2a666e9cfd
* gnu/packages/patches/icecat-CVE-2014-8634-pt1.patch, gnu/packages/patches/icecat-CVE-2014-8634-pt2.patch, gnu/packages/patches/icecat-CVE-2014-8638-pt1.patch, gnu/packages/patches/icecat-CVE-2014-8638-pt2.patch, gnu/packages/patches/icecat-CVE-2014-8639.patch, gnu/packages/patches/icecat-CVE-2014-8641.patch, gnu/packages/patches/icecat-armhf-xpcom.patch: New files. * gnu-system.am (dist_patch_DATA): Add them. * gnu/packages/gnuzilla.scm (icecat)[source]: Add patches.
93 lines
3.3 KiB
Diff
93 lines
3.3 KiB
Diff
From f80b2eefd451b8ed0fd783d9b9ed0412c8d46efd Mon Sep 17 00:00:00 2001
|
|
From: Patrick McManus <mcmanus@ducksong.com>
|
|
Date: Thu, 11 Dec 2014 13:55:16 -0500
|
|
Subject: [PATCH] bug 1095859 - proxy tweak r=valentin.gosu a=bkerensa
|
|
|
|
---
|
|
netwerk/protocol/http/nsHttpChannel.cpp | 7 ++++++-
|
|
netwerk/test/unit/test_auth_proxy.js | 29 +++++++++++++++++++++++++++++
|
|
2 files changed, 35 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp
|
|
index f20e033..35e71c7 100644
|
|
--- a/netwerk/protocol/http/nsHttpChannel.cpp
|
|
+++ b/netwerk/protocol/http/nsHttpChannel.cpp
|
|
@@ -1237,7 +1237,12 @@ nsHttpChannel::ProcessResponse()
|
|
// notify "http-on-examine-response" observers
|
|
gHttpHandler->OnExamineResponse(this);
|
|
|
|
- SetCookie(mResponseHead->PeekHeader(nsHttp::Set_Cookie));
|
|
+ // Cookies should not be handled on proxy failure either.
|
|
+ // This would be consolidated with ProcessSecurityHeaders but it should
|
|
+ // happen after OnExamineResponse.
|
|
+ if (!mTransaction->ProxyConnectFailed() && (httpStatus != 407)) {
|
|
+ SetCookie(mResponseHead->PeekHeader(nsHttp::Set_Cookie));
|
|
+ }
|
|
|
|
// handle unused username and password in url (see bug 232567)
|
|
if (httpStatus != 401 && httpStatus != 407) {
|
|
diff --git a/netwerk/test/unit/test_auth_proxy.js b/netwerk/test/unit/test_auth_proxy.js
|
|
index 6af4e98..9275d6d 100644
|
|
--- a/netwerk/test/unit/test_auth_proxy.js
|
|
+++ b/netwerk/test/unit/test_auth_proxy.js
|
|
@@ -172,6 +172,12 @@ var listener = {
|
|
// If we expect 200, the request should have succeeded
|
|
do_check_eq(this.expectedCode == 200, request.requestSucceeded);
|
|
|
|
+ var cookie = "";
|
|
+ try {
|
|
+ cookie = request.getRequestHeader("Cookie");
|
|
+ } catch (e) { }
|
|
+ do_check_eq(cookie, "");
|
|
+
|
|
} catch (e) {
|
|
do_throw("Unexpected exception: " + e);
|
|
}
|
|
@@ -261,6 +267,25 @@ function test_all_ok() {
|
|
do_test_pending();
|
|
}
|
|
|
|
+function test_proxy_407_cookie() {
|
|
+ var chan = makeChan();
|
|
+ chan.notificationCallbacks = new Requestor(FLAG_RETURN_FALSE, 0);
|
|
+ chan.setRequestHeader("X-Set-407-Cookie", "1", false);
|
|
+ listener.expectedCode = 407; // Proxy Unauthorized
|
|
+ chan.asyncOpen(listener, null);
|
|
+
|
|
+ do_test_pending();
|
|
+}
|
|
+
|
|
+function test_proxy_200_cookie() {
|
|
+ var chan = makeChan();
|
|
+ chan.notificationCallbacks = new Requestor(0, 0);
|
|
+ chan.setRequestHeader("X-Set-407-Cookie", "1", false);
|
|
+ listener.expectedCode = 200; // OK
|
|
+ chan.asyncOpen(listener, null);
|
|
+ do_test_pending();
|
|
+}
|
|
+
|
|
function test_host_returnfalse() {
|
|
dump("\ntest: host returnfalse\n");
|
|
var chan = makeChan();
|
|
@@ -301,6 +326,7 @@ function test_proxy_wrongpw_host_returnfalse() {
|
|
}
|
|
|
|
var tests = [test_proxy_returnfalse, test_proxy_wrongpw, test_all_ok,
|
|
+ test_proxy_407_cookie, test_proxy_200_cookie,
|
|
test_host_returnfalse, test_host_wrongpw,
|
|
test_proxy_wrongpw_host_wrongpw, test_proxy_wrongpw_host_returnfalse];
|
|
|
|
@@ -331,6 +357,9 @@ function proxyAuthHandler(metadata, response) {
|
|
"Unauthorized by HTTP proxy");
|
|
response.setHeader("Proxy-Authenticate",
|
|
'Basic realm="' + realm + '"', false);
|
|
+ if (metadata.hasHeader("X-Set-407-Cookie")) {
|
|
+ response.setHeader("Set-Cookie", "chewy", false);
|
|
+ }
|
|
body = "failed";
|
|
response.bodyOutputStream.write(body, body.length);
|
|
}
|
|
--
|
|
2.1.2
|
|
|