mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-08 19:04:45 +00:00
Backed out changeset 55c37e8a6563 (bug 1627963) for test_csp_reports.js failures CLOSED TREE
This commit is contained in:
parent
5dcf5dcc85
commit
33bc5f92db
@ -329,11 +329,11 @@ interface nsIContentSecurityPolicy : nsISerializable
|
||||
short shouldLoad(in nsContentPolicyType aContentType,
|
||||
in nsICSPEventListener aCSPEventListener,
|
||||
in nsIURI aContentLocation,
|
||||
in nsISupports aContext,
|
||||
in ACString aMimeTypeGuess,
|
||||
in nsIURI aOriginalURIIfRedirect,
|
||||
in bool aSendViolationReports,
|
||||
in AString aNonce,
|
||||
in boolean aParserCreated);
|
||||
in AString aNonce);
|
||||
|
||||
%{ C++
|
||||
// nsIObserver topic to fire when the policy encounters a violation.
|
||||
|
@ -114,23 +114,23 @@ static void BlockedContentSourceToString(
|
||||
NS_IMETHODIMP
|
||||
nsCSPContext::ShouldLoad(nsContentPolicyType aContentType,
|
||||
nsICSPEventListener* aCSPEventListener,
|
||||
nsIURI* aContentLocation,
|
||||
nsIURI* aContentLocation, nsISupports* aRequestContext,
|
||||
const nsACString& aMimeTypeGuess,
|
||||
nsIURI* aOriginalURIIfRedirect,
|
||||
bool aSendViolationReports, const nsAString& aNonce,
|
||||
bool aParserCreated, int16_t* outDecision) {
|
||||
int16_t* outDecision) {
|
||||
return ShouldLoad(AsyncReportViolationCallback(AsyncReportViolation),
|
||||
aContentType, aCSPEventListener, aContentLocation,
|
||||
aMimeTypeGuess, aOriginalURIIfRedirect,
|
||||
aSendViolationReports, aNonce, aParserCreated, outDecision);
|
||||
aRequestContext, aMimeTypeGuess, aOriginalURIIfRedirect,
|
||||
aSendViolationReports, aNonce, outDecision);
|
||||
}
|
||||
|
||||
nsresult nsCSPContext::ShouldLoad(
|
||||
const AsyncReportViolationCallback& aCallback,
|
||||
nsContentPolicyType aContentType, nsICSPEventListener* aCSPEventListener,
|
||||
nsIURI* aContentLocation, const nsACString& aMimeTypeGuess,
|
||||
nsIURI* aOriginalURIIfRedirect, bool aSendViolationReports,
|
||||
const nsAString& aNonce, bool aParserCreated, int16_t* outDecision) {
|
||||
nsIURI* aContentLocation, nsISupports* aRequestContext,
|
||||
const nsACString& aMimeTypeGuess, nsIURI* aOriginalURIIfRedirect,
|
||||
bool aSendViolationReports, const nsAString& aNonce, int16_t* outDecision) {
|
||||
if (CSPCONTEXTLOGENABLED()) {
|
||||
CSPCONTEXTLOG(("nsCSPContext::ShouldLoad, aContentLocation: %s",
|
||||
aContentLocation->GetSpecOrDefault().get()));
|
||||
@ -164,6 +164,14 @@ nsresult nsCSPContext::ShouldLoad(
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
bool parserCreated = false;
|
||||
if (!isPreload) {
|
||||
nsCOMPtr<nsIScriptElement> script = do_QueryInterface(aRequestContext);
|
||||
if (script && script->GetParserCreated() != mozilla::dom::NOT_FROM_PARSER) {
|
||||
parserCreated = true;
|
||||
}
|
||||
}
|
||||
|
||||
bool permitted =
|
||||
permitsInternal(aCallback, dir,
|
||||
nullptr, // aTriggeringElement
|
||||
@ -172,7 +180,7 @@ nsresult nsCSPContext::ShouldLoad(
|
||||
false, // allow fallback to default-src
|
||||
aSendViolationReports,
|
||||
true, // send blocked URI in violation reports
|
||||
aParserCreated);
|
||||
parserCreated);
|
||||
|
||||
*outDecision =
|
||||
permitted ? nsIContentPolicy::ACCEPT : nsIContentPolicy::REJECT_SERVER;
|
||||
|
@ -156,11 +156,11 @@ class nsCSPContext : public nsIContentSecurityPolicy {
