From dd08e904ebac7657b59ecc0a3c48a46e81bfd81a Mon Sep 17 00:00:00 2001 From: Paul Rouget Date: Mon, 28 Mar 2016 10:29:31 +0200 Subject: [PATCH] Disable cross origin check for mozbrowser-enabled top level pipelines --- components/script/dom/xmlhttprequest.rs | 32 +++++++++++++++---- tests/wpt/mozilla/meta/MANIFEST.json | 6 ++++ .../mozilla/mozbrowser/crossorigin_xhr.html | 22 +++++++++++++ 3 files changed, 54 insertions(+), 6 deletions(-) create mode 100644 tests/wpt/mozilla/tests/mozilla/mozbrowser/crossorigin_xhr.html diff --git a/components/script/dom/xmlhttprequest.rs b/components/script/dom/xmlhttprequest.rs index 8d1456a73ae6..20a729c70c0c 100644 --- a/components/script/dom/xmlhttprequest.rs +++ b/components/script/dom/xmlhttprequest.rs @@ -62,6 +62,7 @@ use time; use timers::{OneshotTimerCallback, OneshotTimerHandle}; use url::Url; use url::percent_encoding::{utf8_percent_encode, USERNAME_ENCODE_SET, PASSWORD_ENCODE_SET}; +use util::prefs; use util::str::DOMString; pub type SendParam = BlobOrStringOrURLSearchParams; @@ -866,14 +867,33 @@ impl XMLHttpRequest { fn process_headers_available(&self, cors_request: Option, gen_id: GenerationId, metadata: Metadata) -> Result<(), Error> { - if let Some(ref req) = cors_request { - match metadata.headers { - Some(ref h) if allow_cross_origin_request(req, h) => {}, - _ => { - self.process_partial_response(XHRProgress::Errored(gen_id, Error::Network)); - return Err(Error::Network); + let bypass_cross_origin_check = { + // We want to be able to do cross-origin requests in browser.html. + // If the XHR happens in a top level window and the mozbrowser + // preference is enabled, we allow bypassing the CORS check. + // This is a temporary measure until we figure out Servo privilege + // story. See https://github.com/servo/servo/issues/9582 + if let GlobalRoot::Window(win) = self.global() { + let is_root_pipeline = win.parent_info().is_none(); + let is_mozbrowser_enabled = prefs::get_pref("dom.mozbrowser.enabled").as_boolean().unwrap_or(false); + is_root_pipeline && is_mozbrowser_enabled + } else { + false + } + }; + + if !bypass_cross_origin_check { + if let Some(ref req) = cors_request { + match metadata.headers { + Some(ref h) if allow_cross_origin_request(req, h) => {}, + _ => { + self.process_partial_response(XHRProgress::Errored(gen_id, Error::Network)); + return Err(Error::Network); + } } } + } else { + debug!("Bypassing cross origin check"); } *self.response_url.borrow_mut() = metadata.final_url.serialize_no_fragment(); diff --git a/tests/wpt/mozilla/meta/MANIFEST.json b/tests/wpt/mozilla/meta/MANIFEST.json index 365342494927..947e3ae93a5f 100644 --- a/tests/wpt/mozilla/meta/MANIFEST.json +++ b/tests/wpt/mozilla/meta/MANIFEST.json @@ -6060,6 +6060,12 @@ "url": "/_mozilla/mozilla/mime_sniffing_font_context.html" } ], + "mozilla/mozbrowser/crossorigin_xhr.html": [ + { + "path": "mozilla/mozbrowser/crossorigin_xhr.html", + "url": "/_mozilla/mozilla/mozbrowser/crossorigin_xhr.html" + } + ], "mozilla/mozbrowser/iframe_goback.html": [ { "path": "mozilla/mozbrowser/iframe_goback.html", diff --git a/tests/wpt/mozilla/tests/mozilla/mozbrowser/crossorigin_xhr.html b/tests/wpt/mozilla/tests/mozilla/mozbrowser/crossorigin_xhr.html new file mode 100644 index 000000000000..180f3a915b64 --- /dev/null +++ b/tests/wpt/mozilla/tests/mozilla/mozbrowser/crossorigin_xhr.html @@ -0,0 +1,22 @@ + +cross origin xhr() with mozbrowser + + + + + +