mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-12 04:45:45 +00:00
Bug 1337543 P1 ServiceWorker should not inherit CSP from registration principal. r=baku
This commit is contained in:
parent
a196f8f3a1
commit
2a1682f2ee
@ -1743,23 +1743,23 @@ ServiceWorkerPrivate::SpawnWorkerIfNeeded(WakeUpReason aWhy,
|
||||
info.mStorageAllowed = access > nsContentUtils::StorageAccess::ePrivateBrowsing;
|
||||
info.mOriginAttributes = mInfo->GetOriginAttributes();
|
||||
|
||||
// The ServiceWorkerRegistration principal should never have any CSP
|
||||
// set. The CSP from the page that registered the SW should not be
|
||||
// inherited. Verify this is the case in non-release builds
|
||||
#if defined(DEBUG) || !defined(RELEASE_OR_BETA)
|
||||
nsCOMPtr<nsIContentSecurityPolicy> csp;
|
||||
rv = info.mPrincipal->GetCsp(getter_AddRefs(csp));
|
||||
if (NS_WARN_IF(NS_FAILED(rv))) {
|
||||
return rv;
|
||||
}
|
||||
|
||||
info.mCSP = csp;
|
||||
if (info.mCSP) {
|
||||
rv = info.mCSP->GetAllowsEval(&info.mReportCSPViolations,
|
||||
&info.mEvalAllowed);
|
||||
if (NS_WARN_IF(NS_FAILED(rv))) {
|
||||
return rv;
|
||||
}
|
||||
} else {
|
||||
info.mEvalAllowed = true;
|
||||
info.mReportCSPViolations = false;
|
||||
}
|
||||
MOZ_DIAGNOSTIC_ASSERT(!csp);
|
||||
#endif
|
||||
|
||||
// Default CSP permissions for now. These will be overrided if necessary
|
||||
// based on the script CSP headers during load in ScriptLoader.
|
||||
info.mEvalAllowed = true;
|
||||
info.mReportCSPViolations = false;
|
||||
|
||||
WorkerPrivate::OverrideLoadInfoLoadGroup(info);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user