Commit 137c0527 authored by Georg Koppen's avatar Georg Koppen
Browse files

Bug 22457: Allow resources loaded by view-source://

Instead of whitelisting single resources for view-source requests that
might allow platform detection we allow all of those that are needed by
requests with a view-source origin. This should be safe now that landed.
parent ad937183
......@@ -83,8 +83,12 @@ ContentPolicy.prototype = {
return Ci.nsIContentPolicy.ACCEPT;
// Accept if no origin URI or if origin scheme is chrome/resource/about.
if (!aRequestOrigin || aRequestOrigin.schemeIs('resource') || aRequestOrigin.schemeIs('chrome') || aRequestOrigin.schemeIs('about'))
// Accept if no origin URI or if origin scheme is
// chrome/resource/about/view-source.
if (!aRequestOrigin || aRequestOrigin.schemeIs('resource') ||
aRequestOrigin.schemeIs('chrome') ||
aRequestOrigin.schemeIs('about') ||
return Ci.nsIContentPolicy.ACCEPT;
// Accept if resource directly loaded into a tab.
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment