Bug 1329288: Allow content policy consumers to identify contentPolicy checks from docshell

author: janekptacijarabaci <janekptacijarabaci@seznam.cz> 2018-04-22 20:38:02 +0200
committer: janekptacijarabaci <janekptacijarabaci@seznam.cz> 2018-04-22 20:38:02 +0200
commit: 95c46082414632687e3ddd52435d476ab9dc320f (patch)
tree: cc745a6ddad92f5cfe56470068108c2d9c81fefa /toolkit
parent: a38e87d455f6ad3637deeae20d2ddc57430b498d (diff)
download: uxp-95c46082414632687e3ddd52435d476ab9dc320f.tar.gz
1 files changed, 10 insertions, 0 deletions
diff --git a/toolkit/modules/addons/WebRequestContent.js b/toolkit/modules/addons/WebRequestContent.js
index 219675e5b9..f044a1cd4e 100644
--- a/toolkit/modules/addons/WebRequestContent.js
+++ b/toolkit/modules/addons/WebRequestContent.js
@@ -80,6 +80,16 @@ var ContentPolicy = {
 
   shouldLoad(policyType, contentLocation, requestOrigin,
              node, mimeTypeGuess, extra, requestPrincipal) {
+
+    // Loads of TYPE_DOCUMENT and TYPE_SUBDOCUMENT perform a ConPol check
+    // within docshell as well as within the ContentSecurityManager. To avoid
+    // duplicate evaluations we ignore ConPol checks performed within docShell.
+    if (extra instanceof Ci.nsISupportsString) {
+      if (extra.data === "conPolCheckFromDocShell") {
+        return Ci.nsIContentPolicy.ACCEPT;
+      }
+    }
+
     if (requestPrincipal &&
         Services.scriptSecurityManager.isSystemPrincipal(requestPrincipal)) {
       return Ci.nsIContentPolicy.ACCEPT;
author	janekptacijarabaci <janekptacijarabaci@seznam.cz>	2018-04-22 20:38:02 +0200
committer	janekptacijarabaci <janekptacijarabaci@seznam.cz>	2018-04-22 20:38:02 +0200
commit	95c46082414632687e3ddd52435d476ab9dc320f (patch)
tree	cc745a6ddad92f5cfe56470068108c2d9c81fefa /toolkit
parent	a38e87d455f6ad3637deeae20d2ddc57430b498d (diff)
download	uxp-95c46082414632687e3ddd52435d476ab9dc320f.tar.gz