Commit 137c0527 authored by Georg Koppen's avatar Georg Koppen
Browse files

Bug 22457: Allow resources loaded by view-source://

Instead of whitelisting single resources for view-source requests that
might allow platform detection we allow all of those that are needed by
requests with a view-source origin. This should be safe now that
https://bugzilla.mozilla.org/show_bug.cgi?id=1172165 landed.
parent ad937183
......@@ -83,8 +83,12 @@ ContentPolicy.prototype = {
return Ci.nsIContentPolicy.ACCEPT;
}
// Accept if no origin URI or if origin scheme is chrome/resource/about.
if (!aRequestOrigin || aRequestOrigin.schemeIs('resource') || aRequestOrigin.schemeIs('chrome') || aRequestOrigin.schemeIs('about'))
// Accept if no origin URI or if origin scheme is
// chrome/resource/about/view-source.
if (!aRequestOrigin || aRequestOrigin.schemeIs('resource') ||
aRequestOrigin.schemeIs('chrome') ||
aRequestOrigin.schemeIs('about') ||
aRequestOrigin.schemeIs('view-source'))
return Ci.nsIContentPolicy.ACCEPT;
// Accept if resource directly loaded into a tab.
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment