diff options
| author | cvs2svn <cvs2svn@FreeBSD.org> | 2009-04-28 21:27:54 +0000 |
|---|---|---|
| committer | cvs2svn <cvs2svn@FreeBSD.org> | 2009-04-28 21:27:54 +0000 |
| commit | b6bb8c3d3a17625aa826094130b3d84530b6dae4 (patch) | |
| tree | f2de4a4d4b2f5c3fcbd1ee2ea6cce6d571bfb5f7 /www/firefox36/files/patch-ff-380418 | |
| parent | - Fix PLIST (diff) | |
This commit was manufactured by cvs2svn to create tag 'RELEASE_7_2_0'.release/7.2.0
Notes
Notes:
svn path=/head/; revision=232918
svn path=/tags/RELEASE_7_2_0/; revision=232919; tag=release/7.2.0
Diffstat (limited to 'www/firefox36/files/patch-ff-380418')
| -rw-r--r-- | www/firefox36/files/patch-ff-380418 | 66 |
1 files changed, 0 insertions, 66 deletions
diff --git a/www/firefox36/files/patch-ff-380418 b/www/firefox36/files/patch-ff-380418 deleted file mode 100644 index f98f54060479..000000000000 --- a/www/firefox36/files/patch-ff-380418 +++ /dev/null @@ -1,66 +0,0 @@ ---- .pc/380418-candidate.patch/content/base/src/nsXMLHttpRequest.cpp 2009-01-05 03:48:53.000000000 +0100 -+++ content/base/src/nsXMLHttpRequest.cpp 2009-01-05 03:54:08.000000000 +0100 -@@ -762,16 +762,28 @@ nsXMLHttpRequest::GetAllResponseHeaders( - /* ACString getResponseHeader (in AUTF8String header); */ - NS_IMETHODIMP - nsXMLHttpRequest::GetResponseHeader(const nsACString& header, - nsACString& _retval) - { - nsresult rv = NS_OK; - _retval.Truncate(); - -+ // See bug #380418. Hide "Set-Cookie" headers from non-chrome scripts. -+ PRBool chrome = PR_FALSE; // default to false in case IsCapabilityEnabled fails -+ nsIScriptSecurityManager *secMan = nsContentUtils::GetSecurityManager(); -+ secMan->IsCapabilityEnabled("UniversalXPConnect", &chrome); -+ if (!chrome && -+ (header.LowerCaseEqualsASCII("set-cookie") || -+ header.LowerCaseEqualsASCII("set-cookie2"))) { -+ NS_WARNING("blocked access to response header"); -+ _retval.SetIsVoid(PR_TRUE); -+ return NS_OK; -+ } -+ - nsCOMPtr<nsIHttpChannel> httpChannel = GetCurrentHttpChannel(); - - if (!mDenyResponseDataAccess && httpChannel) { - rv = httpChannel->GetResponseHeader(header, _retval); - } - - if (rv == NS_ERROR_NOT_AVAILABLE) { - // Means no header -@@ -2183,20 +2195,30 @@ nsXMLHttpRequest::AppendReachableList(ns - } - - - NS_IMPL_ISUPPORTS1(nsXMLHttpRequest::nsHeaderVisitor, nsIHttpHeaderVisitor) - - NS_IMETHODIMP nsXMLHttpRequest:: - nsHeaderVisitor::VisitHeader(const nsACString &header, const nsACString &value) - { -- mHeaders.Append(header); -- mHeaders.Append(": "); -- mHeaders.Append(value); -- mHeaders.Append('\n'); -+ // See bug #380418. Hide "Set-Cookie" headers from non-chrome scripts. -+ PRBool chrome = PR_FALSE; // default to false in case IsCapabilityEnabled fails -+ nsIScriptSecurityManager *secMan = nsContentUtils::GetSecurityManager(); -+ secMan->IsCapabilityEnabled("UniversalXPConnect", &chrome); -+ if (!chrome && -+ (header.LowerCaseEqualsASCII("set-cookie") || -+ header.LowerCaseEqualsASCII("set-cookie2"))) { -+ NS_WARNING("blocked access to response header"); -+ } else { -+ mHeaders.Append(header); -+ mHeaders.Append(": "); -+ mHeaders.Append(value); -+ mHeaders.Append('\n'); -+ } - return NS_OK; - } - - // DOM event class to handle progress notifications - nsXMLHttpProgressEvent::nsXMLHttpProgressEvent(nsIDOMEvent * aInner, PRUint64 aCurrentProgress, PRUint64 aMaxProgress) - { - mInner = aInner; - mCurProgress = aCurrentProgress; |