aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches/icecat-CVE-2015-0807.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/icecat-CVE-2015-0807.patch')
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-0807.patch30
1 files changed, 30 insertions, 0 deletions
diff --git a/gnu/packages/patches/icecat-CVE-2015-0807.patch b/gnu/packages/patches/icecat-CVE-2015-0807.patch
new file mode 100644
index 0000000000..833bc36d6b
--- /dev/null
+++ b/gnu/packages/patches/icecat-CVE-2015-0807.patch
@@ -0,0 +1,30 @@
+From 1b97832a8ae9983e4f15befe142f5ea0626707f1 Mon Sep 17 00:00:00 2001
+From: Christoph Kerschbaumer <mozilla@christophkerschbaumer.com>
+Date: Thu, 19 Feb 2015 13:43:40 -0800
+Subject: [PATCH] Bug 1111834 - CORS request after preflight should not follow
+ 30x redirect. r=sicking, a=lmandel
+
+---
+ dom/base/Navigator.cpp | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/dom/base/Navigator.cpp b/dom/base/Navigator.cpp
+index 020e370..727b7cb7 100644
+--- a/dom/base/Navigator.cpp
++++ b/dom/base/Navigator.cpp
+@@ -1278,6 +1278,12 @@ Navigator::SendBeacon(const nsAString& aUrl,
+ !contentType.Equals(APPLICATION_WWW_FORM_URLENCODED) &&
+ !contentType.Equals(MULTIPART_FORM_DATA) &&
+ !contentType.Equals(TEXT_PLAIN)) {
++
++ // we need to set the sameOriginChecker as a notificationCallback
++ // so we can tell the channel not to follow redirects
++ nsCOMPtr<nsIInterfaceRequestor> soc = nsContentUtils::GetSameOriginChecker();
++ channel->SetNotificationCallbacks(soc);
++
+ nsCOMPtr<nsIChannel> preflightChannel;
+ nsTArray<nsCString> unsafeHeaders;
+ unsafeHeaders.AppendElement(NS_LITERAL_CSTRING("Content-Type"));
+--
+2.2.1
+