Backed out changeset a2192165100c (bug 1041180) for xpcshell failures; CLOSED TREE

This commit is contained in:
Ed Morley 2014-10-03 10:12:53 +01:00
parent 40ba5d1f27
commit 6c9d66f653
64 changed files with 536 additions and 37 deletions

View File

@ -28,6 +28,7 @@
#include "nsIAsyncVerifyRedirectCallback.h"
#include "nsIScriptError.h"
#include "mozilla/dom/EncodingUtils.h"
#include "nsIChannelPolicy.h"
#include "nsIContentSecurityPolicy.h"
#include "nsContentUtils.h"
#include "mozilla/Preferences.h"
@ -737,7 +738,17 @@ EventSource::InitChannelAndRequestEventSource()
nsLoadFlags loadFlags;
loadFlags = nsIRequest::LOAD_BACKGROUND | nsIRequest::LOAD_BYPASS_CACHE;
nsresult rv;
// get Content Security Policy from principal to pass into channel
nsCOMPtr<nsIChannelPolicy> channelPolicy;
nsCOMPtr<nsIContentSecurityPolicy> csp;
nsresult rv = mPrincipal->GetCsp(getter_AddRefs(csp));
NS_ENSURE_SUCCESS(rv, rv);
if (csp) {
channelPolicy = do_CreateInstance("@mozilla.org/nschannelpolicy;1");
channelPolicy->SetContentSecurityPolicy(csp);
channelPolicy->SetLoadType(nsIContentPolicy::TYPE_DATAREQUEST);
}
nsIScriptContext* sc = GetContextForEventHandlers(&rv);
nsCOMPtr<nsIDocument> doc =
nsContentUtils::GetDocumentFromScriptContext(sc);
@ -750,6 +761,7 @@ EventSource::InitChannelAndRequestEventSource()
doc,
nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL,
nsIContentPolicy::TYPE_DATAREQUEST,
channelPolicy, // aChannelPolicy
mLoadGroup, // loadGroup
nullptr, // aCallbacks
loadFlags); // aLoadFlags
@ -760,6 +772,7 @@ EventSource::InitChannelAndRequestEventSource()
mPrincipal,
nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL,
nsIContentPolicy::TYPE_DATAREQUEST,
channelPolicy, // aChannelPolicy
mLoadGroup, // loadGroup
nullptr, // aCallbacks
loadFlags); // aLoadFlags

View File

@ -12,6 +12,7 @@
#include "nsContentUtils.h"
#include "nsCrossSiteListenerProxy.h"
#include "nsIChannel.h"
#include "nsIChannelPolicy.h"
#include "nsIContentPolicy.h"
#include "nsIContentSecurityPolicy.h"
#include "nsIDocument.h"
@ -480,13 +481,23 @@ ImportLoader::Open()
NS_ENSURE_SUCCESS_VOID(rv);
nsCOMPtr<nsILoadGroup> loadGroup = mImportParent->GetDocumentLoadGroup();
nsCOMPtr<nsIChannelPolicy> channelPolicy;
nsCOMPtr<nsIContentSecurityPolicy> csp;
rv = principal->GetCsp(getter_AddRefs(csp));
NS_ENSURE_SUCCESS_VOID(rv);
if (csp) {
channelPolicy = do_CreateInstance("@mozilla.org/nschannelpolicy;1");
channelPolicy->SetContentSecurityPolicy(csp);
channelPolicy->SetLoadType(nsIContentPolicy::TYPE_SUBDOCUMENT);
}
nsCOMPtr<nsIChannel> channel;
rv = NS_NewChannel(getter_AddRefs(channel),
mURI,
mImportParent,
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_SUBDOCUMENT,
channelPolicy,
loadGroup,
nullptr, // aCallbacks
nsIRequest::LOAD_BACKGROUND);

View File

@ -109,6 +109,7 @@ UNIFIED_SOURCES += [
'nsAttrValue.cpp',
'nsAttrValueOrString.cpp',
'nsCCUncollectableMarker.cpp',
'nsChannelPolicy.cpp',
'nsContentAreaDragDrop.cpp',
'nsContentIterator.cpp',
'nsContentList.cpp',

View File

@ -11,6 +11,7 @@
#include "nsCSPService.h"
#include "nsError.h"
#include "nsIAsyncVerifyRedirectCallback.h"
#include "nsIChannelPolicy.h"
#include "nsIClassInfoImpl.h"
#include "nsIDocShell.h"
#include "nsIDocShellTreeItem.h"
@ -24,10 +25,12 @@
#include "nsIObjectOutputStream.h"
#include "nsIObserver.h"
#include "nsIObserverService.h"
#include "nsIPropertyBag2.h"
#include "nsIStringStream.h"
#include "nsIUploadChannel.h"
#include "nsIScriptError.h"
#include "nsIWebNavigation.h"
#include "nsIWritablePropertyBag2.h"
#include "nsNetUtil.h"
#include "nsNullPrincipal.h"
#include "nsIContentPolicy.h"

