diff options
Diffstat (limited to 'gnu/packages/patches/icecat-CVE-2015-0807.patch')
| -rw-r--r-- | gnu/packages/patches/icecat-CVE-2015-0807.patch | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/gnu/packages/patches/icecat-CVE-2015-0807.patch b/gnu/packages/patches/icecat-CVE-2015-0807.patch new file mode 100644 index 0000000000..833bc36d6b --- /dev/null +++ b/gnu/packages/patches/icecat-CVE-2015-0807.patch @@ -0,0 +1,30 @@ +From 1b97832a8ae9983e4f15befe142f5ea0626707f1 Mon Sep 17 00:00:00 2001 +From: Christoph Kerschbaumer <mozilla@christophkerschbaumer.com> +Date: Thu, 19 Feb 2015 13:43:40 -0800 +Subject: [PATCH] Bug 1111834 - CORS request after preflight should not follow + 30x redirect. r=sicking, a=lmandel + +--- + dom/base/Navigator.cpp | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/dom/base/Navigator.cpp b/dom/base/Navigator.cpp +index 020e370..727b7cb7 100644 +--- a/dom/base/Navigator.cpp ++++ b/dom/base/Navigator.cpp +@@ -1278,6 +1278,12 @@ Navigator::SendBeacon(const nsAString& aUrl, + !contentType.Equals(APPLICATION_WWW_FORM_URLENCODED) && + !contentType.Equals(MULTIPART_FORM_DATA) && + !contentType.Equals(TEXT_PLAIN)) { ++ ++ // we need to set the sameOriginChecker as a notificationCallback ++ // so we can tell the channel not to follow redirects ++ nsCOMPtr<nsIInterfaceRequestor> soc = nsContentUtils::GetSameOriginChecker(); ++ channel->SetNotificationCallbacks(soc); ++ + nsCOMPtr<nsIChannel> preflightChannel; + nsTArray<nsCString> unsafeHeaders; + unsafeHeaders.AppendElement(NS_LITERAL_CSTRING("Content-Type")); +-- +2.2.1 + |