|
||||
nsresult ShouldLoad(const AsyncReportViolationCallback& aCallback,
|
||||
nsContentPolicyType aContentType,
|
||||
nsICSPEventListener* aCSPEventListener,
|
||||
nsIURI* aContentLocation,
|
||||
nsIURI* aContentLocation, nsISupports* aRequestContext,
|
||||
const nsACString& aMimeTypeGuess,
|
||||
nsIURI* aOriginalURIIfRedirect,
|
||||
bool aSendViolationReports, const nsAString& aNonce,
|
||||
bool aParserCreated, int16_t* outDecision);
|
||||
int16_t* outDecision);
|
||||
|
||||
private:
|
||||
void EnsureIPCPoliciesRead();
|
||||
|
@ -103,7 +103,7 @@ bool subjectToCSP(nsIURI* aURI, nsContentPolicyType aContentType) {
|
||||
}
|
||||
|
||||
uint32_t contentType = aLoadInfo->InternalContentPolicyType();
|
||||
bool parserCreatedScript = aLoadInfo->GetParserCreatedScript();
|
||||
nsCOMPtr<nsISupports> requestContext = aLoadInfo->GetLoadingContext();
|
||||
|
||||
nsCOMPtr<nsICSPEventListener> cspEventListener;
|
||||
nsresult rv =
|
||||
@ -141,10 +141,10 @@ bool subjectToCSP(nsIURI* aURI, nsContentPolicyType aContentType) {
|
||||
if (preloadCsp) {
|
||||
// obtain the enforcement decision
|
||||
rv = preloadCsp->ShouldLoad(
|
||||
contentType, cspEventListener, aContentLocation, aMimeTypeGuess,
|
||||
contentType, cspEventListener, aContentLocation, requestContext,
|
||||
aMimeTypeGuess,
|
||||
nullptr, // no redirect, aOriginal URL is null.
|
||||
aLoadInfo->GetSendCSPViolationEvents(), cspNonce, parserCreatedScript,
|
||||
aDecision);
|
||||
aLoadInfo->GetSendCSPViolationEvents(), cspNonce, aDecision);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
// if the preload policy already denied the load, then there
|
||||
@ -167,10 +167,10 @@ bool subjectToCSP(nsIURI* aURI, nsContentPolicyType aContentType) {
|
||||
if (csp) {
|
||||
// obtain the enforcement decision
|
||||
rv = csp->ShouldLoad(contentType, cspEventListener, aContentLocation,
|
||||
aMimeTypeGuess,
|
||||
requestContext, aMimeTypeGuess,
|
||||
nullptr, // no redirect, aOriginal URL is null.
|
||||
aLoadInfo->GetSendCSPViolationEvents(), cspNonce,
|
||||
parserCreatedScript, aDecision);
|
||||
aDecision);
|
||||
|
||||
if (NS_CP_REJECTED(*aDecision)) {
|
||||
NS_SetRequestBlockingReason(
|
||||
@ -335,8 +335,7 @@ nsresult CSPService::ConsultCSPForRedirect(
|
||||
nsContentUtils::InternalContentPolicyTypeToExternalOrWorker(policyType);
|
||||
|
||||
int16_t decision = nsIContentPolicy::ACCEPT;
|
||||
bool parserCreatedScript = aLoadInfo->GetParserCreatedScript();
|
||||
|
||||
nsCOMPtr<nsISupports> requestContext = aLoadInfo->GetLoadingContext();
|
||||
// 1) Apply speculative CSP for preloads
|
||||
if (isPreload) {
|
||||
nsCOMPtr<nsIContentSecurityPolicy> preloadCsp = aLoadInfo->GetPreloadCsp();
|
||||
@ -347,11 +346,12 @@ nsresult CSPService::ConsultCSPForRedirect(
|
||||
policyType, // load type per nsIContentPolicy (uint32_t)
|
||||
cspEventListener,
|
||||
aNewURI, // nsIURI
|
||||
requestContext, // nsISupports
|
||||
EmptyCString(), // ACString - MIME guess
|
||||
aOriginalURI, // Original nsIURI
|
||||
true, // aSendViolationReports
|
||||
cspNonce, // nonce
|
||||
parserCreatedScript, &decision);
|
||||
&decision);
|
||||
|
||||
// if the preload policy already denied the load, then there
|
||||
// is no point in checking the real policy
|
||||
@ -371,11 +371,12 @@ nsresult CSPService::ConsultCSPForRedirect(