View File

@ -12,7 +12,12 @@
#include "nsIContent.h"
#include "nsCSPService.h"
#include "nsIContentSecurityPolicy.h"
#include "nsIChannelPolicy.h"
#include "nsIChannelEventSink.h"
#include "nsIPropertyBag2.h"
#include "nsIWritablePropertyBag2.h"
#include "nsError.h"
#include "nsChannelProperties.h"
#include "nsIAsyncVerifyRedirectCallback.h"
#include "nsAsyncRedirectVerifyHelper.h"
#include "mozilla/Preferences.h"

View File

@ -0,0 +1,46 @@
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "nsChannelPolicy.h"
nsChannelPolicy::nsChannelPolicy()
: mLoadType(0)
{
}
nsChannelPolicy::~nsChannelPolicy()
{
}
NS_IMPL_ISUPPORTS(nsChannelPolicy, nsIChannelPolicy)
NS_IMETHODIMP
nsChannelPolicy::GetLoadType(uint32_t *aLoadType)
{
*aLoadType = mLoadType;
return NS_OK;
}
NS_IMETHODIMP
nsChannelPolicy::SetLoadType(uint32_t aLoadType)
{
mLoadType = aLoadType;
return NS_OK;
}
NS_IMETHODIMP
nsChannelPolicy::GetContentSecurityPolicy(nsISupports **aCSP)
{
*aCSP = mCSP;
NS_IF_ADDREF(*aCSP);
return NS_OK;
}
NS_IMETHODIMP
nsChannelPolicy::SetContentSecurityPolicy(nsISupports *aCSP)
{
mCSP = aCSP;
return NS_OK;
}

View File

@ -0,0 +1,37 @@
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef nsChannelPolicy_h___
#define nsChannelPolicy_h___
#include "nsCOMPtr.h"
#include "nsIChannelPolicy.h"
#define NSCHANNELPOLICY_CONTRACTID "@mozilla.org/nschannelpolicy;1"
#define NSCHANNELPOLICY_CID \
{ 0xd396b3cd, 0xf164, 0x4ce8, \
{ 0x93, 0xa7, 0xe3, 0x85, 0xe1, 0x46, 0x56, 0x3c } }
class nsChannelPolicy : public nsIChannelPolicy
{
public:
NS_DECL_ISUPPORTS
NS_DECL_NSICHANNELPOLICY
nsChannelPolicy();
protected:
virtual ~nsChannelPolicy();
/* Represents the type of content being loaded in the channel per
* nsIContentPolicy, e.g. TYPE_IMAGE, TYPE_SCRIPT
*/
unsigned long mLoadType;
/* pointer to a Content Security Policy object if available */
nsCOMPtr<nsISupports> mCSP;
};
#endif /* nsChannelPolicy_h___ */

View File

@ -60,6 +60,7 @@
#include "nsAttrValueInlines.h"
#include "nsBindingManager.h"
#include "nsCCUncollectableMarker.h"
#include "nsChannelPolicy.h"
#include "nsCharSeparatedTokenizer.h"
#include "nsCOMPtr.h"
#include "nsContentCreatorFunctions.h"
@ -88,6 +89,7 @@
#include "nsIAsyncVerifyRedirectCallback.h"
#include "nsICategoryManager.h"
#include "nsIChannelEventSink.h"
#include "nsIChannelPolicy.h"
#include "nsIChromeRegistry.h"
#include "nsIConsoleService.h"
#include "nsIContent.h"
@ -3004,6 +3006,20 @@ nsContentUtils::LoadImage(nsIURI* aURI, nsIDocument* aLoadingDocument,
NS_ASSERTION(loadGroup || IsFontTableURI(documentURI),
"Could not get loadgroup; onload may fire too early");
// check for a Content Security Policy to pass down to the channel that
// will get created to load the image
nsCOMPtr<nsIChannelPolicy> channelPolicy;
nsCOMPtr<nsIContentSecurityPolicy> csp;
if (aLoadingPrincipal) {
nsresult rv = aLoadingPrincipal->GetCsp(getter_AddRefs(csp));
NS_ENSURE_SUCCESS(rv, rv);
if (csp) {
channelPolicy = do_CreateInstance("@mozilla.org/nschannelpolicy;1");
channelPolicy->SetContentSecurityPolicy(csp);
channelPolicy->SetLoadType(nsIContentPolicy::TYPE_IMAGE);
}
}
// Make the URI immutable so people won't change it under us
NS_TryToSetImmutable(aURI);
@ -3018,6 +3034,7 @@ nsContentUtils::LoadImage(nsIURI* aURI, nsIDocument* aLoadingDocument,
aLoadingDocument, /* uniquification key */
aLoadFlags, /* load flags */
nullptr, /* cache key */
channelPolicy, /* CSP info */
initiatorType, /* the load initiator */
aRequest);
}

View File

@ -1122,6 +1122,7 @@ NS_StartCORSPreflight(nsIChannel* aRequestChannel,
rv = NS_NewChannelInternal(getter_AddRefs(preflightChannel),
uri,
loadInfo,
nullptr, // aChannelPolicy
loadGroup,
nullptr, // aCallbacks
loadFlags);
@ -1133,6 +1134,7 @@ NS_StartCORSPreflight(nsIChannel* aRequestChannel,
nsContentUtils::GetSystemPrincipal(),
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_OTHER,
nullptr, // aChannelPolicy
loadGroup,
nullptr, // aCallbacks
loadFlags);

