As part of plugin work, I'm implementing code in nsDocument::StartDocumentLoad which is supposed to check whether this document is being loaded from a list of domains or any subdomains. So e.g. my list is:
["foo.com", "baz.com"] // expect 15-20 domains in this list, maybe more later And I want the following documents to match: http://foo.com/... https://foo.com/... https://subd.foo.com http://subd.baz.com But http://www.bar.com would not match. The existing domain and security checks in nsDocument::StartDocumentLoad all operate on the nsIChannel, so I suppose that's the right starting point. I couldn't find an existing API on nsContentUtils to do the check that I care about. I'm sure that there is a way to do what I want using nsIScriptSecurityManager, but I'm not sure whether that's the "right" thing to do or whether this code already exists somewhere. Reading the APIs, I imagine that I want to do something like this: contentPrincipal = ssm.getChannelResultPrincipal(channel); testPrincipal = ssm.createCodebasePrincipalFromOrigin(origin); // Is it ok that this is scheme-less? if (testPrincipal.subsumes(contentPrincipal)) -> FOUND A MATCH Is this the right logic, or is there a simpler way to do this that doesn't involve creating a bunch of principal objects on every document load? Is running this logic on every document load a potential perf problem? --BDS _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