|
||||
policyType, // load type per nsIContentPolicy (uint32_t)
|
||||
cspEventListener,
|
||||
aNewURI, // nsIURI
|
||||
requestContext, // nsISupports
|
||||
EmptyCString(), // ACString - MIME guess
|
||||
aOriginalURI, // Original nsIURI
|
||||
true, // aSendViolationReports
|
||||
cspNonce, // nonce
|
||||
parserCreatedScript, &decision);
|
||||
&decision);
|
||||
if (NS_CP_REJECTED(decision)) {
|
||||
aCancelCode = Some(NS_ERROR_DOM_BAD_URI);
|
||||
return NS_BINDING_FAILED;
|
||||
|
@ -567,7 +567,6 @@ nsresult LoadInfoToLoadInfoArgs(nsILoadInfo* aLoadInfo,
|
||||
cspNonce, aLoadInfo->GetSkipContentSniffing(),
|
||||
aLoadInfo->GetHttpsOnlyStatus(),
|
||||
aLoadInfo->GetAllowDeprecatedSystemRequests(),
|
||||
aLoadInfo->GetParserCreatedScript(),
|
||||
aLoadInfo->GetIsFromProcessingFrameAttributes(), cookieJarSettingsArgs,
|
||||
aLoadInfo->GetRequestBlockingReason(), maybeCspToInheritInfo,
|
||||
aLoadInfo->GetHasStoragePermission()));
|
||||
@ -768,8 +767,8 @@ nsresult LoadInfoArgsToLoadInfo(
|
||||
loadInfoArgs.cspNonce(), loadInfoArgs.skipContentSniffing(),
|
||||
loadInfoArgs.httpsOnlyStatus(),
|
||||
loadInfoArgs.allowDeprecatedSystemRequests(),
|
||||
loadInfoArgs.parserCreatedScript(), loadInfoArgs.hasStoragePermission(),
|
||||
loadInfoArgs.requestBlockingReason(), loadingContext);
|
||||
loadInfoArgs.hasStoragePermission(), loadInfoArgs.requestBlockingReason(),
|
||||
loadingContext);
|
||||
|
||||
if (loadInfoArgs.isFromProcessingFrameAttributes()) {
|
||||
loadInfo->SetIsFromProcessingFrameAttributes();
|
||||
@ -808,7 +807,6 @@ void LoadInfoToParentLoadInfoForwarder(
|
||||
aLoadInfo->GetBypassCORSChecks(), ipcController, tainting,
|
||||
aLoadInfo->GetSkipContentSniffing(), aLoadInfo->GetHttpsOnlyStatus(),
|
||||
aLoadInfo->GetAllowDeprecatedSystemRequests(),
|
||||
aLoadInfo->GetParserCreatedScript(),
|
||||
aLoadInfo->GetServiceWorkerTaintingSynthesized(),
|
||||
aLoadInfo->GetDocumentHasUserInteracted(),
|
||||
aLoadInfo->GetDocumentHasLoaded(),
|
||||
@ -851,9 +849,6 @@ nsresult MergeParentLoadInfoForwarder(
|
||||
aForwarderArgs.allowDeprecatedSystemRequests());
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
rv = aLoadInfo->SetParserCreatedScript(aForwarderArgs.parserCreatedScript());
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
MOZ_ALWAYS_SUCCEEDS(aLoadInfo->SetDocumentHasUserInteracted(
|
||||
aForwarderArgs.documentHasUserInteracted()));
|
||||
MOZ_ALWAYS_SUCCEEDS(
|
||||
|
@ -28,7 +28,6 @@
|
||||
#include "nsIDocShell.h"
|
||||
#include "mozilla/dom/Document.h"
|
||||
#include "nsIInterfaceRequestorUtils.h"
|
||||
#include "nsIScriptElement.h"
|
||||
#include "nsISupportsImpl.h"
|
||||
#include "nsISupportsUtils.h"
|
||||
#include "nsIXPConnect.h"
|
||||
@ -105,7 +104,6 @@ LoadInfo::LoadInfo(
|
||||
mSkipContentSniffing(false),
|
||||
mHttpsOnlyStatus(nsILoadInfo::HTTPS_ONLY_UNINITIALIZED),
|
||||
mAllowDeprecatedSystemRequests(false),
|
||||
mParserCreatedScript(false),
|
||||
mHasStoragePermission(false),
|
||||
mIsFromProcessingFrameAttributes(false) {
|
||||
MOZ_ASSERT(mLoadingPrincipal);
|
||||
@ -321,15 +319,6 @@ LoadInfo::LoadInfo(
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// in case this is a loadinfo for a parser generated script, then we store
|
||||
// that bit of information so CSP strict-dynamic can query it.