View File

@ -1333,6 +1333,7 @@ nsExternalResourceMap::PendingLoad::StartLoad(nsIURI* aURI,
aRequestingNode,
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_OTHER,
nullptr, // aChannelPolicy
loadGroup,
req); // aCallbacks

View File

@ -65,6 +65,8 @@
#include "nsObjectLoadingContent.h"
#include "mozAutoDocUpdate.h"
#include "nsIContentSecurityPolicy.h"
#include "nsIChannelPolicy.h"
#include "nsChannelPolicy.h"
#include "GeckoProfiler.h"
#include "nsPluginFrame.h"
#include "nsDOMClassInfo.h"
@ -2490,6 +2492,15 @@ nsObjectLoadingContent::OpenChannel()
nsCOMPtr<nsILoadGroup> group = doc->GetDocumentLoadGroup();
nsCOMPtr<nsIChannel> chan;
nsCOMPtr<nsIChannelPolicy> channelPolicy;
nsCOMPtr<nsIContentSecurityPolicy> csp;
rv = doc->NodePrincipal()->GetCsp(getter_AddRefs(csp));
NS_ENSURE_SUCCESS(rv, rv);
if (csp) {
channelPolicy = do_CreateInstance("@mozilla.org/nschannelpolicy;1");
channelPolicy->SetContentSecurityPolicy(csp);
channelPolicy->SetLoadType(nsIContentPolicy::TYPE_OBJECT);
}
nsRefPtr<ObjectInterfaceRequestorShim> shim =
new ObjectInterfaceRequestorShim(this);
@ -2511,6 +2522,7 @@ nsObjectLoadingContent::OpenChannel()
thisContent,
securityFlags,
nsIContentPolicy::TYPE_OBJECT,
channelPolicy,
group, // aLoadGroup
shim, // aCallbacks
nsIChannel::LOAD_CALL_CONTENT_SNIFFERS |

View File

@ -41,6 +41,8 @@
#include "nsDocShellCID.h"
#include "nsIContentSecurityPolicy.h"
#include "prlog.h"
#include "nsIChannelPolicy.h"
#include "nsChannelPolicy.h"
#include "nsCRT.h"
#include "nsContentCreatorFunctions.h"
#include "nsCrossSiteListenerProxy.h"
@ -304,12 +306,25 @@ nsScriptLoader::StartLoad(nsScriptLoadRequest *aRequest, const nsAString &aType,
return NS_OK;
}
// check for a Content Security Policy to pass down to the channel
// that will be created to load the script
nsCOMPtr<nsIChannelPolicy> channelPolicy;
nsCOMPtr<nsIContentSecurityPolicy> csp;
rv = mDocument->NodePrincipal()->GetCsp(getter_AddRefs(csp));
NS_ENSURE_SUCCESS(rv, rv);
if (csp) {
channelPolicy = do_CreateInstance("@mozilla.org/nschannelpolicy;1");
channelPolicy->SetContentSecurityPolicy(csp);
channelPolicy->SetLoadType(nsIContentPolicy::TYPE_SCRIPT);
}
nsCOMPtr<nsIChannel> channel;
rv = NS_NewChannel(getter_AddRefs(channel),
aRequest->mURI,
mDocument,
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_SCRIPT,
channelPolicy,
loadGroup,
prompter,
nsIRequest::LOAD_NORMAL |

View File

@ -315,6 +315,7 @@ nsSyncLoadService::LoadDocument(nsIURI *aURI, nsIPrincipal *aLoaderPrincipal,
aLoaderPrincipal,
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_OTHER,
nullptr, // aChannelPolicy
aLoadGroup);
NS_ENSURE_SUCCESS(rv, rv);

View File

@ -51,6 +51,8 @@
#include "nsIPromptFactory.h"
#include "nsIWindowWatcher.h"
#include "nsIConsoleService.h"
#include "nsIChannelPolicy.h"
#include "nsChannelPolicy.h"
#include "nsIContentSecurityPolicy.h"
#include "nsAsyncRedirectVerifyHelper.h"
#include "nsStringBuffer.h"
@ -1722,6 +1724,17 @@ nsXMLHttpRequest::Open(const nsACString& inMethod, const nsACString& url,
// will be automatically aborted if the user leaves the page.
nsCOMPtr<nsILoadGroup> loadGroup = GetLoadGroup();
// get Content Security Policy from principal to pass into channel
nsCOMPtr<nsIChannelPolicy> channelPolicy;
nsCOMPtr<nsIContentSecurityPolicy> csp;
rv = mPrincipal->GetCsp(getter_AddRefs(csp));
NS_ENSURE_SUCCESS(rv, rv);
if (csp) {
channelPolicy = do_CreateInstance("@mozilla.org/nschannelpolicy;1");
channelPolicy->SetContentSecurityPolicy(csp);
channelPolicy->SetLoadType(nsIContentPolicy::TYPE_XMLHTTPREQUEST);
}
nsSecurityFlags secFlags = nsILoadInfo::SEC_NORMAL;
if (IsSystemXHR()) {
// Don't give this document the system principal. We need to keep track of
@ -1741,6 +1754,7 @@ nsXMLHttpRequest::Open(const nsACString& inMethod, const nsACString& url,
doc,
secFlags,
nsIContentPolicy::TYPE_XMLHTTPREQUEST,
channelPolicy,
loadGroup,
nullptr, // aCallbacks
nsIRequest::LOAD_BACKGROUND);
@ -1751,6 +1765,7 @@ nsXMLHttpRequest::Open(const nsACString& inMethod, const nsACString& url,
mPrincipal,
secFlags,
nsIContentPolicy::TYPE_XMLHTTPREQUEST,
channelPolicy,
loadGroup,
nullptr, // aCallbacks
nsIRequest::LOAD_BACKGROUND);

