I don't think we have exactly what you need, but here is what we have and can be extended to match your use case.
1. What we have is ExpandedPrincipal, which is essentially an array of principals (it subsumes all those principals). What we don't have is a wild card principal which you could use for the subdomain part (details if anyone cares to implement it: https://bugzilla.mozilla.org/show_bug.cgi?id=723627#c42). 2. So what you could use instead is what we have for web extensions: https://bugzilla.mozilla.org/show_bug.cgi?id=1180921 Probably it needs some hacking, since it is designed for add-ons and in your case you want to associate the principal with a plugin... It works like this roughly: for add-on scopes we add some extra data to their principals, and based on that during load access check we do a JS callback and some chrome JS code does the validation part. So you can write the logic in JS. That's all we have I'm afraid. - Gabor On Tue, Jul 5, 2016 at 4:50 PM, Benjamin Smedberg <benja...@smedbergs.us> wrote: > As part of plugin work, I'm implementing code in > nsDocument::StartDocumentLoad which is supposed to check whether this > document is being loaded from a list of domains or any subdomains. So e.g. > my list is: > > ["foo.com", "baz.com"] // expect 15-20 domains in this list, maybe more > later > > And I want the following documents to match: > > http://foo.com/... > https://foo.com/... > https://subd.foo.com > http://subd.baz.com > > But http://www.bar.com would not match. > > The existing domain and security checks in nsDocument::StartDocumentLoad > all operate on the nsIChannel, so I suppose that's the right starting > point. > > I couldn't find an existing API on nsContentUtils to do the check that I > care about. I'm sure that there is a way to do what I want using > nsIScriptSecurityManager, but I'm not sure whether that's the "right" thing > to do or whether this code already exists somewhere. > > Reading the APIs, I imagine that I want to do something like this: > > contentPrincipal = ssm.getChannelResultPrincipal(channel); > testPrincipal = ssm.createCodebasePrincipalFromOrigin(origin); // Is it ok > that this is scheme-less? > if (testPrincipal.subsumes(contentPrincipal)) -> FOUND A MATCH > > Is this the right logic, or is there a simpler way to do this that doesn't > involve creating a bunch of principal objects on every document load? Is > running this logic on every document load a potential perf problem? > > --BDS > _______________________________________________ > dev-platform mailing list > dev-platform@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-platform > _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
