ryan77627/guix
1
0
Fork 0
mirror of https://git.in.rschanz.org/ryan77627/guix.git synced 2025-01-15 15:37:54 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
guix/gnu/packages/patches/icecat-CVE-2015-0807.patch
Mark H Weaver b7178dc45d gnu: icecat: Apply fixes for CVE-2015-{0801,0807,0815,0816}. 
Actually, CVE-2015-0801 and CVE-2015-0816 were already patched in
4c153a9125, but the corresponding CVEs
were not yet announced.

* gnu/packages/patches/icecat-bug-1146339.patch: Rename to ...
* gnu/packages/patches/icecat-CVE-2015-0801.patch: ... this.
* gnu/packages/patches/icecat-bug-1144991.patch: Rename to ...
* gnu/packages/patches/icecat-CVE-2015-0816.patch: ... this.
* gnu/packages/patches/icecat-CVE-2015-0807.patch,
  gnu/packages/patches/icecat-CVE-2015-0815-pt1.patch,
  gnu/packages/patches/icecat-CVE-2015-0815-pt2.patch,
  gnu/packages/patches/icecat-CVE-2015-0815-pt3.patch: New files.
* gnu-system.am (dist_patch_DATA): Add them, and adapt to renamed files.
* gnu/packages/gnuzilla.scm (icecat): Add patches, and adapt to renamed files.
2015-04-02 01:42:46 -04:00

30 lines
1.1 KiB
Diff
Raw Blame History

From 1b97832a8ae9983e4f15befe142f5ea0626707f1 Mon Sep 17 00:00:00 2001
From: Christoph Kerschbaumer <mozilla@christophkerschbaumer.com>
Date: Thu, 19 Feb 2015 13:43:40 -0800
Subject: [PATCH] Bug 1111834 - CORS request after preflight should not follow
30x redirect. r=sicking, a=lmandel
---
dom/base/Navigator.cpp | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/dom/base/Navigator.cpp b/dom/base/Navigator.cpp
index 020e370..727b7cb7 100644
--- a/dom/base/Navigator.cpp
+++ b/dom/base/Navigator.cpp
@@ -1278,6 +1278,12 @@ Navigator::SendBeacon(const nsAString& aUrl,
!contentType.Equals(APPLICATION_WWW_FORM_URLENCODED) &&
!contentType.Equals(MULTIPART_FORM_DATA) &&
!contentType.Equals(TEXT_PLAIN)) {
+
+ // we need to set the sameOriginChecker as a notificationCallback
+ // so we can tell the channel not to follow redirects
+ nsCOMPtr<nsIInterfaceRequestor> soc = nsContentUtils::GetSameOriginChecker();
+ channel->SetNotificationCallbacks(soc);
+
nsCOMPtr<nsIChannel> preflightChannel;
nsTArray<nsCString> unsafeHeaders;
unsafeHeaders.AppendElement(NS_LITERAL_CSTRING("Content-Type"));
--
2.2.1
Reference in a new issue View git blame Copy permalink