View File

@ -99,6 +99,8 @@ static PRLogModuleInfo* gMediaElementEventsLog;
#endif
#include "nsIContentSecurityPolicy.h"
#include "nsIChannelPolicy.h"
#include "nsChannelPolicy.h"
#include "mozilla/Preferences.h"
@ -1184,12 +1186,25 @@ nsresult HTMLMediaElement::LoadResource()
}
nsCOMPtr<nsILoadGroup> loadGroup = GetDocumentLoadGroup();
// check for a Content Security Policy to pass down to the channel
// created to load the media content
nsCOMPtr<nsIChannelPolicy> channelPolicy;
nsCOMPtr<nsIContentSecurityPolicy> csp;
rv = NodePrincipal()->GetCsp(getter_AddRefs(csp));
NS_ENSURE_SUCCESS(rv,rv);
if (csp) {
channelPolicy = do_CreateInstance("@mozilla.org/nschannelpolicy;1");
channelPolicy->SetContentSecurityPolicy(csp);
channelPolicy->SetLoadType(nsIContentPolicy::TYPE_MEDIA);
}
nsCOMPtr<nsIChannel> channel;
rv = NS_NewChannel(getter_AddRefs(channel),
mLoadingSrc,
static_cast<Element*>(this),
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_MEDIA,
channelPolicy,
loadGroup,
nullptr, // aCallbacks
nsICachingChannel::LOAD_BYPASS_LOCAL_CACHE_IF_BUSY |

View File

@ -21,6 +21,7 @@
#include "nsIAsyncVerifyRedirectCallback.h"
#include "nsICachingChannel.h"
#include "nsIChannelEventSink.h"
#include "nsIChannelPolicy.h"
#include "nsIContentPolicy.h"
#include "nsIContentSecurityPolicy.h"
#include "nsIDocument.h"
@ -236,6 +237,20 @@ HTMLTrackElement::LoadResource()
CreateTextTrack();
}
// Check for a Content Security Policy to pass down to the channel
// created to load the media content.
nsCOMPtr<nsIChannelPolicy> channelPolicy;
nsCOMPtr<nsIContentSecurityPolicy> csp;
rv = NodePrincipal()->GetCsp(getter_AddRefs(csp));
NS_ENSURE_TRUE_VOID(NS_SUCCEEDED(rv));
if (csp) {
channelPolicy = do_CreateInstance("@mozilla.org/nschannelpolicy;1");
if (!channelPolicy) {
return;
}
channelPolicy->SetContentSecurityPolicy(csp);
channelPolicy->SetLoadType(nsIContentPolicy::TYPE_MEDIA);
}
nsCOMPtr<nsIChannel> channel;
nsCOMPtr<nsILoadGroup> loadGroup = OwnerDoc()->GetDocumentLoadGroup();
rv = NS_NewChannel(getter_AddRefs(channel),
@ -243,6 +258,7 @@ HTMLTrackElement::LoadResource()
static_cast<Element*>(this),
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_MEDIA,
channelPolicy,
loadGroup);
NS_ENSURE_TRUE_VOID(NS_SUCCEEDED(rv));

View File

@ -1516,6 +1516,7 @@ nsHTMLDocument::Open(JSContext* cx,
callerDoc,
nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL,
nsIContentPolicy::TYPE_OTHER,
nullptr, // aChannelPolicy
group);
if (rv.Failed()) {

View File

@ -939,6 +939,7 @@ ChannelMediaResource::RecreateChannel()
element,
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_MEDIA,
nullptr, // aChannelPolicy
loadGroup,
nullptr, // aCallbacks
loadFlags);
@ -1458,6 +1459,7 @@ already_AddRefed<MediaResource> FileMediaResource::CloneData(MediaDecoder* aDeco
element,
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_MEDIA,
nullptr, // aChannelPolicy
loadGroup);
if (NS_FAILED(rv))

View File

@ -2701,6 +2701,7 @@ XULDocument::LoadOverlayInternal(nsIURI* aURI, bool aIsDynamic,
NodePrincipal(),
nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL,
nsIContentPolicy::TYPE_OTHER,
nullptr, // aChannelPolicy
group);
if (NS_SUCCEEDED(rv)) {

