From 4a7f5bc0b06c6b4c5d3fa505b895bbfc66db12c6 Mon Sep 17 00:00:00 2001 From: Pale Moon Date: Sat, 30 Jun 2018 18:55:37 +0200 Subject: Check redirect status code before forwarding to NPAPI. NPAPI may handle a 307 redirect across different origins, while they should only happen on same origin requests. Have the browser check this _before_ forwarding to NPAPI. --- dom/plugins/base/nsPluginStreamListenerPeer.cpp | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/dom/plugins/base/nsPluginStreamListenerPeer.cpp b/dom/plugins/base/nsPluginStreamListenerPeer.cpp index 0ef5d4ddd..b37b3f280 100644 --- a/dom/plugins/base/nsPluginStreamListenerPeer.cpp +++ b/dom/plugins/base/nsPluginStreamListenerPeer.cpp @@ -1320,15 +1320,6 @@ nsPluginStreamListenerPeer::AsyncOnChannelRedirect(nsIChannel *oldChannel, nsICh return NS_ERROR_FAILURE; } - nsCOMPtr proxyCallback = - new ChannelRedirectProxyCallback(this, callback, oldChannel, newChannel); - - // Give NPAPI a chance to control redirects. - bool notificationHandled = mPStreamListener->HandleRedirectNotification(oldChannel, newChannel, proxyCallback); - if (notificationHandled) { - return NS_OK; - } - // Don't allow cross-origin 307 POST redirects. nsCOMPtr oldHttpChannel(do_QueryInterface(oldChannel)); if (oldHttpChannel) { @@ -1352,6 +1343,15 @@ nsPluginStreamListenerPeer::AsyncOnChannelRedirect(nsIChannel *oldChannel, nsICh } } + nsCOMPtr proxyCallback = + new ChannelRedirectProxyCallback(this, callback, oldChannel, newChannel); + + // Give NPAPI a chance to control redirects. + bool notificationHandled = mPStreamListener->HandleRedirectNotification(oldChannel, newChannel, proxyCallback); + if (notificationHandled) { + return NS_OK; + } + // Fall back to channel event sink for window. nsCOMPtr channelEventSink; nsresult rv = GetInterfaceGlobal(NS_GET_IID(nsIChannelEventSink), getter_AddRefs(channelEventSink)); -- cgit v1.2.3