|
||||
if (!nsContentUtils::IsPreloadType(mInternalContentPolicyType)) {
|
||||
nsCOMPtr<nsIScriptElement> script = do_QueryInterface(aLoadingContext);
|
||||
if (script && script->GetParserCreated() != mozilla::dom::NOT_FROM_PARSER) {
|
||||
mParserCreatedScript = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/* Constructor takes an outer window, but no loadingNode or loadingPrincipal.
|
||||
@ -380,7 +369,6 @@ LoadInfo::LoadInfo(nsPIDOMWindowOuter* aOuterWindow,
|
||||
mSkipContentSniffing(false),
|
||||
mHttpsOnlyStatus(nsILoadInfo::HTTPS_ONLY_UNINITIALIZED),
|
||||
mAllowDeprecatedSystemRequests(false),
|
||||
mParserCreatedScript(false),
|
||||
mHasStoragePermission(false),
|
||||
mIsFromProcessingFrameAttributes(false) {
|
||||
// Top-level loads are never third-party
|
||||
@ -484,7 +472,6 @@ LoadInfo::LoadInfo(dom::CanonicalBrowsingContext* aBrowsingContext,
|
||||
mSkipContentSniffing(false),
|
||||
mHttpsOnlyStatus(nsILoadInfo::HTTPS_ONLY_UNINITIALIZED),
|
||||
mAllowDeprecatedSystemRequests(false),
|
||||
mParserCreatedScript(false),
|
||||
mHasStoragePermission(false),
|
||||
mIsFromProcessingFrameAttributes(false) {
|
||||
// Top-level loads are never third-party
|
||||
@ -588,7 +575,6 @@ LoadInfo::LoadInfo(const LoadInfo& rhs)
|
||||
mSkipContentSniffing(rhs.mSkipContentSniffing),
|
||||
mHttpsOnlyStatus(rhs.mHttpsOnlyStatus),
|
||||
mAllowDeprecatedSystemRequests(rhs.mAllowDeprecatedSystemRequests),
|
||||
mParserCreatedScript(rhs.mParserCreatedScript),
|
||||
mHasStoragePermission(rhs.mHasStoragePermission),
|
||||
mIsFromProcessingFrameAttributes(rhs.mIsFromProcessingFrameAttributes) {}
|
||||
|
||||
@ -628,8 +614,8 @@ LoadInfo::LoadInfo(
|
||||
bool aAllowListFutureDocumentsCreatedFromThisRedirectChain,
|
||||
const nsAString& aCspNonce, bool aSkipContentSniffing,
|
||||
uint32_t aHttpsOnlyStatus, bool aAllowDeprecatedSystemRequests,
|
||||
bool aParserCreatedScript, bool aHasStoragePermission,
|
||||
uint32_t aRequestBlockingReason, nsINode* aLoadingContext)
|
||||
bool aHasStoragePermission, uint32_t aRequestBlockingReason,
|
||||
nsINode* aLoadingContext)
|
||||
: mLoadingPrincipal(aLoadingPrincipal),
|
||||
mTriggeringPrincipal(aTriggeringPrincipal),
|
||||
mPrincipalToInherit(aPrincipalToInherit),
|
||||
@ -687,7 +673,6 @@ LoadInfo::LoadInfo(
|
||||
mSkipContentSniffing(aSkipContentSniffing),
|
||||
mHttpsOnlyStatus(aHttpsOnlyStatus),
|
||||
mAllowDeprecatedSystemRequests(aAllowDeprecatedSystemRequests),
|
||||
mParserCreatedScript(aParserCreatedScript),
|
||||
mHasStoragePermission(aHasStoragePermission),
|
||||
mIsFromProcessingFrameAttributes(false) {
|
||||
// Only top level TYPE_DOCUMENT loads can have a null loadingPrincipal
|
||||
@ -1534,18 +1519,6 @@ LoadInfo::SetAllowDeprecatedSystemRequests(
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
LoadInfo::GetParserCreatedScript(bool* aParserCreatedScript) {
|
||||
*aParserCreatedScript = mParserCreatedScript;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
LoadInfo::SetParserCreatedScript(bool aParserCreatedScript) {
