_AddRefs(tURI));
|
||||||
|
bool isTrigFtpURI = (NS_SUCCEEDED(tURI->SchemeIs("ftp", &isTrigFtpURI)) && isTrigFtpURI);
|
||||||
|
if (isTrigFtpURI) {
|
||||||
|
return NS_OK;
|
||||||
|
}
|
||||||
|
|
||||||
|
// If we get here, the request is blocked and should be reported.
|
||||||
nsCOMPtr<nsIDocument> doc;
|
nsCOMPtr<nsIDocument> doc;
|
||||||
if (nsINode* node = loadInfo->LoadingNode()) {
|
if (nsINode* node = loadInfo->LoadingNode()) {
|
||||||
doc = node->OwnerDoc();
|
doc = node->OwnerDoc();
|
||||||
|
|
Loading…
Reference in New Issue