View File

@ -173,6 +173,7 @@
#endif
#include "nsContentUtils.h"
#include "nsIChannelPolicy.h"
#include "nsIContentSecurityPolicy.h"
#include "nsILoadInfo.h"
#include "nsSandboxFlags.h"
@ -10131,7 +10132,27 @@ nsDocShell::DoURILoad(nsIURI * aURI,
loadFlags |= nsIChannel::LOAD_BACKGROUND;
}
// check for Content Security Policy to pass along with the
// new channel we are creating
nsCOMPtr<nsIChannelPolicy> channelPolicy;
if (IsFrame()) {
// check the parent docshell for a CSP
nsCOMPtr<nsIContentSecurityPolicy> csp;
nsCOMPtr<nsIDocShellTreeItem> parentItem;
GetSameTypeParent(getter_AddRefs(parentItem));
if (parentItem) {
nsCOMPtr<nsIDocument> doc = parentItem->GetDocument();
if (doc) {
rv = doc->NodePrincipal()->GetCsp(getter_AddRefs(csp));
NS_ENSURE_SUCCESS(rv, rv);
if (csp) {
channelPolicy = do_CreateInstance("@mozilla.org/nschannelpolicy;1");
channelPolicy->SetContentSecurityPolicy(csp);
channelPolicy->SetLoadType(nsIContentPolicy::TYPE_SUBDOCUMENT);
}
}
}
// Only allow view-source scheme in top-level docshells. view-source is
// the only scheme to which this applies at the moment due to potential
// timing attacks to read data from cross-origin iframes. If this widens
@ -10200,6 +10221,7 @@ nsDocShell::DoURILoad(nsIURI * aURI,
requestingPrincipal,
securityFlags,
aContentPolicyType,
channelPolicy,
nullptr, // loadGroup
static_cast<nsIInterfaceRequestor*>(this),
loadFlags);

View File

@ -66,6 +66,7 @@
#include "mozIApplication.h"
#include "WidgetUtils.h"
#include "mozIThirdPartyUtil.h"
#include "nsChannelPolicy.h"
#ifdef MOZ_MEDIA_NAVIGATOR
#include "MediaManager.h"
@ -1048,11 +1049,26 @@ Navigator::SendBeacon(const nsAString& aUrl,
}
nsCOMPtr<nsIChannel> channel;
nsCOMPtr<nsIChannelPolicy> channelPolicy;
nsCOMPtr<nsIContentSecurityPolicy> csp;
rv = principal->GetCsp(getter_AddRefs(csp));
if (NS_FAILED(rv)) {
aRv.Throw(NS_ERROR_FAILURE);
return false;
}
if (csp) {
channelPolicy = do_CreateInstance(NSCHANNELPOLICY_CONTRACTID);
channelPolicy->SetContentSecurityPolicy(csp);
channelPolicy->SetLoadType(nsIContentPolicy::TYPE_BEACON);
}
rv = NS_NewChannel(getter_AddRefs(channel),
uri,
doc,
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_BEACON);
nsIContentPolicy::TYPE_BEACON,
channelPolicy);
if (NS_FAILED(rv)) {
aRv.Throw(rv);

View File

@ -2857,6 +2857,7 @@ nsresult nsPluginHost::NewPluginURLStream(const nsString& aURL,
principal,
nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL,
nsIContentPolicy::TYPE_OBJECT_SUBREQUEST,
nullptr, // aChannelPolicy
nullptr, // aLoadGroup
listenerPeer);

View File

@ -662,6 +662,7 @@ nsPluginStreamListenerPeer::RequestRead(NPByteRange* rangeList)
principal,
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_OTHER,
nullptr, // aChannelPolicy
loadGroup,
callbacks);

View File

@ -6,6 +6,7 @@
#include "ScriptLoader.h"
#include "nsIChannel.h"
#include "nsIChannelPolicy.h"
#include "nsIContentPolicy.h"
#include "nsIContentSecurityPolicy.h"
#include "nsIHttpChannel.h"
@ -16,6 +17,7 @@
#include "nsIURI.h"
#include "jsapi.h"
#include "nsChannelPolicy.h"
#include "nsError.h"
#include "nsContentPolicyUtils.h"
#include "nsContentUtils.h"
@ -102,6 +104,23 @@ ChannelFromScriptURL(nsIPrincipal* principal,
NS_ENSURE_SUCCESS(rv, NS_ERROR_DOM_SECURITY_ERR);
}
// Get Content Security Policy from parent document to pass into channel.
nsCOMPtr<nsIContentSecurityPolicy> csp;
rv = principal->GetCsp(getter_AddRefs(csp));
NS_ENSURE_SUCCESS(rv, rv);
nsCOMPtr<nsIChannelPolicy> channelPolicy;
if (csp) {
channelPolicy = do_CreateInstance(NSCHANNELPOLICY_CONTRACTID, &rv);
NS_ENSURE_SUCCESS(rv, rv);
rv = channelPolicy->SetContentSecurityPolicy(csp);
NS_ENSURE_SUCCESS(rv, rv);
rv = channelPolicy->SetLoadType(nsIContentPolicy::TYPE_SCRIPT);
NS_ENSURE_SUCCESS(rv, rv);
}
uint32_t flags = nsIRequest::LOAD_NORMAL | nsIChannel::LOAD_CLASSIFY_URI;
nsCOMPtr<nsIChannel> channel;
@ -112,6 +131,7 @@ ChannelFromScriptURL(nsIPrincipal* principal,
parentDoc,
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_SCRIPT,
channelPolicy,
loadGroup,
nullptr, // aCallbacks
flags,
@ -128,6 +148,7 @@ ChannelFromScriptURL(nsIPrincipal* principal,
nullPrincipal,
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_SCRIPT,
channelPolicy,
loadGroup,
nullptr, // aCallbacks
flags,

