Issue #1710 - Check for triggering principal URI in FTP subresource check.

Resolves #1710
pull/24/head
Moonchild 2 years ago committed by roytam1
parent 24391cb707
commit 3caca43d30
  1. 8
      dom/security/nsContentSecurityManager.cpp

@ -149,8 +149,16 @@ nsContentSecurityManager::CheckFTPSubresourceLoad(nsIChannel* aChannel)
nsIPrincipal* triggeringPrincipal = loadInfo->TriggeringPrincipal();
nsCOMPtr<nsIURI> tURI;
triggeringPrincipal->GetURI(getter_AddRefs(tURI));
if (!tURI) {
// We don't have a triggering principal URI, meaning this isn't actually
// a subresource, but rather a top-level document, i.e. something we can
// display in-browser and might be saving as-is. Allow the load.
return NS_OK;
}
bool isTrigFtpURI = (NS_SUCCEEDED(tURI->SchemeIs("ftp", &isTrigFtpURI)) && isTrigFtpURI);
if (isTrigFtpURI) {
// The document loading this resource is also on FTP, satisfying the SOP.
// Allow the load.
return NS_OK;
}

Loading…
Cancel
Save