[Pkg-mozext-commits] [requestpolicy] 28/50: [fix] internal resources leak

[David Prévot]

This is an automated email from the git hooks/post-receive script.

taffit pushed a commit to branch master
in repository requestpolicy.

commit d1f6976b63daecab8514416654241849737c0e1e
Author: Martin Kimmerle <dev at 256k.de>
Date:   Sun Jun 12 20:59:05 2016 +0200

    [fix] internal resources leak
    
    Fixes #783
---
 src/content/lib/request.jsm | 44 +++++++++++++++++++++++++++++---------------
 1 file changed, 29 insertions(+), 15 deletions(-)

diff --git a/src/content/lib/request.jsm b/src/content/lib/request.jsm
index a73a1bc..a12cfc0 100644
--- a/src/content/lib/request.jsm
+++ b/src/content/lib/request.jsm
@@ -135,6 +135,21 @@ NormalRequest.prototype.detailsToString = function() {
       ", " + this.aExtra;
 };
 
+const INTERNAL_SCHEMES = new Set([
+  "resource",
+  "about",
+  "chrome",
+  "moz-icon",
+  "moz-filedata",
+]);
+
+const SEMI_INTERNAL_SCHEMES = new Set([
+  "data",
+  "blob",
+  "wyciwyg",
+  "javascript",
+]);
+
 /**
   * Determines if a request is only related to internal resources.
   *
@@ -152,21 +167,6 @@ NormalRequest.prototype.isInternal = function() {
   // entire page's content which includes a form that it submits. Maybe
   // "moz-nullprincipal" always shows up when using "document.location"?
 
-  // Not cross-site requests.
-  if (this.aContentLocation.scheme === "resource" ||
-      this.aContentLocation.scheme === "about" ||
-      this.aContentLocation.scheme === "data" ||
-      this.aContentLocation.scheme === "chrome" ||
-      this.aContentLocation.scheme === "moz-icon" ||
-      this.aContentLocation.scheme === "moz-filedata" ||
-      this.aContentLocation.scheme === "blob" ||
-      this.aContentLocation.scheme === "wyciwyg" ||
-      this.aContentLocation.scheme === "javascript") {
-    Logger.info(Logger.TYPE_CONTENT,
-                "Allowing request with an internal destination.");
-    return true;
-  }
-
   if (this.aRequestOrigin === undefined || this.aRequestOrigin === null) {
     Logger.info(Logger.TYPE_CONTENT,
                 "Allowing request without an origin.");
@@ -182,6 +182,20 @@ NormalRequest.prototype.isInternal = function() {
     return true;
   }
 
+  // Fully internal requests.
+  if (INTERNAL_SCHEMES.has(this.aRequestOrigin.scheme) &&
+      INTERNAL_SCHEMES.has(this.aContentLocation.scheme)) {
+    Logger.info(Logger.TYPE_CONTENT, "Allowing internal request.");
+    return true;
+  }
+
+  // Semi-internal request.
+  if (SEMI_INTERNAL_SCHEMES.has(this.aContentLocation.scheme)) {
+    Logger.info(Logger.TYPE_CONTENT,
+                "Allowing request with a semi-internal destination.");
+    return true;
+  }
+
   if (this.aRequestOrigin.asciiHost === undefined ||
       this.aContentLocation.asciiHost === undefined) {
     // The asciiHost values will exist but be empty strings for the "file"

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-mozext/requestpolicy.git