Bug 1436241 - Check redirect status code before forwarding to NPAPI
NPAPI may handle a 307 redirect across different origins, while they
should only happen on same origin requests. Have the browser check
this before forwarding to NPAPI.
MozReview-Commit-ID: 5vxMooygI4g
--- a/dom/plugins/base/nsPluginStreamListenerPeer.cpp
+++ b/dom/plugins/base/nsPluginStreamListenerPeer.cpp
@@ -663,25 +663,16 @@ NS_IMETHODIMP
nsPluginStreamListenerPeer::AsyncOnChannelRedirect(nsIChannel *oldChannel, nsIChannel *newChannel,
uint32_t flags, nsIAsyncVerifyRedirectCallback* callback)
{
// Disallow redirects if we don't have a stream listener.
if (!mPStreamListener) {
return NS_ERROR_FAILURE;
}
- nsCOMPtr<nsIAsyncVerifyRedirectCallback> proxyCallback =
- new ChannelRedirectProxyCallback(this, callback, oldChannel, newChannel);
-
- // Give NPAPI a chance to control redirects.
- bool notificationHandled = mPStreamListener->HandleRedirectNotification(oldChannel, newChannel, proxyCallback);
- if (notificationHandled) {
- return NS_OK;
- }
-
// Don't allow cross-origin 307 POST redirects.
nsCOMPtr<nsIHttpChannel> oldHttpChannel(do_QueryInterface(oldChannel));
if (oldHttpChannel) {
uint32_t responseStatus;
nsresult rv = oldHttpChannel->GetResponseStatus(&responseStatus);
if (NS_FAILED(rv)) {
return rv;
}
@@ -695,16 +686,25 @@ nsPluginStreamListenerPeer::AsyncOnChann
rv = nsContentUtils::CheckSameOrigin(oldChannel, newChannel);
if (NS_FAILED(rv)) {
return rv;
}
}
}
}
+ nsCOMPtr<nsIAsyncVerifyRedirectCallback> proxyCallback =
+ new ChannelRedirectProxyCallback(this, callback, oldChannel, newChannel);
+
+ // Give NPAPI a chance to control redirects.
+ bool notificationHandled = mPStreamListener->HandleRedirectNotification(oldChannel, newChannel, proxyCallback);
+ if (notificationHandled) {
+ return NS_OK;
+ }
+
// Fall back to channel event sink for window.
nsCOMPtr<nsIChannelEventSink> channelEventSink;
nsresult rv = GetInterfaceGlobal(NS_GET_IID(nsIChannelEventSink), getter_AddRefs(channelEventSink));
if (NS_FAILED(rv)) {
return rv;
}
return channelEventSink->AsyncOnChannelRedirect(oldChannel, newChannel, flags, proxyCallback);