From 99c69fd49ba76f0390a978c847f619aeca1efc08 Mon Sep 17 00:00:00 2001 From: aiunusov Date: Wed, 13 Dec 2023 15:14:36 +0000 Subject: [PATCH] Bug 1868387 - Part 2: add MOZ_DIAGNOSTIC_ASSERT in content process, r=smaug Differential Revision: https://phabricator.services.mozilla.com/D196290 --- dom/ipc/WindowGlobalChild.cpp | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/dom/ipc/WindowGlobalChild.cpp b/dom/ipc/WindowGlobalChild.cpp index 3bd7e6471cb37..62dffe7549a39 100644 --- a/dom/ipc/WindowGlobalChild.cpp +++ b/dom/ipc/WindowGlobalChild.cpp @@ -35,6 +35,7 @@ #include "nsQueryObject.h" #include "nsSerializationHelper.h" #include "nsFrameLoader.h" +#include "nsIScriptSecurityManager.h" #include "mozilla/dom/JSWindowActorBinding.h" #include "mozilla/dom/JSWindowActorChild.h" @@ -585,6 +586,34 @@ void WindowGlobalChild::SetDocumentURI(nsIURI* aDocumentURI) { BrowsingContext()->BrowserId(), InnerWindowId(), nsContentUtils::TruncatedURLForDisplay(aDocumentURI, 1024), embedderInnerWindowID, BrowsingContext()->UsePrivateBrowsing()); + + if (StaticPrefs::dom_security_setdocumenturi()) { + auto isLoadableViaInternet = [](nsIURI* uri) { + return (uri && (net::SchemeIsHTTP(uri) || net::SchemeIsHTTPS(uri))); + }; + if (isLoadableViaInternet(aDocumentURI)) { + nsCOMPtr principalURI = mDocumentPrincipal->GetURI(); + if (mDocumentPrincipal->GetIsNullPrincipal()) { + nsCOMPtr precursor = + mDocumentPrincipal->GetPrecursorPrincipal(); + if (precursor) { + principalURI = precursor->GetURI(); + } + } + + if (isLoadableViaInternet(principalURI)) { + nsIScriptSecurityManager* ssm = nsContentUtils::GetSecurityManager(); + + if (!NS_SUCCEEDED(ssm->CheckSameOriginURI(principalURI, aDocumentURI, + false, false))) { + MOZ_DIAGNOSTIC_ASSERT(false, + "Setting DocumentURI with a different origin " + "than principal URI"); + } + } + } + } + mDocumentURI = aDocumentURI; SendUpdateDocumentURI(aDocumentURI); }