View File

@ -1076,6 +1076,7 @@ nsXBLService::FetchBindingDocument(nsIContent* aBoundElement, nsIDocument* aBoun
requestingPrincipal,
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_OTHER,
nullptr, // aChannelPolicy
loadGroup);
NS_ENSURE_SUCCESS(rv, rv);

View File

@ -449,6 +449,7 @@ XMLDocument::Load(const nsAString& aUrl, ErrorResult& aRv)
static_cast<nsIDocument*>(this),
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_XMLHTTPREQUEST,
nullptr, // aChannelPolicy
loadGroup,
req,
nsIRequest::LOAD_BACKGROUND);

View File

@ -64,6 +64,7 @@ URIUtils::ResetWithSource(nsIDocument *aNewDoc, nsIDOMNode *aSourceNode)
sourceDoc,
nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL,
nsIContentPolicy::TYPE_OTHER,
nullptr, // aChannelPolicy
loadGroup);
if (NS_FAILED(rv)) {

View File

@ -23,6 +23,7 @@
#include "nsUnicharUtils.h"
#include "nsIDocument.h"
#include "nsIPrincipal.h"
#include "nsIChannelPolicy.h"
#include "nsIContentSecurityPolicy.h"
#include "nsIContentPolicy.h"
#include "nsAutoPtr.h"
@ -267,9 +268,22 @@ nsContextMenuInfo::GetBackgroundImageRequestInternal(nsIDOMNode *aDOMNode, imgRe
nsCOMPtr<nsIDOMCSSPrimitiveValue> primitiveValue;
nsAutoString bgStringValue;
// get Content Security Policy to pass to LoadImage
nsCOMPtr<nsIDocument> doc(do_QueryInterface(document));
nsCOMPtr<nsIPrincipal> principal = doc ? doc->NodePrincipal() : nullptr;
nsCOMPtr<nsIPrincipal> principal;
nsCOMPtr<nsIChannelPolicy> channelPolicy;
nsCOMPtr<nsIContentSecurityPolicy> csp;
if (doc) {
principal = doc->NodePrincipal();
nsresult rv = principal->GetCsp(getter_AddRefs(csp));
NS_ENSURE_SUCCESS(rv, rv);
if (csp) {
channelPolicy = do_CreateInstance("@mozilla.org/nschannelpolicy;1");
channelPolicy->SetContentSecurityPolicy(csp);
channelPolicy->SetLoadType(nsIContentPolicy::TYPE_IMAGE);
}
}
while (true) {
nsCOMPtr<nsIDOMElement> domElement(do_QueryInterface(domNode));
// bail for the parent node of the root element or null argument
@ -296,7 +310,7 @@ nsContextMenuInfo::GetBackgroundImageRequestInternal(nsIDOMNode *aDOMNode, imgRe
return il->LoadImage(bgUri, nullptr, nullptr, principal, nullptr,
nullptr, nullptr, nsIRequest::LOAD_NORMAL,
nullptr, EmptyString(), aRequest);
nullptr, channelPolicy, EmptyString(), aRequest);
}
}

View File

@ -1205,6 +1205,7 @@ nsresult nsWebBrowserPersist::SaveURIInternal(
nsContentUtils::GetSystemPrincipal(),
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_OTHER,
nullptr, // aChannelPolicy
nullptr, // aLoadGroup
static_cast<nsIInterfaceRequestor*>(this),
loadFlags);

View File

@ -285,6 +285,7 @@ nsresult nsAutoConfig::downloadAutoConfig()
nsContentUtils::GetSystemPrincipal(),
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_OTHER,
nullptr, // aChannelPolicy
nullptr, // loadGroup
nullptr, // aCallbacks
nsIRequest::INHIBIT_PERSISTENT_CACHING |

View File

@ -16,6 +16,7 @@ interface nsIStreamListener;
interface nsIURI;
interface nsISimpleEnumerator;
interface nsIChannelPolicy;
#include "nsIRequest.idl" // for nsLoadFlags
@ -61,7 +62,8 @@ interface imgILoader : nsISupports
in imgINotificationObserver aObserver,
in nsISupports aCX,
in nsLoadFlags aLoadFlags,
in nsISupports cacheKey);
in nsISupports cacheKey,
in nsIChannelPolicy channelPolicy);
/**
* Start the load and decode of an image.

