From a522e727bff0fb69cb0d34c2d2ad89168d15158d Mon Sep 17 00:00:00 2001 From: Ehsan Akhgari Date: Sat, 12 Sep 2015 17:38:51 -0400 Subject: [PATCH] Bug 1204269 - Use the worker private in order to determine the origin of the entry settings object for workers; r=smaug a=me --- dom/base/WebSocket.cpp | 46 ++++++++++++++++++++++++++-------------------- 1 file changed, 26 insertions(+), 20 deletions(-) diff --git a/dom/base/WebSocket.cpp b/dom/base/WebSocket.cpp index ea91232..26b94d0 100644 --- a/dom/base/WebSocket.cpp +++ b/dom/base/WebSocket.cpp @@ -1503,26 +1503,32 @@ WebSocketImpl::Init(JSContext* aCx, !Preferences::GetBool("network.websocket.allowInsecureFromHTTPS", false)) { // Confirmed we are opening plain ws:// and want to prevent this from a - // secure context (e.g. https). Check the principal's uri to determine if - // we were loaded from https. - nsCOMPtr globalObject(GetEntryGlobal()); - if (globalObject) { - nsCOMPtr principal(globalObject->PrincipalOrNull()); - if (principal) { - nsCOMPtr uri; - principal->GetURI(getter_AddRefs(uri)); - if (uri) { - bool originIsHttps = false; - aRv = uri->SchemeIs("https", &originIsHttps); - if (NS_WARN_IF(aRv.Failed())) { - return; - } - - if (originIsHttps) { - aRv.Throw(NS_ERROR_DOM_SECURITY_ERR); - return; - } - } + // secure context (e.g. https). + nsCOMPtr principal; + nsCOMPtr originURI; + if (mWorkerPrivate) { + // For workers, retrieve the URI from the WorkerPrivate + principal = mWorkerPrivate->GetPrincipal(); + } else { + // Check the principal's uri to determine if we were loaded from https. + nsCOMPtr globalObject(GetEntryGlobal()); + if (globalObject) { + principal = globalObject->PrincipalOrNull(); + } + } + + if (principal) { + principal->GetURI(getter_AddRefs(originURI)); + } + if (originURI) { + bool originIsHttps = false; + aRv = originURI->SchemeIs("https", &originIsHttps); + if (NS_WARN_IF(aRv.Failed())) { + return; + } + if (originIsHttps) { + aRv.Throw(NS_ERROR_DOM_SECURITY_ERR); + return; } } } -- 2.5.0