Bug 1911759 - Add triggeringPrincipal override to RequestInit r=necko…

…-reviewers,webidl,smaug,kershaw This allows code with Chrome priviledges to use the fetch API to specify a triggering principal instead of needing to use XMLHttpRequest. The triggeringPrincipal is only used when the fetch principal is already the systemPrincipal. Differential Revision: https://phabricator.services.mozilla.com/D213418
i3roly · Aug 7, 2024 · 5f39be1 · 5f39be1
1 parent 09ffe03
commit 5f39be1
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 1 deletion.
diff --git a/dom/fetch/FetchDriver.cpp b/dom/fetch/FetchDriver.cpp
@@ -641,8 +641,14 @@ nsresult FetchDriver::HttpFetch(
                        nullptr, /* aCallbacks */
                        loadFlags, ios);
   } else {
+    nsCOMPtr<nsIPrincipal> principal = mPrincipal;
+    if (principal->IsSystemPrincipal() &&
+        mRequest->GetTriggeringPrincipalOverride()) {
+      principal = mRequest->GetTriggeringPrincipalOverride();
+    }
+
     rv =
-        NS_NewChannel(getter_AddRefs(chan), uri, mPrincipal, secFlags,
+        NS_NewChannel(getter_AddRefs(chan), uri, principal, secFlags,
                       mRequest->ContentPolicyType(), mCookieJarSettings,
                       mPerformanceStorage, mLoadGroup, nullptr, /* aCallbacks */
                       loadFlags, ios);

diff --git a/dom/fetch/InternalRequest.h b/dom/fetch/InternalRequest.h
@@ -262,6 +262,14 @@ class InternalRequest final : public AtomicSafeRefCounted<InternalRequest> {
 
   void SetMozErrors() { mMozErrors = true; }
 
+  void SetTriggeringPrincipal(nsIPrincipal* aPrincipal) {
+    mTriggeringPrincipalOverride = aPrincipal;
+  }
+
+  nsIPrincipal* GetTriggeringPrincipalOverride() {
+    return mTriggeringPrincipalOverride;
+  }
+
   const nsCString& GetFragment() const { return mFragment; }
 
   nsContentPolicyType ContentPolicyType() const { return mContentPolicyType; }
@@ -437,6 +445,8 @@ class InternalRequest final : public AtomicSafeRefCounted<InternalRequest> {
   nsCString mBodyBlobURISpec;
   nsString mBodyLocalPath;
   nsCOMPtr<nsIInputStream> mBodyStream;
+
+  nsCOMPtr<nsIPrincipal> mTriggeringPrincipalOverride;
   int64_t mBodyLength{InternalResponse::UNKNOWN_BODY_SIZE};
 
   nsCString mPreferredAlternativeDataType;

diff --git a/dom/fetch/Request.cpp b/dom/fetch/Request.cpp
@@ -352,6 +352,11 @@ SafeRefPtr<Request> Request::Constructor(
     request->SetMozErrors();
   }
 
+  if (aInit.mTriggeringPrincipal.WasPassed() &&
+      aInit.mTriggeringPrincipal.Value()) {
+    request->SetTriggeringPrincipal(aInit.mTriggeringPrincipal.Value());
+  }
+
   // Request constructor step 14.
   if (aInit.mMethod.WasPassed()) {
     nsAutoCString method(aInit.mMethod.Value());

diff --git a/dom/webidl/Request.webidl b/dom/webidl/Request.webidl
@@ -7,6 +7,9 @@
  * https://fetch.spec.whatwg.org/#request-class
  */
 
+
+interface Principal;
+
 typedef (Request or UTF8String) RequestInfo;
 typedef unsigned long nsContentPolicyType;
 
@@ -77,6 +80,9 @@ dictionary RequestInit {
   [ChromeOnly]
   boolean mozErrors;
 
+  [ChromeOnly]
+  Principal triggeringPrincipal;
+
   AbortSignal? signal;
 
   [Pref="network.fetchpriority.enabled"]