[tbb-commits] [tor-browser/tor-browser-60.3.0esr-8.5-1] Bug 26540: Enabling pdfjs disableRange option prevents pdfs from loading

gk at torproject.org gk at torproject.org
Mon Nov 12 12:53:18 UTC 2018


commit e00084a6a67ba6ab0c504421ed13a49765dc83d2
Author: Richard Pospesel <richard at torproject.org>
Date:   Tue Nov 6 15:47:31 2018 -0800

    Bug 26540: Enabling pdfjs disableRange option prevents pdfs from loading
    
    Large pdf files download in parts via range-based requests so that users
    can begin reading before the entire file has finished downloading. This
    is implemented using XMLHttpRequests. However, since these requests are
    created in the chrome, they are given the System Principal and lack the
    correct firstPartyDomain associated with the parent window.
    
    This patch manually sets the XMLHttpRequest's originAttributes to the
    one provided by the real owning window cached in the RangedChromeActions
    object. This is done via the chrome-only setOriginAttributes method.
    
    The method is called in the xhr_onreadystatechanged() callback rather
    than directly after construction in getXhr() because the
    setOriginAttributes implementation requires the internal nsIChannel
    object to have been created but not used. Fortunately, the
    XMLHttpRequest object fires the readStateChangedEvent precisely after
    the channel has been created in the XmlHttpRequest's Open() method.
    
    The nsIChannel's nsILoadInfo's OriginAttributes are now overwritten
    with the known OriginAttributes of the parent window before anything
    else has had a chance to use it.
---
 browser/extensions/pdfjs/content/PdfStreamConverter.jsm | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/browser/extensions/pdfjs/content/PdfStreamConverter.jsm b/browser/extensions/pdfjs/content/PdfStreamConverter.jsm
index a2ebec9450d4..a9978f7e7863 100644
--- a/browser/extensions/pdfjs/content/PdfStreamConverter.jsm
+++ b/browser/extensions/pdfjs/content/PdfStreamConverter.jsm
@@ -233,6 +233,15 @@ class ChromeActions {
     return PrivateBrowsingUtils.isContentWindowPrivate(this.domWindow);
   }
 
+  getWindowOriginAttributes()
+  {
+    try {
+      return this.domWindow.document.nodePrincipal.originAttributes;
+    } catch(err) {
+      return {};
+    }
+  }
+
   download(data, sendResponse) {
     var self = this;
     var originalUrl = data.originalUrl;
@@ -591,6 +600,9 @@ class RangedChromeActions extends ChromeActions {
     var self = this;
     var xhr_onreadystatechange = function xhr_onreadystatechange() {
       if (this.readyState === 1) { // LOADING
+        // override this XMLHttpRequest's OriginAttributes with our cached parent window's
+        // OriginAttributes, as we are currently running under the SystemPrincipal
+        this.setOriginAttributes(self.getWindowOriginAttributes());
         var netChannel = this.channel;
         if ("nsIPrivateBrowsingChannel" in Ci &&
             netChannel instanceof Ci.nsIPrivateBrowsingChannel) {



More information about the tbb-commits mailing list