|
||||
mParserCreatedScript = aParserCreatedScript;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
LoadInfo::GetIsTopLevelLoad(bool* aResult) {
|
||||
*aResult = mFrameOuterWindowID ? mFrameOuterWindowID == mOuterWindowID
|
||||
|
@ -164,8 +164,8 @@ class LoadInfo final : public nsILoadInfo {
|
||||
bool aAllowListFutureDocumentsCreatedFromThisRedirectChain,
|
||||
const nsAString& aCspNonce, bool aSkipContentSniffing,
|
||||
uint32_t aHttpsOnlyStatus, bool aAllowDeprecatedSystemRequests,
|
||||
bool aParserCreatedScript, bool aHasStoragePermission,
|
||||
uint32_t aRequestBlockingReason, nsINode* aLoadingContext);
|
||||
bool aHasStoragePermission, uint32_t aRequestBlockingReason,
|
||||
nsINode* aLoadingContext);
|
||||
LoadInfo(const LoadInfo& rhs);
|
||||
|
||||
NS_IMETHOD GetRedirects(JSContext* aCx,
|
||||
@ -262,7 +262,6 @@ class LoadInfo final : public nsILoadInfo {
|
||||
bool mSkipContentSniffing;
|
||||
uint32_t mHttpsOnlyStatus;
|
||||
bool mAllowDeprecatedSystemRequests;
|
||||
bool mParserCreatedScript;
|
||||
bool mHasStoragePermission;
|
||||
|
||||
// Is true if this load was triggered by processing the attributes of the
|
||||
|
@ -624,15 +624,5 @@ TRRLoadInfo::SetAllowDeprecatedSystemRequests(
|
||||
return NS_ERROR_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
TRRLoadInfo::GetParserCreatedScript(bool* aParserCreatedScript) {
|
||||
return NS_ERROR_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
TRRLoadInfo::SetParserCreatedScript(bool aParserCreatedScript) {
|
||||
return NS_ERROR_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
||||
} // namespace net
|
||||
} // namespace mozilla
|
||||
|
@ -463,12 +463,6 @@ interface nsILoadInfo : nsISupports
|
||||
*/
|
||||
[infallible] attribute boolean allowDeprecatedSystemRequests;
|
||||
|
||||
/**
|
||||
* Only ever returns true if the loadinfo is of TYPE_SCRIPT and
|
||||
* the script was created by the HTML parser.
|
||||
*/
|
||||
[infallible] attribute boolean parserCreatedScript;
|
||||
|
||||
/**
|
||||
* True if this request is embedded in a context that can't be third-party
|
||||
* (i.e. an iframe embedded in a cross-origin parent window). If this is
|
||||
|
@ -147,7 +147,6 @@ struct LoadInfoArgs
|
||||
bool skipContentSniffing;
|
||||
uint32_t httpsOnlyStatus;
|
||||
bool allowDeprecatedSystemRequests;
|
||||
bool parserCreatedScript;
|
||||
bool isFromProcessingFrameAttributes;
|
||||
CookieJarSettingsArgs cookieJarSettings;
|
||||
uint32_t requestBlockingReason;
|
||||
@ -194,10 +193,6 @@ struct ParentLoadInfoForwarderArgs
|
||||
// the request from being cancelled.
|
||||
bool allowDeprecatedSystemRequests;
|
||||
|
||||
// Only ever returns true if the loadinfo is of TYPE_SCRIPT and
|
||||
// the script was created by the HTML parser.
|
||||
bool parserCreatedScript;
|
||||
|
||||
// We must also note that the tainting value was explicitly set
|
||||
// by the service worker.
|
||||
bool serviceWorkerTaintingSynthesized;
|
||||
|
Loading…
Reference in New Issue
Block a user