diff --git a/caps/BasePrincipal.h b/caps/BasePrincipal.h index 1cf267b41a79..7da0ef5b55c7 100644 --- a/caps/BasePrincipal.h +++ b/caps/BasePrincipal.h @@ -410,6 +410,16 @@ inline bool BasePrincipal::FastEqualsConsideringDomain(nsIPrincipal* aOther) { return FastEquals(aOther); } + // Principals of different kinds can't be equal. + if (Kind() != other->Kind()) { + return false; + } + + // Only ContentPrincipals should have mHasExplicitDomain set to true, so test + // that we haven't ended up here instead of FastEquals by mistake. + MOZ_ASSERT(IsContentPrincipal(), + "Only content principals can set mHasExplicitDomain"); + return Subsumes(aOther, ConsiderDocumentDomain) && other->Subsumes(this, ConsiderDocumentDomain); } diff --git a/caps/ExpandedPrincipal.cpp b/caps/ExpandedPrincipal.cpp index 6a210058cec6..ce8ccd8b8277 100644 --- a/caps/ExpandedPrincipal.cpp +++ b/caps/ExpandedPrincipal.cpp @@ -20,28 +20,6 @@ NS_IMPL_QUERY_INTERFACE_CI(ExpandedPrincipal, nsIPrincipal, NS_IMPL_CI_INTERFACE_GETTER(ExpandedPrincipal, nsIPrincipal, nsIExpandedPrincipal) -struct OriginComparator { - bool LessThan(nsIPrincipal* a, nsIPrincipal* b) const { - nsAutoCString originA; - DebugOnly rv = a->GetOrigin(originA); - MOZ_ASSERT(NS_SUCCEEDED(rv)); - nsAutoCString originB; - rv = b->GetOrigin(originB); - MOZ_ASSERT(NS_SUCCEEDED(rv)); - return originA < originB; - } - - bool Equals(nsIPrincipal* a, nsIPrincipal* b) const { - nsAutoCString originA; - DebugOnly rv = a->GetOrigin(originA); - MOZ_ASSERT(NS_SUCCEEDED(rv)); - nsAutoCString originB; - rv = b->GetOrigin(originB); - MOZ_ASSERT(NS_SUCCEEDED(rv)); - return a == b; - } -}; - ExpandedPrincipal::ExpandedPrincipal( nsTArray>&& aPrincipals, const nsACString& aOriginNoSuffix, const OriginAttributes& aAttrs) @@ -53,12 +31,9 @@ ExpandedPrincipal::~ExpandedPrincipal() = default; already_AddRefed ExpandedPrincipal::Create( const nsTArray>& aAllowList, const OriginAttributes& aAttrs) { - // We force the principals to be sorted by origin so that ExpandedPrincipal - // origins can have a canonical form. nsTArray> principals; - OriginComparator c; for (size_t i = 0; i < aAllowList.Length(); ++i) { - principals.InsertElementSorted(aAllowList[i], c); + principals.AppendElement(aAllowList[i]); } nsAutoCString origin; @@ -248,7 +223,6 @@ ExpandedPrincipal::Deserializer::Read(nsIObjectInputStream* aStream) { return NS_ERROR_OUT_OF_MEMORY; } - OriginComparator c; for (uint32_t i = 0; i < count; ++i) { nsCOMPtr read; rv = aStream->ReadObject(true, getter_AddRefs(read)); @@ -261,9 +235,7 @@ ExpandedPrincipal::Deserializer::Read(nsIObjectInputStream* aStream) { return NS_ERROR_UNEXPECTED; } - // Play it safe and InsertElementSorted, in case the sort order - // changed for some bizarre reason. - principals.InsertElementSorted(std::move(principal), c); + principals.AppendElement(std::move(principal)); } mPrincipal = ExpandedPrincipal::Create(principals, OriginAttributes()); diff --git a/caps/tests/unit/test_origin.js b/caps/tests/unit/test_origin.js index e5efaabea194..c0cbc2996a8d 100644 --- a/caps/tests/unit/test_origin.js +++ b/caps/tests/unit/test_origin.js @@ -127,7 +127,7 @@ function run_test() { // nsEP origins should be in lexical order. Assert.equal( ep.origin, - `[Expanded Principal [${exampleOrg.origin}, ${exampleCom.origin}, ${nullPrin.origin}]]` + `[Expanded Principal [${exampleCom.origin}, ${nullPrin.origin}, ${exampleOrg.origin}]]` ); // Make sure createContentPrincipal does what the rest of gecko does. diff --git a/js/xpconnect/tests/unit/test_allowedDomainsXHR.js b/js/xpconnect/tests/unit/test_allowedDomainsXHR.js index d58706894400..2ed388fb3609 100644 --- a/js/xpconnect/tests/unit/test_allowedDomainsXHR.js +++ b/js/xpconnect/tests/unit/test_allowedDomainsXHR.js @@ -63,7 +63,7 @@ function run_test() var principal = res.responseXML.nodePrincipal; Assert.ok(principal.isContentPrincipal); - var requestURL = "http://localhost:4444/simple"; + var requestURL = "http://localhost:4444/redirect"; Assert.equal(principal.spec, requestURL); // negative test sync XHR sending (to ensure that the xhr do not have chrome caps, see bug 779821) @@ -85,7 +85,7 @@ function run_test() var principal = res.responseXML.nodePrincipal; Assert.ok(principal.isContentPrincipal); - var requestURL = "http://localhost:4444/simple"; + var requestURL = "http://localhost:4444/redirect"; Assert.equal(principal.spec, requestURL); httpserver2.stop(finishIfDone); diff --git a/toolkit/components/extensions/test/xpcshell/test_ext_contentscript_triggeringPrincipal.js b/toolkit/components/extensions/test/xpcshell/test_ext_contentscript_triggeringPrincipal.js index 6f2ee165f5b4..115fa77cc598 100644 --- a/toolkit/components/extensions/test/xpcshell/test_ext_contentscript_triggeringPrincipal.js +++ b/toolkit/components/extensions/test/xpcshell/test_ext_contentscript_triggeringPrincipal.js @@ -1258,7 +1258,7 @@ function getOrigins(extension) { page: Services.scriptSecurityManager.createContentPrincipal(pageURI, {}) .origin, contentScript: Cu.getObjectPrincipal( - Cu.Sandbox([extension.principal, pageURL]) + Cu.Sandbox([pageURL, extension.principal]) ).origin, extension: extension.principal.origin, };