View File

@ -635,6 +635,7 @@ static nsresult NewImageChannel(nsIChannel **aResult,
nsILoadGroup *aLoadGroup,
const nsCString& aAcceptHeader,
nsLoadFlags aLoadFlags,
nsIChannelPolicy *aPolicy,
nsIPrincipal *aLoadingPrincipal,
nsISupports *aRequestingContext)
{
@ -690,6 +691,7 @@ static nsresult NewImageChannel(nsIChannel **aResult,
requestingPrincipal,
securityFlags,
nsIContentPolicy::TYPE_IMAGE,
aPolicy,
nullptr, // loadGroup
callbacks,
aLoadFlags);
@ -1443,6 +1445,7 @@ bool imgLoader::ValidateRequestWithNewChannel(imgRequest *request,
nsISupports *aCX,
nsLoadFlags aLoadFlags,
imgRequestProxy **aProxyRequest,
nsIChannelPolicy *aPolicy,
nsIPrincipal* aLoadingPrincipal,
int32_t aCORSMode)
{
@ -1490,6 +1493,7 @@ bool imgLoader::ValidateRequestWithNewChannel(imgRequest *request,
aLoadGroup,
mAcceptHeader,
aLoadFlags,
aPolicy,
aLoadingPrincipal,
aCX);
if (NS_FAILED(rv)) {
@ -1569,6 +1573,7 @@ bool imgLoader::ValidateEntry(imgCacheEntry *aEntry,
nsLoadFlags aLoadFlags,
bool aCanMakeNewChannel,
imgRequestProxy **aProxyRequest,
nsIChannelPolicy *aPolicy,
nsIPrincipal* aLoadingPrincipal,
int32_t aCORSMode)
{
@ -1673,7 +1678,7 @@ bool imgLoader::ValidateEntry(imgCacheEntry *aEntry,
return ValidateRequestWithNewChannel(request, aURI, aInitialDocumentURI,
aReferrerURI, aLoadGroup, aObserver,
aCX, aLoadFlags, aProxyRequest,
aCX, aLoadFlags, aProxyRequest, aPolicy,
aLoadingPrincipal, aCORSMode);
}
@ -1848,6 +1853,7 @@ NS_IMETHODIMP imgLoader::LoadImageXPCOM(nsIURI *aURI,
nsISupports *aCX,
nsLoadFlags aLoadFlags,
nsISupports *aCacheKey,
nsIChannelPolicy *aPolicy,
imgIRequest **_retval)
{
imgRequestProxy *proxy;
@ -1860,32 +1866,29 @@ NS_IMETHODIMP imgLoader::LoadImageXPCOM(nsIURI *aURI,
aCX,
aLoadFlags,
aCacheKey,
aPolicy,
EmptyString(),
&proxy);
*_retval = proxy;
return result;
}
// imgIRequest loadImage(in nsIURI aURI,
// in nsIURI aInitialDocumentURL,
// in nsIURI aReferrerURI,
// in nsIPrincipal aLoadingPrincipal,
// in nsILoadGroup aLoadGroup,
// in imgINotificationObserver aObserver,
// in nsISupports aCX,
// in nsLoadFlags aLoadFlags,
// in nsISupports cacheKey);
/* imgIRequest loadImage(in nsIURI aURI, in nsIURI aInitialDocumentURL, in nsIURI aReferrerURI, in nsIPrincipal aLoadingPrincipal, in nsILoadGroup aLoadGroup, in imgINotificationObserver aObserver, in nsISupports aCX, in nsLoadFlags aLoadFlags, in nsISupports cacheKey, in nsIChannelPolicy channelPolicy); */
nsresult imgLoader::LoadImage(nsIURI *aURI,
nsIURI *aInitialDocumentURI,
nsIURI *aReferrerURI,
nsIPrincipal* aLoadingPrincipal,
nsILoadGroup *aLoadGroup,
imgINotificationObserver *aObserver,
nsISupports *aCX,
nsLoadFlags aLoadFlags,
nsISupports *aCacheKey,
const nsAString& initiatorType,
imgRequestProxy **_retval)
nsIURI *aInitialDocumentURI,
nsIURI *aReferrerURI,
nsIPrincipal* aLoadingPrincipal,
nsILoadGroup *aLoadGroup,
imgINotificationObserver *aObserver,
nsISupports *aCX,
nsLoadFlags aLoadFlags,
nsISupports *aCacheKey,
nsIChannelPolicy *aPolicy,
const nsAString& initiatorType,
imgRequestProxy **_retval)
{
VerifyCacheSizes();
@ -1963,7 +1966,7 @@ nsresult imgLoader::LoadImage(nsIURI *aURI,
if (cache.Get(spec, getter_AddRefs(entry)) && entry) {
if (ValidateEntry(entry, aURI, aInitialDocumentURI, aReferrerURI,
aLoadGroup, aObserver, aCX, requestFlags, true,
_retval, aLoadingPrincipal, corsmode)) {
_retval, aPolicy, aLoadingPrincipal, corsmode)) {
request = entry->GetRequest();
// If this entry has no proxies, its request has no reference to the entry.
@ -2005,6 +2008,7 @@ nsresult imgLoader::LoadImage(nsIURI *aURI,
aLoadGroup,
mAcceptHeader,
requestFlags,
aPolicy,
aLoadingPrincipal,
aCX);
if (NS_FAILED(rv))
@ -2188,7 +2192,7 @@ nsresult imgLoader::LoadImageWithChannel(nsIChannel *channel, imgINotificationOb
// XXX -- should this be changed? it's pretty much verbatim from the old
// code, but seems nonsensical.
if (ValidateEntry(entry, uri, nullptr, nullptr, nullptr, aObserver, aCX,
requestFlags, false, nullptr, nullptr,
requestFlags, false, nullptr, nullptr, nullptr,
imgIRequest::CORS_NONE)) {
request = entry->GetRequest();
} else {

