commit 22e6c335a74f08d37dd0e2daec9951dd4d0cc89d Author: Arthur Edelstein <arthuredelstein@gmail.com> Date: Thu Sep 22 05:49:07 2016 +0000 Bug 20043: Isolate SharedWorker script requests to first party --- dom/workers/WorkerPrivate.cpp | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/dom/workers/WorkerPrivate.cpp b/dom/workers/WorkerPrivate.cpp index 830712e..2ac0c0f 100644 --- a/dom/workers/WorkerPrivate.cpp +++ b/dom/workers/WorkerPrivate.cpp @@ -4396,6 +4396,25 @@ WorkerPrivate::GetLoadInfo(JSContext* aCx, nsPIDOMWindow* aWindow, getter_AddRefs(loadInfo.mChannel)); NS_ENSURE_SUCCESS(rv, rv); + // If this is a SharedWorker and we have an isolation key, use it as the + // DocumentURI for this channel. Ensures we get the right first-party domain. + if ((aWorkerType == WorkerTypeShared || aWorkerType == WorkerTypeService) && + !loadInfo.mIsolationKey.IsEmpty()) { + nsCOMPtr<nsIHttpChannelInternal> channelInternal(do_QueryInterface(loadInfo.mChannel)); + if (channelInternal) { + nsCString documentURISpec("https://"); + documentURISpec.Append(loadInfo.mIsolationKey); + nsCOMPtr<nsIURI> documentURI; + nsresult rv = NS_NewURI(getter_AddRefs(documentURI), documentURISpec); + if (NS_SUCCEEDED(rv)) { + channelInternal->SetDocumentURI(documentURI); + } else { + NS_WARNING("Unable to set the documentURI for SharedWorker's " + "loading channel."); + } + } + } + rv = NS_GetFinalChannelURI(loadInfo.mChannel, getter_AddRefs(loadInfo.mResolvedScriptURI)); NS_ENSURE_SUCCESS(rv, rv);