blob: f98f54060479f5234ca46e1aaf1ef29d2dca2bf4 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
|
--- .pc/380418-candidate.patch/content/base/src/nsXMLHttpRequest.cpp 2009-01-05 03:48:53.000000000 +0100
+++ content/base/src/nsXMLHttpRequest.cpp 2009-01-05 03:54:08.000000000 +0100
@@ -762,16 +762,28 @@ nsXMLHttpRequest::GetAllResponseHeaders(
/* ACString getResponseHeader (in AUTF8String header); */
NS_IMETHODIMP
nsXMLHttpRequest::GetResponseHeader(const nsACString& header,
nsACString& _retval)
{
nsresult rv = NS_OK;
_retval.Truncate();
+ // See bug #380418. Hide "Set-Cookie" headers from non-chrome scripts.
+ PRBool chrome = PR_FALSE; // default to false in case IsCapabilityEnabled fails
+ nsIScriptSecurityManager *secMan = nsContentUtils::GetSecurityManager();
+ secMan->IsCapabilityEnabled("UniversalXPConnect", &chrome);
+ if (!chrome &&
+ (header.LowerCaseEqualsASCII("set-cookie") ||
+ header.LowerCaseEqualsASCII("set-cookie2"))) {
+ NS_WARNING("blocked access to response header");
+ _retval.SetIsVoid(PR_TRUE);
+ return NS_OK;
+ }
+
nsCOMPtr<nsIHttpChannel> httpChannel = GetCurrentHttpChannel();
if (!mDenyResponseDataAccess && httpChannel) {
rv = httpChannel->GetResponseHeader(header, _retval);
}
if (rv == NS_ERROR_NOT_AVAILABLE) {
// Means no header
@@ -2183,20 +2195,30 @@ nsXMLHttpRequest::AppendReachableList(ns
}
NS_IMPL_ISUPPORTS1(nsXMLHttpRequest::nsHeaderVisitor, nsIHttpHeaderVisitor)
NS_IMETHODIMP nsXMLHttpRequest::
nsHeaderVisitor::VisitHeader(const nsACString &header, const nsACString &value)
{
- mHeaders.Append(header);
- mHeaders.Append(": ");
- mHeaders.Append(value);
- mHeaders.Append('\n');
+ // See bug #380418. Hide "Set-Cookie" headers from non-chrome scripts.
+ PRBool chrome = PR_FALSE; // default to false in case IsCapabilityEnabled fails
+ nsIScriptSecurityManager *secMan = nsContentUtils::GetSecurityManager();
+ secMan->IsCapabilityEnabled("UniversalXPConnect", &chrome);
+ if (!chrome &&
+ (header.LowerCaseEqualsASCII("set-cookie") ||
+ header.LowerCaseEqualsASCII("set-cookie2"))) {
+ NS_WARNING("blocked access to response header");
+ } else {
+ mHeaders.Append(header);
+ mHeaders.Append(": ");
+ mHeaders.Append(value);
+ mHeaders.Append('\n');
+ }
return NS_OK;
}
// DOM event class to handle progress notifications
nsXMLHttpProgressEvent::nsXMLHttpProgressEvent(nsIDOMEvent * aInner, PRUint64 aCurrentProgress, PRUint64 aMaxProgress)
{
mInner = aInner;
mCurProgress = aCurrentProgress;
|