Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-25 22:01:30 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 576200. CSP breaks spec, defaults to allow *. r=bsterne@mozilla.com, dveditz@mozilla.com

Browse Source
This commit is contained in:
Sid Stamm 2010-08-16 10:12:28 -07:00
parent b05fb2a7e9
commit 23e5488b56
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
content/base/src/CSPUtils.jsm
View File

@ -272,8 +272,11 @@ CSPRep.fromString = function(aStr, self) {
} // end directive: loop
aCSPR.makeExplicit();
return aCSPR;
// if makeExplicit fails for any reason, default to allow 'none'. This
// includes the case where "allow" is not present.
if (aCSPR.makeExplicit())
return aCSPR;
return CSPRep.fromString("allow 'none'", self);
};
CSPRep.prototype = {
@ -409,6 +412,7 @@ CSPRep.prototype = {
var SD = CSPRep.SRC_DIRECTIVES;
var allowDir = this._directives[SD.ALLOW];
if (!allowDir) {
CSPWarning("'allow' directive required but not present. Reverting to \"allow 'none'\"");
return false;
}