Bug 1783504 - Add scheme logging to investigate a crash, r=smaug,neck…

…o-reviewers Differential Revision: https://phabricator.services.mozilla.com/D159340
dothq · Jul 18, 2023 · edba63e · edba63e
1 parent 683c902
commit edba63e
Show file tree

Hide file tree

Showing 2 changed files with 56 additions and 6 deletions.
diff --git a/dom/ipc/WindowGlobalParent.cpp b/dom/ipc/WindowGlobalParent.cpp
@@ -66,6 +66,8 @@
 #include "SessionStoreFunctions.h"
 #include "nsIXPConnect.h"
 #include "nsImportModule.h"
+#include "nsIOService.h"
+#include "nsScriptSecurityManager.h"
 
 #include "mozilla/dom/PBackgroundSessionStorageCache.h"
 
@@ -82,7 +84,6 @@ WindowGlobalParent::WindowGlobalParent(
     uint64_t aOuterWindowId, FieldValues&& aInit)
     : WindowContext(aBrowsingContext, aInnerWindowId, aOuterWindowId,
                     std::move(aInit)),
-      mIsInitialDocument(false),
       mSandboxFlags(0),
       mDocumentHasLoaded(false),
       mDocumentHasUserInteracted(false),
@@ -109,7 +110,7 @@ already_AddRefed<WindowGlobalParent> WindowGlobalParent::CreateDisconnected(
                              aInit.context().mOuterWindowId, std::move(fields));
   wgp->mDocumentPrincipal = aInit.principal();
   wgp->mDocumentURI = aInit.documentURI();
-  wgp->mIsInitialDocument = aInit.isInitialDocument();
+  wgp->mIsInitialDocument = Some(aInit.isInitialDocument());
   wgp->mBlockAllMixedContent = aInit.blockAllMixedContent();
   wgp->mUpgradeInsecureRequests = aInit.upgradeInsecureRequests();
   wgp->mSandboxFlags = aInit.sandboxFlags();
@@ -372,7 +373,49 @@ mozilla::ipc::IPCResult WindowGlobalParent::RecvInternalLoad(
 
 IPCResult WindowGlobalParent::RecvUpdateDocumentURI(nsIURI* aURI) {
   // XXX(nika): Assert that the URI change was one which makes sense (either
-  // about:blank -> a real URI, or a legal push/popstate URI change?)
+  // about:blank -> a real URI, or a legal push/popstate URI change):
+  nsAutoCString scheme;
+  if (NS_FAILED(aURI->GetScheme(scheme))) {
+    return IPC_FAIL(this, "Setting DocumentURI without scheme.");
+  }
+
+  nsIIOService* ios = nsContentUtils::GetIOService();
+  if (!ios) {
+    return IPC_FAIL(this, "Cannot get IOService");
+  }
+  nsCOMPtr<nsIProtocolHandler> handler;
+  ios->GetProtocolHandler(scheme.get(), getter_AddRefs(handler));
+  if (!handler) {
+    return IPC_FAIL(this, "Setting DocumentURI with unknown protocol.");
+  }
+
+  auto isLoadableViaInternet = [](nsIURI* uri) {
+    return (uri && (net::SchemeIsHTTP(uri) || net::SchemeIsHTTPS(uri)));
+  };
+
+  if (isLoadableViaInternet(aURI)) {
+    nsCOMPtr<nsIURI> principalURI = mDocumentPrincipal->GetURI();
+    if (mDocumentPrincipal->GetIsNullPrincipal()) {
+      nsCOMPtr<nsIPrincipal> precursor =
+          mDocumentPrincipal->GetPrecursorPrincipal();
+      if (precursor) {
+        principalURI = precursor->GetURI();
+      }
+    }
+
+    if (isLoadableViaInternet(principalURI) &&
+        !nsScriptSecurityManager::SecurityCompareURIs(principalURI, aURI)) {
+      nsAutoCString oldScheme, newScheme;
+      principalURI->GetScheme(oldScheme);
+      aURI->GetScheme(newScheme);
+      return IPC_FAIL_UNSAFE_PRINTF(
+          this,
+          "Setting DocumentURI with a different scheme than "
+          "principal URI. %s -> %s",
+          oldScheme.get(), newScheme.get());
+    }
+  }
+
   mDocumentURI = aURI;
   return IPC_OK();
 }

diff --git a/dom/ipc/WindowGlobalParent.h b/dom/ipc/WindowGlobalParent.h
@@ -151,7 +151,9 @@ class WindowGlobalParent final : public WindowContext,
 
   void GetContentBlockingLog(nsAString& aLog);
 
-  bool IsInitialDocument() { return mIsInitialDocument; }
+  bool IsInitialDocument() {
+    return mIsInitialDocument.isSome() && mIsInitialDocument.value();
+  }
 
   already_AddRefed<mozilla::dom::Promise> PermitUnload(
       PermitUnloadAction aAction, uint32_t aTimeout, mozilla::ErrorResult& aRv);
@@ -252,7 +254,12 @@ class WindowGlobalParent final : public WindowContext,
   mozilla::ipc::IPCResult RecvUpdateDocumentTitle(const nsString& aTitle);
   mozilla::ipc::IPCResult RecvUpdateHttpsOnlyStatus(uint32_t aHttpsOnlyStatus);
   mozilla::ipc::IPCResult RecvSetIsInitialDocument(bool aIsInitialDocument) {
-    mIsInitialDocument = aIsInitialDocument;
+    if (aIsInitialDocument && mIsInitialDocument.isSome() &&
+        (mIsInitialDocument.value() != aIsInitialDocument)) {
+      return IPC_FAIL_NO_REASON(this);
+    }
+
+    mIsInitialDocument = Some(aIsInitialDocument);
     return IPC_OK();
   }
   mozilla::ipc::IPCResult RecvUpdateDocumentSecurityInfo(
@@ -337,7 +344,7 @@ class WindowGlobalParent final : public WindowContext,
   nsCOMPtr<nsIURI> mDocumentURI;
   Maybe<nsString> mDocumentTitle;
 
-  bool mIsInitialDocument;
+  Maybe<bool> mIsInitialDocument;
 
   // True if this window has a "beforeunload" event listener.
   bool mHasBeforeUnload;