Bug 1476570 - allow proxy to work on restricted domains, r?aswan
Proxies must work with all requests, however the new onRequest proxy api
passed the policy when running the filter match. ChannelWrapper then
calls a check against restricted domains. By removing the policy argument
we remove that restriction while keeping url filtering requested by the
extension.
MozReview-Commit-ID: 8VBZMyrbpNs
--- a/toolkit/components/extensions/ProxyScriptContext.jsm
+++ b/toolkit/components/extensions/ProxyScriptContext.jsm
@@ -306,17 +306,27 @@ class ProxyChannelFilter {
let {filter} = this;
if (filter.tabId != null && browserData.tabId !== filter.tabId) {
return;
}
if (filter.windowId != null && browserData.windowId !== filter.windowId) {
return;
}
- if (wrapper.matches(filter, this.extension.policy, {isProxy: true})) {
+ // We need to handle all the matching ourselves since wrapper.matches
+ // calls WebExtensionPolicy::CanAccessURI which, in addition to
+ // checking allowedOrigins also rejects restricted URIs.
+ if (filter.types != null && !filter.types.includes(wrapper.type)) {
+ return;
+ }
+ if (filter.urls != null && !filter.urls.matches(wrapper.finalURI)) {
+ return;
+ }
+
+ if (this.extension.policy.allowedOrigins.matches(wrapper.finalURI)) {
let data = this.getRequestData(wrapper, {tabId: browserData.tabId});
let ret = await this.listener(data);
if (ret == null) {
// If ret undefined or null, fall through to the `finally` block to apply the proxy result.
proxyInfo = ret;
return;
}
--- a/toolkit/components/extensions/test/xpcshell/test_proxy_listener.js
+++ b/toolkit/components/extensions/test/xpcshell/test_proxy_listener.js
@@ -3,20 +3,20 @@
ChromeUtils.import("resource://gre/modules/Extension.jsm");
XPCOMUtils.defineLazyServiceGetter(this, "gProxyService",
"@mozilla.org/network/protocol-proxy-service;1",
"nsIProtocolProxyService");
const TRANSPARENT_PROXY_RESOLVES_HOST = Ci.nsIProxyInfo.TRANSPARENT_PROXY_RESOLVES_HOST;
-function getProxyInfo() {
+function getProxyInfo(url = "http://www.mozilla.org/") {
return new Promise((resolve, reject) => {
let channel = NetUtil.newChannel({
- uri: "http://www.mozilla.org/",
+ uri: url,
loadUsingSystemPrincipal: true,
});
gProxyService.asyncResolve(channel, 0, {
onProxyAvailable(req, uri, pi, status) {
resolve(pi);
},
});
@@ -173,17 +173,18 @@ async function getExtension(expectedProx
await extension.awaitMessage("ready");
return extension;
}
add_task(async function test_passthrough() {
let ext1 = await getExtension(null);
let ext2 = await getExtension({host: "1.2.3.4", port: 8888, type: "http"});
- let proxyInfo = await getProxyInfo();
+ // Also use a restricted url to test the ability to proxy those.
+ let proxyInfo = await getProxyInfo("http://addons.mozilla.org");
equal(proxyInfo.host, "1.2.3.4", `second extension won`);
equal(proxyInfo.port, "8888", `second extension won`);
equal(proxyInfo.type, "http", `second extension won`);
await ext2.unload();
proxyInfo = await getProxyInfo();