From a06ce3f03b260d59199dba7e01ea8afb3de1ef59 Mon Sep 17 00:00:00 2001 From: janekptacijarabaci Date: Fri, 25 Aug 2017 09:25:03 +0200 Subject: CSP: Upgrade SO navigational requests per spec. --- docshell/base/nsDocShell.cpp | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) (limited to 'docshell') diff --git a/docshell/base/nsDocShell.cpp b/docshell/base/nsDocShell.cpp index ab119a016a..2e08e67207 100644 --- a/docshell/base/nsDocShell.cpp +++ b/docshell/base/nsDocShell.cpp @@ -11025,6 +11025,29 @@ nsDocShell::DoURILoad(nsIURI* aURI, } } + // Navigational requests that are same origin need to be upgraded in case + // upgrade-insecure-requests is present. Please note that in that case + // the triggeringPrincipal is holding the CSP that potentially + // holds upgrade-insecure-requests. + nsCOMPtr csp; + aTriggeringPrincipal->GetCsp(getter_AddRefs(csp)); + if (csp) { + bool upgradeInsecureRequests = false; + csp->GetUpgradeInsecureRequests(&upgradeInsecureRequests); + if (upgradeInsecureRequests) { + // only upgrade if the navigation is same origin + nsCOMPtr resultPrincipal; + rv = nsContentUtils::GetSecurityManager()-> + GetChannelResultPrincipal(channel, + getter_AddRefs(resultPrincipal)); + NS_ENSURE_SUCCESS(rv, rv); + if (resultPrincipal->Equals(aTriggeringPrincipal)) { + static_cast(loadInfo.get())->SetUpgradeInsecureRequests(); + } + } + } + + nsCOMPtr appCacheChannel = do_QueryInterface(channel); if (appCacheChannel) { -- cgit v1.2.3