[Pkg-mozext-commits] [requestpolicy] 28/50: [fix] internal resources leak
David Prévot
taffit at moszumanska.debian.org
Mon Jun 27 12:50:32 UTC 2016
This is an automated email from the git hooks/post-receive script.
taffit pushed a commit to branch master
in repository requestpolicy.
commit d1f6976b63daecab8514416654241849737c0e1e
Author: Martin Kimmerle <dev at 256k.de>
Date: Sun Jun 12 20:59:05 2016 +0200
[fix] internal resources leak
Fixes #783
---
src/content/lib/request.jsm | 44 +++++++++++++++++++++++++++++---------------
1 file changed, 29 insertions(+), 15 deletions(-)
diff --git a/src/content/lib/request.jsm b/src/content/lib/request.jsm
index a73a1bc..a12cfc0 100644
--- a/src/content/lib/request.jsm
+++ b/src/content/lib/request.jsm
@@ -135,6 +135,21 @@ NormalRequest.prototype.detailsToString = function() {
", " + this.aExtra;
};
+const INTERNAL_SCHEMES = new Set([
+ "resource",
+ "about",
+ "chrome",
+ "moz-icon",
+ "moz-filedata",
+]);
+
+const SEMI_INTERNAL_SCHEMES = new Set([
+ "data",
+ "blob",
+ "wyciwyg",
+ "javascript",
+]);
+
/**
* Determines if a request is only related to internal resources.
*
@@ -152,21 +167,6 @@ NormalRequest.prototype.isInternal = function() {
// entire page's content which includes a form that it submits. Maybe
// "moz-nullprincipal" always shows up when using "document.location"?
- // Not cross-site requests.
- if (this.aContentLocation.scheme === "resource" ||
- this.aContentLocation.scheme === "about" ||
- this.aContentLocation.scheme === "data" ||
- this.aContentLocation.scheme === "chrome" ||
- this.aContentLocation.scheme === "moz-icon" ||
- this.aContentLocation.scheme === "moz-filedata" ||
- this.aContentLocation.scheme === "blob" ||
- this.aContentLocation.scheme === "wyciwyg" ||
- this.aContentLocation.scheme === "javascript") {
- Logger.info(Logger.TYPE_CONTENT,
- "Allowing request with an internal destination.");
- return true;
- }
-
if (this.aRequestOrigin === undefined || this.aRequestOrigin === null) {
Logger.info(Logger.TYPE_CONTENT,
"Allowing request without an origin.");
@@ -182,6 +182,20 @@ NormalRequest.prototype.isInternal = function() {
return true;
}
+ // Fully internal requests.
+ if (INTERNAL_SCHEMES.has(this.aRequestOrigin.scheme) &&
+ INTERNAL_SCHEMES.has(this.aContentLocation.scheme)) {
+ Logger.info(Logger.TYPE_CONTENT, "Allowing internal request.");
+ return true;
+ }
+
+ // Semi-internal request.
+ if (SEMI_INTERNAL_SCHEMES.has(this.aContentLocation.scheme)) {
+ Logger.info(Logger.TYPE_CONTENT,
+ "Allowing request with a semi-internal destination.");
+ return true;
+ }
+
if (this.aRequestOrigin.asciiHost === undefined ||
this.aContentLocation.asciiHost === undefined) {
// The asciiHost values will exist but be empty strings for the "file"
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-mozext/requestpolicy.git
More information about the Pkg-mozext-commits
mailing list