Bug 1553105 - Make URL.origin return "null" if protocol doesn't have …

…the URI_HAS_WEB_EXPOSED_ORIGIN flag r=nika,necko-reviewers,kershaw CLOSED TREE Differential Revision: https://phabricator.services.mozilla.com/D188720
dothq · Sep 27, 2023 · 6e44a3e · 6e44a3e
1 parent f9a78f4
commit 6e44a3e
Show file tree

Hide file tree

Showing 9 changed files with 36 additions and 15 deletions.
diff --git a/dom/base/nsContentUtils.cpp b/dom/base/nsContentUtils.cpp
@@ -6506,12 +6506,13 @@ SameOriginCheckerImpl::GetInterface(const nsIID& aIID, void** aResult) {
 /* static */
 nsresult nsContentUtils::GetWebExposedOriginSerialization(nsIURI* aURI,
                                                           nsACString& aOrigin) {
+  nsresult rv;
   MOZ_ASSERT(aURI, "missing uri");
 
   // For Blob URI, the path is the URL of the owning page.
   if (aURI->SchemeIs(BLOBURI_SCHEME)) {
     nsAutoCString path;
-    nsresult rv = aURI->GetPathQueryRef(path);
+    rv = aURI->GetPathQueryRef(path);
     NS_ENSURE_SUCCESS(rv, rv);
 
     nsCOMPtr<nsIURI> uri;
@@ -6524,13 +6525,30 @@ nsresult nsContentUtils::GetWebExposedOriginSerialization(nsIURI* aURI,
     return GetWebExposedOriginSerialization(uri, aOrigin);
   }
 
+  nsAutoCString scheme;
+  aURI->GetScheme(scheme);
+
+  // If the protocol doesn't have URI_HAS_WEB_EXPOSED_ORIGIN, then
+  // return "null" as the origin serialization.
+  // We make an exception for "ftp" since we don't have a protocol handler
+  // for this scheme
+  uint32_t flags = 0;
+  nsCOMPtr<nsIIOService> io = mozilla::components::IO::Service(&rv);
+  if (!scheme.Equals("ftp") && NS_SUCCEEDED(rv) &&
+      NS_SUCCEEDED(io->GetProtocolFlags(scheme.get(), &flags))) {
+    if (!(flags & nsIProtocolHandler::URI_HAS_WEB_EXPOSED_ORIGIN)) {
+      aOrigin.AssignLiteral("null");
+      return NS_OK;
+    }
+  }
+
   aOrigin.Truncate();
 
   nsCOMPtr<nsIURI> uri = NS_GetInnermostURI(aURI);
   NS_ENSURE_TRUE(uri, NS_ERROR_UNEXPECTED);
 
   nsAutoCString host;
-  nsresult rv = uri->GetAsciiHost(host);
+  rv = uri->GetAsciiHost(host);
 
   if (NS_SUCCEEDED(rv) && !host.IsEmpty()) {
     nsAutoCString userPass;

diff --git a/dom/quota/components.conf b/dom/quota/components.conf
@@ -17,6 +17,7 @@ Classes = [
                 'URI_DANGEROUS_TO_LOAD',
                 'URI_DOES_NOT_RETURN_DATA',
                 'URI_NON_PERSISTABLE',
+                'URI_HAS_WEB_EXPOSED_ORIGIN',
             ],
         },
     },

diff --git a/modules/libjar/components.conf b/modules/libjar/components.conf
@@ -26,6 +26,7 @@ Classes = [
                 # URI_LOADABLE_BY_ANYONE, since it's our inner URI that will
                 # matter anyway.
                 'URI_LOADABLE_BY_ANYONE',
+                'URI_HAS_WEB_EXPOSED_ORIGIN',
             ],
         },
     },

diff --git a/netwerk/base/nsIProtocolHandler.idl b/netwerk/base/nsIProtocolHandler.idl
@@ -296,6 +296,12 @@ interface nsIProtocolHandler : nsISupports
      */
     const unsigned long WEBEXT_URI_WEB_ACCESSIBLE = (1 << 24);
 
