code review: prevent redirection to WAR when request is xmlhttprequest

This commit is contained in:
Raymond Hill 2018-02-16 13:37:20 -05:00
parent b2ff50f039
commit 4ed0d87b7b
No known key found for this signature in database
GPG Key ID: 25E1490B761470C2
1 changed files with 15 additions and 6 deletions

View File

@ -81,10 +81,21 @@ var RedirectEntry = function() {
/******************************************************************************/ /******************************************************************************/
RedirectEntry.prototype.toURL = function() { // Prevent redirection to web accessible resources when the request is
// of type 'xmlhttprequest', because XMLHttpRequest.responseURL would
// cause leakage of extension id. See:
// - https://stackoverflow.com/a/8056313
// - https://bugzilla.mozilla.org/show_bug.cgi?id=998076
RedirectEntry.prototype.toURL = function(details) {
if ( this.warURL !== undefined ) { if ( this.warURL !== undefined ) {
if (
details instanceof Object === false ||
details.requestType !== 'xmlhttprequest'
) {
return this.warURL + '?secret=' + vAPI.warSecret; return this.warURL + '?secret=' + vAPI.warSecret;
} }
}
if ( this.data.startsWith('data:') === false ) { if ( this.data.startsWith('data:') === false ) {
if ( this.mime.indexOf(';') === -1 ) { if ( this.mime.indexOf(';') === -1 ) {
this.data = 'data:' + this.mime + ';base64,' + btoa(this.data); this.data = 'data:' + this.mime + ';base64,' + btoa(this.data);
@ -214,12 +225,10 @@ RedirectEngine.prototype.lookupToken = function(entries, reqURL) {
RedirectEngine.prototype.toURL = function(context) { RedirectEngine.prototype.toURL = function(context) {
var token = this.lookup(context); var token = this.lookup(context);
if ( token === undefined ) { if ( token === undefined ) { return; }
return;
}
var entry = this.resources.get(token); var entry = this.resources.get(token);
if ( entry !== undefined ) { if ( entry !== undefined ) {
return entry.toURL(); return entry.toURL(context);
} }
}; };