[tbb-commits] [tor-browser/tor-browser-60.3.0esr-8.5-1] Bug 26540: Enabling pdfjs disableRange option prevents pdfs from loading
gk at torproject.org
gk at torproject.org
Mon Nov 12 12:53:18 UTC 2018
commit e00084a6a67ba6ab0c504421ed13a49765dc83d2
Author: Richard Pospesel <richard at torproject.org>
Date: Tue Nov 6 15:47:31 2018 -0800
Bug 26540: Enabling pdfjs disableRange option prevents pdfs from loading
Large pdf files download in parts via range-based requests so that users
can begin reading before the entire file has finished downloading. This
is implemented using XMLHttpRequests. However, since these requests are
created in the chrome, they are given the System Principal and lack the
correct firstPartyDomain associated with the parent window.
This patch manually sets the XMLHttpRequest's originAttributes to the
one provided by the real owning window cached in the RangedChromeActions
object. This is done via the chrome-only setOriginAttributes method.
The method is called in the xhr_onreadystatechanged() callback rather
than directly after construction in getXhr() because the
setOriginAttributes implementation requires the internal nsIChannel
object to have been created but not used. Fortunately, the
XMLHttpRequest object fires the readStateChangedEvent precisely after
the channel has been created in the XmlHttpRequest's Open() method.
The nsIChannel's nsILoadInfo's OriginAttributes are now overwritten
with the known OriginAttributes of the parent window before anything
else has had a chance to use it.
---
browser/extensions/pdfjs/content/PdfStreamConverter.jsm | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/browser/extensions/pdfjs/content/PdfStreamConverter.jsm b/browser/extensions/pdfjs/content/PdfStreamConverter.jsm
index a2ebec9450d4..a9978f7e7863 100644
--- a/browser/extensions/pdfjs/content/PdfStreamConverter.jsm
+++ b/browser/extensions/pdfjs/content/PdfStreamConverter.jsm
@@ -233,6 +233,15 @@ class ChromeActions {
return PrivateBrowsingUtils.isContentWindowPrivate(this.domWindow);
}
+ getWindowOriginAttributes()
+ {
+ try {
+ return this.domWindow.document.nodePrincipal.originAttributes;
+ } catch(err) {
+ return {};
+ }
+ }
+
download(data, sendResponse) {
var self = this;
var originalUrl = data.originalUrl;
@@ -591,6 +600,9 @@ class RangedChromeActions extends ChromeActions {
var self = this;
var xhr_onreadystatechange = function xhr_onreadystatechange() {
if (this.readyState === 1) { // LOADING
+ // override this XMLHttpRequest's OriginAttributes with our cached parent window's
+ // OriginAttributes, as we are currently running under the SystemPrincipal
+ this.setOriginAttributes(self.getWindowOriginAttributes());
var netChannel = this.channel;
if ("nsIPrivateBrowsingChannel" in Ci &&
netChannel instanceof Ci.nsIPrivateBrowsingChannel) {
More information about the tbb-commits
mailing list