+    /**
+     * This URI has a webexposed origin, meaning the URI has a non-null origin
+     * See https://url.spec.whatwg.org/#origin
+     */
+    const unsigned long URI_HAS_WEB_EXPOSED_ORIGIN = (1 << 25);
+
     /**
      * Flags which are allowed to be different from the static flags when
      * returned from `nsIProtocolHandlerWithDynamicFlags::getFlagsForURI`.
@@ -307,5 +313,5 @@ interface nsIProtocolHandler : nsISupports
         URI_LOADABLE_BY_ANYONE | URI_DANGEROUS_TO_LOAD |
         URI_IS_POTENTIALLY_TRUSTWORTHY | URI_FETCHABLE_BY_ANYONE |
         URI_LOADABLE_BY_EXTENSIONS | URI_DISALLOW_IN_PRIVATE_CONTEXT |
-        WEBEXT_URI_WEB_ACCESSIBLE;
+        WEBEXT_URI_WEB_ACCESSIBLE | URI_HAS_WEB_EXPOSED_ORIGIN;
 };
diff --git a/netwerk/build/components.conf b/netwerk/build/components.conf
@@ -353,6 +353,7 @@ Classes = [
                 'ALLOWS_PROXY',
                 'ALLOWS_PROXY_HTTP',
                 'URI_LOADABLE_BY_ANYONE',
+                'URI_HAS_WEB_EXPOSED_ORIGIN',
             ],
             'default_port': 80,
         },
@@ -371,6 +372,7 @@ Classes = [
                 'ALLOWS_PROXY_HTTP',
                 'URI_LOADABLE_BY_ANYONE',
                 'URI_IS_POTENTIALLY_TRUSTWORTHY',
+                'URI_HAS_WEB_EXPOSED_ORIGIN',
             ],
             'default_port': 443,
         },
@@ -388,6 +390,7 @@ Classes = [
                 'URI_STD',
                 'URI_IS_LOCAL_RESOURCE',
                 'URI_IS_POTENTIALLY_TRUSTWORTHY',
+                'URI_HAS_WEB_EXPOSED_ORIGIN',
             ],
             'has_dynamic_flags': True,
         },
@@ -440,6 +443,7 @@ Classes = [
                 'URI_IS_UI_RESOURCE',
                 'URI_IS_LOCAL_RESOURCE',
                 'URI_IS_POTENTIALLY_TRUSTWORTHY',
+                'URI_HAS_WEB_EXPOSED_ORIGIN',
             ],
         },
     },
@@ -474,6 +478,7 @@ Classes = [
                 'ALLOWS_PROXY_HTTP',
                 'URI_DOES_NOT_RETURN_DATA',
                 'URI_DANGEROUS_TO_LOAD',
+                'URI_HAS_WEB_EXPOSED_ORIGIN',
             ],
             'default_port': 80,
         },
@@ -493,6 +498,7 @@ Classes = [
                 'URI_DOES_NOT_RETURN_DATA',
                 'URI_DANGEROUS_TO_LOAD',
                 'URI_IS_POTENTIALLY_TRUSTWORTHY',
+                'URI_HAS_WEB_EXPOSED_ORIGIN',
             ],
             'default_port': 443,
         },

diff --git a/testing/web-platform/meta/url/a-element-origin-xhtml.xhtml.ini b/testing/web-platform/meta/url/a-element-origin-xhtml.xhtml.ini
@@ -1,7 +1,4 @@
 [a-element-origin-xhtml.xhtml]
-  [Parsing origin: <ssh://example.com/foo/bar.git> against <http://example.org/>]
-    expected: FAIL
-
   [Parsing origin: <wss://!"$&'()*+,-.;=_`{}~/> against <about:blank>]
     expected: FAIL
 

diff --git a/testing/web-platform/meta/url/a-element-origin.html.ini b/testing/web-platform/meta/url/a-element-origin.html.ini
@@ -1,7 +1,4 @@
 [a-element-origin.html]
-  [Parsing origin: <ssh://example.com/foo/bar.git> against <http://example.org/>]
-    expected: FAIL
-
   [Parsing origin: <wss://!"$&'()*+,-.;=_`{}~/> against <about:blank>]
     expected: FAIL
 

diff --git a/testing/web-platform/meta/url/url-origin.any.js.ini b/testing/web-platform/meta/url/url-origin.any.js.ini
@@ -1,7 +1,4 @@
 [url-origin.any.html]
-  [Origin parsing: <ssh://example.com/foo/bar.git> against <http://example.org/>]
-    expected: FAIL
-
   [Origin parsing: <http://999999999.> against <http://other.com/>]
     expected: FAIL
 
@@ -25,9 +22,6 @@
 
 
 [url-origin.any.worker.html]
-  [Origin parsing: <ssh://example.com/foo/bar.git> against <http://example.org/>]
-    expected: FAIL
-
   [Origin parsing: <http://999999999.> against <http://other.com/>]
     expected: FAIL
 

diff --git a/xpcom/build/components.conf b/xpcom/build/components.conf
@@ -28,6 +28,7 @@ Classes = [
                 'URI_STD',
                 'URI_IS_UI_RESOURCE',
                 'URI_IS_LOCAL_RESOURCE',
+                'URI_HAS_WEB_EXPOSED_ORIGIN',
             ],
         },
     },