mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-24 05:11:16 +00:00
Bug 1594234 remove extensions.content_script_csp preferences in favor of extensions.manifestV3.enabled r=robwu
Differential Revision: https://phabricator.services.mozilla.com/D101212
This commit is contained in:
parent
98c9307c72
commit
6a2b434485
@ -414,9 +414,6 @@ bool nsScriptSecurityManager::ContentSecurityPolicyPermitsJSAction(
|
||||
|
||||
nsCOMPtr<nsIPrincipal> subjectPrincipal = nsContentUtils::SubjectPrincipal();
|
||||
if (!csp) {
|
||||
if (!StaticPrefs::extensions_content_script_csp_enabled()) {
|
||||
return true;
|
||||
}
|
||||
// Get the CSP for addon sandboxes. If the principal is expanded and has a
|
||||
// csp, we're probably in luck.
|
||||
auto* basePrin = BasePrincipal::Cast(subjectPrincipal);
|
||||
|
@ -1113,9 +1113,6 @@ bool xpc::GlobalProperties::DefineInSandbox(JSContext* cx,
|
||||
* provided by the extension in its manifest.
|
||||
*/
|
||||
nsresult ApplyAddonContentScriptCSP(nsISupports* prinOrSop) {
|
||||
if (!StaticPrefs::extensions_content_script_csp_enabled()) {
|
||||
return NS_OK;
|
||||
}
|
||||
nsCOMPtr<nsIPrincipal> principal = do_QueryInterface(prinOrSop);
|
||||
if (!principal) {
|
||||
return NS_OK;
|
||||
@ -1166,9 +1163,7 @@ nsresult ApplyAddonContentScriptCSP(nsISupports* prinOrSop) {
|
||||
csp = new nsCSPContext();
|
||||
MOZ_TRY(csp->SetRequestContextWithPrincipal(expanded, selfURI, u""_ns, 0));
|
||||
|
||||
bool reportOnly = StaticPrefs::extensions_content_script_csp_report_only();
|
||||
|
||||
MOZ_TRY(csp->AppendPolicy(baseCSP, reportOnly, false));
|
||||
MOZ_TRY(csp->AppendPolicy(baseCSP, false, false));
|
||||
|
||||
expanded->SetCsp(csp);
|
||||
return NS_OK;
|
||||
|
@ -3660,18 +3660,6 @@
|
||||
value: false
|
||||
mirror: always
|
||||
|
||||
# This pref governs whether we enable content script CSP in extensions.
|
||||
- name: extensions.content_script_csp.enabled
|
||||
type: bool
|
||||
value: false
|
||||
mirror: always
|
||||
|
||||
# This pref governs whether content script CSP is report-only.
|
||||
- name: extensions.content_script_csp.report_only
|
||||
type: bool
|
||||
value: true
|
||||
mirror: always
|
||||
|
||||
# This pref governs whether we run webextensions in a separate process (true)
|
||||
# or the parent/main process (false)
|
||||
- name: extensions.webextensions.remote
|
||||
|
@ -6,9 +6,6 @@ const { TestUtils } = ChromeUtils.import(
|
||||
"resource://testing-common/TestUtils.jsm"
|
||||
);
|
||||
|
||||
// Enable and turn off report-only so we can validate the results.
|
||||
Services.prefs.setBoolPref("extensions.content_script_csp.enabled", true);
|
||||
Services.prefs.setBoolPref("extensions.content_script_csp.report_only", false);
|
||||
Services.prefs.setBoolPref("extensions.manifestV3.enabled", true);
|
||||
|
||||
const server = createHttpServer({
|
||||
|
@ -39,7 +39,6 @@ var gContentSecurityPolicy = null;
|
||||
|
||||
const BASE_URL = `http://example.com`;
|
||||
const CSP_REPORT_PATH = "/csp-report.sjs";
|
||||
const CSP_REPORT_URL = `http://csplog.example.net/csp-report.sjs`;
|
||||
|
||||
/**
|
||||
* Registers a static HTML document with the given content at the given
|
||||
@ -1320,24 +1319,7 @@ add_task(async function test_contentscript_csp() {
|
||||
* content page.
|
||||
*/
|
||||
add_task(async function test_extension_contentscript_csp() {
|
||||
Services.prefs.setBoolPref("extensions.content_script_csp.enabled", true);
|
||||
Services.prefs.setBoolPref(
|
||||
"extensions.content_script_csp.report_only",
|
||||
false
|
||||
);
|
||||
|
||||
// Add reporting to base and default CSP as this cannot be done via manifest.
|
||||
let baseCSP = Services.prefs.getStringPref(
|
||||
"extensions.webextensions.base-content-security-policy"
|
||||
);
|
||||
Services.prefs.setStringPref(
|
||||
"extensions.webextensions.base-content-security-policy",
|
||||
`${baseCSP} report-uri ${CSP_REPORT_URL};`
|
||||
);
|
||||
Services.prefs.setStringPref(
|
||||
"extensions.webextensions.default-content-security-policy",
|
||||
`script-src 'self' 'report-sample'; object-src 'self' 'report-sample'; report-uri ${CSP_REPORT_URL};`
|
||||
);
|
||||
Services.prefs.setBoolPref("extensions.manifestV3.enabled", true);
|
||||
|
||||
// TODO bug 1408193: We currently don't get the full set of CSP reports when
|
||||
// running in network scheduling chaos mode. It's not entirely clear why.
|
||||
@ -1346,7 +1328,14 @@ add_task(async function test_extension_contentscript_csp() {
|
||||
|
||||
gContentSecurityPolicy = `default-src 'none' 'report-sample'; script-src 'nonce-deadbeef' 'unsafe-eval' 'report-sample'; report-uri ${CSP_REPORT_PATH};`;
|
||||
|
||||
let extension = ExtensionTestUtils.loadExtension(EXTENSION_DATA);
|
||||
let data = {
|
||||
...EXTENSION_DATA,
|
||||
manifest: {
|
||||
...EXTENSION_DATA.manifest,
|
||||
manifest_version: 3,
|
||||
},
|
||||
};
|
||||
let extension = ExtensionTestUtils.loadExtension(data);
|
||||
await extension.startup();
|
||||
|
||||
let urlsPromise = extension.awaitMessage("css-sources").then(msg => {
|
||||
@ -1369,4 +1358,5 @@ add_task(async function test_extension_contentscript_csp() {
|
||||
|
||||
await extension.unload();
|
||||
await contentPage.close();
|
||||
Services.prefs.clearUserPref("extensions.manifestV3.enabled");
|
||||
});
|
||||
|
Loading…
Reference in New Issue
Block a user