blob: 1763341ff7be48f6d6a9fbe3cf681f7f764789b5 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
From a522e727bff0fb69cb0d34c2d2ad89168d15158d Mon Sep 17 00:00:00 2001
From: Ehsan Akhgari <ehsan@mozilla.com>
Date: Sat, 12 Sep 2015 17:38:51 -0400
Subject: [PATCH] Bug 1204269 - Use the worker private in order to determine
the origin of the entry settings object for workers; r=smaug a=me
---
dom/base/WebSocket.cpp | 46 ++++++++++++++++++++++++++--------------------
1 file changed, 26 insertions(+), 20 deletions(-)
diff --git a/dom/base/WebSocket.cpp b/dom/base/WebSocket.cpp
index ea91232..26b94d0 100644
--- a/dom/base/WebSocket.cpp
+++ b/dom/base/WebSocket.cpp
@@ -1503,26 +1503,32 @@ WebSocketImpl::Init(JSContext* aCx,
!Preferences::GetBool("network.websocket.allowInsecureFromHTTPS",
false)) {
// Confirmed we are opening plain ws:// and want to prevent this from a
- // secure context (e.g. https). Check the principal's uri to determine if
- // we were loaded from https.
- nsCOMPtr<nsIGlobalObject> globalObject(GetEntryGlobal());
- if (globalObject) {
- nsCOMPtr<nsIPrincipal> principal(globalObject->PrincipalOrNull());
- if (principal) {
- nsCOMPtr<nsIURI> uri;
- principal->GetURI(getter_AddRefs(uri));
- if (uri) {
- bool originIsHttps = false;
- aRv = uri->SchemeIs("https", &originIsHttps);
- if (NS_WARN_IF(aRv.Failed())) {
- return;
- }
-
- if (originIsHttps) {
- aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
- return;
- }
- }
+ // secure context (e.g. https).
+ nsCOMPtr<nsIPrincipal> principal;
+ nsCOMPtr<nsIURI> originURI;
+ if (mWorkerPrivate) {
+ // For workers, retrieve the URI from the WorkerPrivate
+ principal = mWorkerPrivate->GetPrincipal();
+ } else {
+ // Check the principal's uri to determine if we were loaded from https.
+ nsCOMPtr<nsIGlobalObject> globalObject(GetEntryGlobal());
+ if (globalObject) {
+ principal = globalObject->PrincipalOrNull();
+ }
+ }
+
+ if (principal) {
+ principal->GetURI(getter_AddRefs(originURI));
+ }
+ if (originURI) {
+ bool originIsHttps = false;
+ aRv = originURI->SchemeIs("https", &originIsHttps);
+ if (NS_WARN_IF(aRv.Failed())) {
+ return;
+ }
+ if (originIsHttps) {
+ aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
+ return;
}
}
}
--
2.5.0
|