Bug 1591932 - Enable Sniffing on No Mime+ XCTO nosniff r=ckerschb

Differential Revision: https://phabricator.services.mozilla.com/D50816

--HG--
extra : moz-landing-system : lando

dom/security/test/general/window_nosniff_navigation.html

@@ -54,16 +54,32 @@
  * 
  */
 
+
+/*
+  What the Sniffer Should sniff, given a querystring for file_nosniff_navigation.sjs
+*/
+const EXPECTED_MIMES={
+  "xml": "text/xml",
+  "html": "text/html",
+  "img": "image/png",
+  "css": "text/plain",
+  "js": "text/plain",
+  "json": "text/plain", 
+  "": "text/plain"
+}
+
 SimpleTest.waitForExplicitFinish();
 
 window.addEventListener("load", ()=>{
   let noMimeFrames = Array.from(document.querySelectorAll(".no-mime"));
 
   noMimeFrames.forEach( frame => {
-    // In case of no Provided Content Type, not rendering or assuming text/plain is valid
-    let result = frame.contentWindow.document.URL == "about:blank" || frame.contentWindow.document.contentType == "text/plain";
-    let sniffTarget = (new URL(frame.src)).search;
-    window.opener.ok(result, `${sniffTarget} without MIME - was not Sniffed`);
+    // In case of no Provided Content Type + XTCO set, we still should do sniffing
+    let sniffedMimeType = frame.contentWindow.document.contentType;
+    let contentTypeQuery = (new URL(frame.src)).search.substr(1);
+    let expectedMime = EXPECTED_MIMES[contentTypeQuery];
+    let result = expectedMime == sniffedMimeType;
+    window.opener.ok(result, `${contentTypeQuery} without MIME send -> was Sniffed: ${frame.contentWindow.document.contentType}`);
   });
 
   let mismatchedMimes = Array.from(document.querySelectorAll(".mismatch-mime"));
@@ -71,7 +87,7 @@ window.addEventListener("load", ()=>{
     // In case the Server mismatches the Mime Type (sends content X as image/png)
     // assert that we do not sniff and correct this.
     let result = frame.contentWindow.document.contentType == "image/png";
-    let sniffTarget = (new URL(frame.src)).search;
+    let sniffTarget = (new URL(frame.src)).search.substr(1);
     window.opener.ok(result, `${sniffTarget} send as image/png - was not Sniffed`);
   });
 
@@ -82,7 +98,7 @@ window.addEventListener("load", ()=>{
     // We must not default here to text/plain
     // as the Server at least provided a mime type. 
     let result = frame.contentWindow.document.URL == "about:blank";
-    let sniffTarget = (new URL(frame.src)).search;
+    let sniffTarget = (new URL(frame.src)).search.substr(1);;
     window.opener.ok(result, `${sniffTarget} send as garbage/garbage - was not Sniffed`);
   });
   

image/imgLoader.cpp

@@ -2570,13 +2570,6 @@ NS_IMETHODIMP
 imgLoader::GetMIMETypeFromContent(nsIRequest* aRequest,
                                   const uint8_t* aContents, uint32_t aLength,
                                   nsACString& aContentType) {
-  nsCOMPtr<nsIChannel> channel(do_QueryInterface(aRequest));
-  if (channel) {
-    nsCOMPtr<nsILoadInfo> loadInfo = channel->LoadInfo();
-    if (loadInfo->GetSkipContentSniffing()) {
-      return NS_ERROR_NOT_AVAILABLE;
-    }
-  }
   return GetMimeTypeFromContent((const char*)aContents, aLength, aContentType);
 }
 

netwerk/base/nsNetUtil.cpp

@@ -2726,10 +2726,15 @@ void NS_SniffContent(const char* aSnifferType, nsIRequest* aRequest,
        * The JSON-Viewer relies on its own sniffer to determine, if it can
        * render the page, so we need to make an exception if the Server provides
        * a application/ mime, as it might be json.
+
+       * Bug 1594766
+       * We also dont't skip sniffing if the currentContentType is empty
+       * because of legacy page compatibility issues.
        */
       nsAutoCString currentContentType;
       channel->GetContentType(currentContentType);
-      if (!StringBeginsWith(currentContentType,
+      if (!currentContentType.IsEmpty() &&
+          !StringBeginsWith(currentContentType,
                             NS_LITERAL_CSTRING("application/"))) {
         return;
       }

netwerk/streamconv/converters/nsUnknownDecoder.cpp

@@ -326,14 +326,6 @@ nsUnknownDecoder::GetMIMETypeFromContent(nsIRequest* aRequest,
                                          nsACString& type) {
   // This is only used by sniffer, therefore we do not need to lock anything
   // here.
-  nsCOMPtr<nsIChannel> channel(do_QueryInterface(aRequest));
-  if (channel) {
-    nsCOMPtr<nsILoadInfo> loadInfo = channel->LoadInfo();
-    if (loadInfo->GetSkipContentSniffing()) {
-      return NS_ERROR_NOT_AVAILABLE;
-    }
-  }
-
   mBuffer = const_cast<char*>(reinterpret_cast<const char*>(aData));
   mBufferLen = aLength;
   DetermineContentType(aRequest);
@@ -362,11 +354,6 @@ bool nsUnknownDecoder::AllowSniffing(nsIRequest* aRequest) {
     return false;
   }
 
