[tbb-commits] [torbutton/master] Bug 22457: Allow resources loaded by view-source://
gk at torproject.org
gk at torproject.org
Fri Jun 2 08:40:43 UTC 2017
commit 137c0527b1d152c5999db53894badc54ab9e34c9
Author: Georg Koppen <gk at torproject.org>
Date: Thu Jun 1 09:26:11 2017 +0000
Bug 22457: Allow resources loaded by view-source://
Instead of whitelisting single resources for view-source requests that
might allow platform detection we allow all of those that are needed by
requests with a view-source origin. This should be safe now that
https://bugzilla.mozilla.org/show_bug.cgi?id=1172165 landed.
---
src/components/content-policy.js | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/components/content-policy.js b/src/components/content-policy.js
index a63919c..b2fdff7 100644
--- a/src/components/content-policy.js
+++ b/src/components/content-policy.js
@@ -83,8 +83,12 @@ ContentPolicy.prototype = {
return Ci.nsIContentPolicy.ACCEPT;
}
- // Accept if no origin URI or if origin scheme is chrome/resource/about.
- if (!aRequestOrigin || aRequestOrigin.schemeIs('resource') || aRequestOrigin.schemeIs('chrome') || aRequestOrigin.schemeIs('about'))
+ // Accept if no origin URI or if origin scheme is
+ // chrome/resource/about/view-source.
+ if (!aRequestOrigin || aRequestOrigin.schemeIs('resource') ||
+ aRequestOrigin.schemeIs('chrome') ||
+ aRequestOrigin.schemeIs('about') ||
+ aRequestOrigin.schemeIs('view-source'))
return Ci.nsIContentPolicy.ACCEPT;
// Accept if resource directly loaded into a tab.
More information about the tbb-commits
mailing list