Bug 1823817 - Process cross origin security headers from nsHttpChanne…

…l::OnAuthCancelled. r=necko-reviewers,valentin nsHttpChannel::OnAuthCancelled calls nsHttpChannel::CallOnStartRequest directly, effectively bypassing HttpBaseChannel::ProcessCrossOriginSecurityHeaders, which is needed to get CORP handling right. Differential Revision: https://phabricator.services.mozilla.com/D177778
iaxat · May 16, 2023 · 90f3f16 · 90f3f16
1 parent 97a5bf4
commit 90f3f16
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 2 deletions.
diff --git a/netwerk/protocol/http/HttpBaseChannel.cpp b/netwerk/protocol/http/HttpBaseChannel.cpp
@@ -2689,6 +2689,7 @@ nsresult HttpBaseChannel::ComputeCrossOriginOpenerPolicyMismatch() {
 }
 
 nsresult HttpBaseChannel::ProcessCrossOriginSecurityHeaders() {
+  StoreProcessCrossOriginSecurityHeadersCalled(true);
   nsresult rv = ProcessCrossOriginEmbedderPolicyHeader();
   if (NS_FAILED(rv)) {
     return rv;

diff --git a/netwerk/protocol/http/HttpBaseChannel.h b/netwerk/protocol/http/HttpBaseChannel.h
@@ -1028,7 +1028,11 @@ class HttpBaseChannel : public nsHashPropertyBag,
 
     // True if HTTPS RR is used during the connection establishment of this
     // channel.
-    (uint32_t, HasHTTPSRR, 1)
+    (uint32_t, HasHTTPSRR, 1),
+
+    // Ensures that ProcessCrossOriginSecurityHeadersCalled has been called
+    // before calling CallOnStartRequest.
+    (uint32_t, ProcessCrossOriginSecurityHeadersCalled, 1)
   ))
   // clang-format on
 

diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp
@@ -1535,6 +1535,10 @@ nsresult nsHttpChannel::CallOnStartRequest() {
                      "CORS preflight must have been finished by the time we "
                      "call OnStartRequest");
 
+  MOZ_RELEASE_ASSERT(mCanceled || LoadProcessCrossOriginSecurityHeadersCalled(),
+                     "Security headers need to have been processed before "
+                     "calling CallOnStartRequest");
+
   mEarlyHintObserver = nullptr;
 
   if (LoadOnStartRequestCalled()) {
@@ -5461,9 +5465,17 @@ NS_IMETHODIMP nsHttpChannel::OnAuthCancelled(bool userCancel) {
     // the origin server.
     if (LoadProxyAuthPending()) Cancel(NS_ERROR_PROXY_CONNECTION_REFUSED);
 
+    // Make sure to process security headers before calling CallOnStartRequest.
+    nsresult rv = ProcessCrossOriginSecurityHeaders();
+    if (NS_FAILED(rv)) {
+      mStatus = rv;
+      HandleAsyncAbort();
+      return rv;
+    }
+
     // ensure call of OnStartRequest of the current listener here,
     // it would not be called otherwise at all
-    nsresult rv = CallOnStartRequest();
+    rv = CallOnStartRequest();
 
     // drop mAuthRetryPending flag and resume the transaction
     // this resumes load of the unauthenticated content data (which