-  nsCOMPtr<nsILoadInfo> loadInfo = channel->LoadInfo();
-  if (loadInfo->GetSkipContentSniffing()) {
-    return false;
-  }
-
   return !uri->SchemeIs("file");
 }
 
@@ -408,43 +395,11 @@ void nsUnknownDecoder::DetermineContentType(nsIRequest* aRequest) {
     if (!mContentType.IsEmpty()) return;
   }
 
-  nsCOMPtr<nsIChannel> channel(do_QueryInterface(aRequest));
-  if (channel) {
-    nsCOMPtr<nsILoadInfo> loadInfo = channel->LoadInfo();
-    if (loadInfo->GetSkipContentSniffing()) {
-      /*
-       * If we did not get a useful Content-Type from the server
-       * but also have sniffing disabled, just determine whether
-       * to use text/plain or octetstream and log an error to the Console
-       */
-      LastDitchSniff(aRequest);
-
-      nsCOMPtr<nsIHttpChannel> httpChannel(do_QueryInterface(aRequest));
-      if (httpChannel) {
-        nsAutoCString type;
-        httpChannel->GetContentType(type);
-        nsCOMPtr<nsIURI> requestUri;
-        httpChannel->GetURI(getter_AddRefs(requestUri));
-        nsAutoCString spec;
-        requestUri->GetSpec(spec);
-        if (spec.Length() > 50) {
-          spec.Truncate(50);
-          spec.AppendLiteral("...");
-        }
-        httpChannel->LogMimeTypeMismatch(
-            NS_LITERAL_CSTRING("XTCOWithMIMEValueMissing"), false,
-            NS_ConvertUTF8toUTF16(spec),
-            // Type is not used in the Error Message but required
-            NS_ConvertUTF8toUTF16(type));
-      }
-      return;
-    }
-  }
-
   const char* testData = mBuffer;
   uint32_t testDataLen = mBufferLen;
   // Check if data are compressed.
   nsAutoCString decodedData;
+  nsCOMPtr<nsIChannel> channel(do_QueryInterface(aRequest));
 
   if (channel) {
     // ConvertEncodedData is always called only on a single thread for each
@@ -616,9 +571,6 @@ bool nsUnknownDecoder::SniffForXML(nsIRequest* aRequest) {
 bool nsUnknownDecoder::SniffURI(nsIRequest* aRequest) {
   nsCOMPtr<nsIChannel> channel(do_QueryInterface(aRequest));
   nsCOMPtr<nsILoadInfo> loadInfo = channel->LoadInfo();
-  if (loadInfo->GetSkipContentSniffing()) {
-    return false;
-  }
   nsCOMPtr<nsIMIMEService> mimeService(do_GetService("@mozilla.org/mime;1"));
   if (mimeService) {
     nsCOMPtr<nsIChannel> channel = do_QueryInterface(aRequest);
@@ -872,10 +824,6 @@ void nsBinaryDetector::DetermineContentType(nsIRequest* aRequest) {
   }
 
   nsCOMPtr<nsILoadInfo> loadInfo = httpChannel->LoadInfo();
-  if (loadInfo->GetSkipContentSniffing()) {
-    LastDitchSniff(aRequest);
-    return;
-  }
   // It's an HTTP channel.  Check for the text/plain mess
   nsAutoCString contentTypeHdr;
   Unused << httpChannel->GetResponseHeader(NS_LITERAL_CSTRING("Content-Type"),

toolkit/components/mediasniffer/nsMediaSniffer.cpp

@@ -140,10 +140,6 @@ nsMediaSniffer::GetMIMETypeFromContent(nsIRequest* aRequest,
                                        nsACString& aSniffedType) {
   nsCOMPtr<nsIChannel> channel = do_QueryInterface(aRequest);
   if (channel) {
-    nsCOMPtr<nsILoadInfo> loadInfo = channel->LoadInfo();
-    if (loadInfo->GetSkipContentSniffing()) {
-      return NS_ERROR_NOT_AVAILABLE;
-    }
     nsLoadFlags loadFlags = 0;
     channel->GetLoadFlags(&loadFlags);
     if (!(loadFlags & nsIChannel::LOAD_MEDIA_SNIFFER_OVERRIDES_CONTENT_TYPE)) {