From 90f3f16fd491cc7e5f3bb9e9b704bfce54fb0c39 Mon Sep 17 00:00:00 2001 From: Andreas Farre Date: Tue, 16 May 2023 14:55:23 +0000 Subject: [PATCH] Bug 1823817 - Process cross origin security headers from nsHttpChannel::OnAuthCancelled. r=necko-reviewers,valentin nsHttpChannel::OnAuthCancelled calls nsHttpChannel::CallOnStartRequest directly, effectively bypassing HttpBaseChannel::ProcessCrossOriginSecurityHeaders, which is needed to get CORP handling right. Differential Revision: https://phabricator.services.mozilla.com/D177778 --- netwerk/protocol/http/HttpBaseChannel.cpp | 1 + netwerk/protocol/http/HttpBaseChannel.h | 6 +++++- netwerk/protocol/http/nsHttpChannel.cpp | 14 +++++++++++++- 3 files changed, 19 insertions(+), 2 deletions(-) diff --git a/netwerk/protocol/http/HttpBaseChannel.cpp b/netwerk/protocol/http/HttpBaseChannel.cpp index 03a974b8ab6b1..5af831570b441 100644 --- a/netwerk/protocol/http/HttpBaseChannel.cpp +++ b/netwerk/protocol/http/HttpBaseChannel.cpp @@ -2689,6 +2689,7 @@ nsresult HttpBaseChannel::ComputeCrossOriginOpenerPolicyMismatch() { } nsresult HttpBaseChannel::ProcessCrossOriginSecurityHeaders() { + StoreProcessCrossOriginSecurityHeadersCalled(true); nsresult rv = ProcessCrossOriginEmbedderPolicyHeader(); if (NS_FAILED(rv)) { return rv; diff --git a/netwerk/protocol/http/HttpBaseChannel.h b/netwerk/protocol/http/HttpBaseChannel.h index f8fa9059d1f09..de6908e265f14 100644 --- a/netwerk/protocol/http/HttpBaseChannel.h +++ b/netwerk/protocol/http/HttpBaseChannel.h @@ -1028,7 +1028,11 @@ class HttpBaseChannel : public nsHashPropertyBag, // True if HTTPS RR is used during the connection establishment of this // channel. - (uint32_t, HasHTTPSRR, 1) + (uint32_t, HasHTTPSRR, 1), + + // Ensures that ProcessCrossOriginSecurityHeadersCalled has been called + // before calling CallOnStartRequest. + (uint32_t, ProcessCrossOriginSecurityHeadersCalled, 1) )) // clang-format on diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp index 27ef583fe7beb..8f7980ac87e98 100644 --- a/netwerk/protocol/http/nsHttpChannel.cpp +++ b/netwerk/protocol/http/nsHttpChannel.cpp @@ -1535,6 +1535,10 @@ nsresult nsHttpChannel::CallOnStartRequest() { "CORS preflight must have been finished by the time we " "call OnStartRequest"); + MOZ_RELEASE_ASSERT(mCanceled || LoadProcessCrossOriginSecurityHeadersCalled(), + "Security headers need to have been processed before " + "calling CallOnStartRequest"); + mEarlyHintObserver = nullptr; if (LoadOnStartRequestCalled()) { @@ -5461,9 +5465,17 @@ NS_IMETHODIMP nsHttpChannel::OnAuthCancelled(bool userCancel) { // the origin server. if (LoadProxyAuthPending()) Cancel(NS_ERROR_PROXY_CONNECTION_REFUSED); + // Make sure to process security headers before calling CallOnStartRequest. + nsresult rv = ProcessCrossOriginSecurityHeaders(); + if (NS_FAILED(rv)) { + mStatus = rv; + HandleAsyncAbort(); + return rv; + } + // ensure call of OnStartRequest of the current listener here, // it would not be called otherwise at all - nsresult rv = CallOnStartRequest(); + rv = CallOnStartRequest(); // drop mAuthRetryPending flag and resume the transaction // this resumes load of the unauthenticated content data (which