Bug 1373735 - Skip checking mPrivateBrowsingId in case system principal
MozReview-Commit-ID: 2sDJIxALC9L
--- a/dom/base/PostMessageEvent.cpp
+++ b/dom/base/PostMessageEvent.cpp
@@ -103,20 +103,32 @@ PostMessageEvent::Run()
return NS_OK;
// Note: This is contrary to the spec with respect to file: URLs, which
// the spec groups into a single origin, but given we intentionally
// don't do that in other places it seems better to hold the line for
// now. Long-term, we want HTML5 to address this so that we can
// be compliant while being safer.
if (!targetPrin->Equals(mProvidedPrincipal)) {
- MOZ_DIAGNOSTIC_ASSERT(ChromeUtils::IsOriginAttributesEqualIgnoringFPD(mProvidedPrincipal->OriginAttributesRef(),
- targetPrin->OriginAttributesRef()),
- "Unexpected postMessage call to a window with mismatched "
- "origin attributes");
+ OriginAttributes sourceAttrs = mProvidedPrincipal->OriginAttributesRef();
+ OriginAttributes targetAttrs = targetPrin->OriginAttributesRef();
+
+ MOZ_DIAGNOSTIC_ASSERT(sourceAttrs.mAppId == targetAttrs.mAppId,
+ "Target and source should have the same mAppId attribute.");
+ MOZ_DIAGNOSTIC_ASSERT(sourceAttrs.mUserContextId == targetAttrs.mUserContextId,
+ "Target and source should have the same userContextId attribute.");
+ MOZ_DIAGNOSTIC_ASSERT(sourceAttrs.mInIsolatedMozBrowser == targetAttrs.mInIsolatedMozBrowser,
+ "Target and source should have the same inIsolatedMozBrowser attribute.");
+
+ if (!nsContentUtils::IsSystemOrExpandedPrincipal(targetPrin) &&
+ !nsContentUtils::IsSystemOrExpandedPrincipal(mProvidedPrincipal) &&
+ !mTrustedCaller) {
+ MOZ_DIAGNOSTIC_ASSERT(sourceAttrs.mPrivateBrowsingId == targetAttrs.mPrivateBrowsingId,
+ "Target and source should have the same mPrivateBrowsingId attribute.");
+ }
nsAutoString providedOrigin, targetOrigin;
nsresult rv = nsContentUtils::GetUTFOrigin(targetPrin, targetOrigin);
NS_ENSURE_SUCCESS(rv, rv);
rv = nsContentUtils::GetUTFOrigin(mProvidedPrincipal, providedOrigin);
NS_ENSURE_SUCCESS(rv, rv);
const char16_t* params[] = { providedOrigin.get(), targetOrigin.get() };