[tbb-commits] [tor-browser/tor-browser-45.1.0esr-6.0-1] fixup! Bug #15502. Isolate blob, mediasource & mediastream URLs to first party
gk at torproject.org
gk at torproject.org
Tue May 24 17:59:42 UTC 2016
commit 464f9221b09b70e05950a44ebb4f3c1f0bfde179
Author: Arthur Edelstein <arthuredelstein at gmail.com>
Date: Thu May 19 22:58:18 2016 -0700
fixup! Bug #15502. Isolate blob, mediasource & mediastream URLs to first party
---
dom/base/nsXMLHttpRequest.cpp | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/dom/base/nsXMLHttpRequest.cpp b/dom/base/nsXMLHttpRequest.cpp
index 2c68e65..9d1ead5 100644
--- a/dom/base/nsXMLHttpRequest.cpp
+++ b/dom/base/nsXMLHttpRequest.cpp
@@ -1697,8 +1697,13 @@ nsXMLHttpRequest::Open(const nsACString& inMethod, const nsACString& url,
// If we have the document, use it. Unfortunately, for dedicated workers
// 'doc' ends up being the parent document, which is not the document
- // that we want to use. So make sure to avoid using 'doc' in that situation.
- if (doc && doc->NodePrincipal() == mPrincipal) {
+ // that we want to use because it has the wrong Content Security Policy.
+ // So make sure to avoid using 'doc' in that situation.
+ // However, for blob urls, we don't care about CSP but we do need to
+ // pass on the parent document to get the correct first party.
+ bool isBlob = false;
+ if (doc && (doc->NodePrincipal() == mPrincipal ||
+ (NS_SUCCEEDED(uri->SchemeIs("blob", &isBlob)) && isBlob))) {
rv = NS_NewChannel(getter_AddRefs(mChannel),
uri,
doc,
More information about the tbb-commits
mailing list