View File

@ -29,6 +29,7 @@ class imgINotificationObserver;
class nsILoadGroup;
class imgCacheExpirationTracker;
class imgMemoryReporter;
class nsIChannelPolicy;
namespace mozilla {
namespace image {
@ -257,6 +258,7 @@ public:
nsISupports *aCX,
nsLoadFlags aLoadFlags,
nsISupports *aCacheKey,
nsIChannelPolicy *aPolicy,
const nsAString& initiatorType,
imgRequestProxy **_retval);
nsresult LoadImageWithChannel(nsIChannel *channel,
@ -338,6 +340,7 @@ private: // methods
imgINotificationObserver *aObserver, nsISupports *aCX,
nsLoadFlags aLoadFlags, bool aCanMakeNewChannel,
imgRequestProxy **aProxyRequest,
nsIChannelPolicy *aPolicy,
nsIPrincipal* aLoadingPrincipal,
int32_t aCORSMode);
@ -348,6 +351,7 @@ private: // methods
imgINotificationObserver *aObserver,
nsISupports *aCX, nsLoadFlags aLoadFlags,
imgRequestProxy **aProxyRequest,
nsIChannelPolicy *aPolicy,
nsIPrincipal* aLoadingPrincipal,
int32_t aCORSMode);

View File

@ -96,7 +96,7 @@ function checkSecondLoad()
var listener = new ImageListener(checkClone, secondLoadDone);
var outer = Cc["@mozilla.org/image/tools;1"].getService(Ci.imgITools)
.createScriptedObserver(listener);
requests.push(gCurrentLoader.loadImageXPCOM(uri, null, null, null, null, outer, null, 0, null));
requests.push(gCurrentLoader.loadImageXPCOM(uri, null, null, null, null, outer, null, 0, null, null));
listener.synchronous = false;
}
@ -194,7 +194,7 @@ function startImageCallback(otherCb)
var listener2 = new ImageListener(null, function(foo, bar) { do_test_finished(); });
var outer = Cc["@mozilla.org/image/tools;1"].getService(Ci.imgITools)
.createScriptedObserver(listener2);
requests.push(gCurrentLoader.loadImageXPCOM(uri, null, null, null, null, outer, null, 0, null));
requests.push(gCurrentLoader.loadImageXPCOM(uri, null, null, null, null, outer, null, 0, null, null));
listener2.synchronous = false;
// Now that we've started another load, chain to the callback.
@ -221,7 +221,7 @@ function run_test()
var listener = new ImageListener(startImageCallback(checkClone), firstLoadDone);
var outer = Cc["@mozilla.org/image/tools;1"].getService(Ci.imgITools)
.createScriptedObserver(listener);
var req = gCurrentLoader.loadImageXPCOM(uri, null, null, null, null, outer, null, 0, null);
var req = gCurrentLoader.loadImageXPCOM(uri, null, null, null, null, outer, null, 0, null, null);
requests.push(req);
// Ensure that we don't cause any mayhem when we lock an image.

View File

@ -77,7 +77,7 @@ function loadImage(isPrivate, callback) {
var loadGroup = Cc["@mozilla.org/network/load-group;1"].createInstance(Ci.nsILoadGroup);
loadGroup.notificationCallbacks = new NotificationCallbacks(isPrivate);
var loader = isPrivate ? gPrivateLoader : gPublicLoader;
requests.push(loader.loadImageXPCOM(uri, null, null, null, loadGroup, outer, null, 0, null));
requests.push(loader.loadImageXPCOM(uri, null, null, null, loadGroup, outer, null, 0, null, null));
listener.synchronous = false;
}

View File

@ -113,6 +113,7 @@ mozJSSubScriptLoader::ReadScript(nsIURI *uri, JSContext *cx, JSObject *targetObj
nsContentUtils::GetSystemPrincipal(),
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_OTHER,
nullptr, // aChannelPolicy
nullptr, // aLoadGroup
nullptr, // aCallbacks
nsIRequest::LOAD_NORMAL,

View File

@ -61,6 +61,7 @@
#include "mozilla/dom/DOMParser.h"
#include "nsDOMSerializer.h"
#include "nsXMLHttpRequest.h"
#include "nsChannelPolicy.h"
// view stuff
#include "nsContentCreatorFunctions.h"
@ -282,6 +283,7 @@ NS_GENERIC_FACTORY_CONSTRUCTOR(DOMParser)
NS_GENERIC_FACTORY_CONSTRUCTOR(Exception)
NS_GENERIC_FACTORY_CONSTRUCTOR(DOMSessionStorageManager)
NS_GENERIC_FACTORY_CONSTRUCTOR(DOMLocalStorageManager)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsChannelPolicy)
NS_GENERIC_FACTORY_SINGLETON_CONSTRUCTOR(DOMRequestService,
DOMRequestService::FactoryCreate)
NS_GENERIC_FACTORY_SINGLETON_CONSTRUCTOR(QuotaManager,
@ -751,6 +753,7 @@ NS_DEFINE_NAMED_CID(NS_EVENTLISTENERSERVICE_CID);
NS_DEFINE_NAMED_CID(NS_GLOBALMESSAGEMANAGER_CID);
NS_DEFINE_NAMED_CID(NS_PARENTPROCESSMESSAGEMANAGER_CID);
NS_DEFINE_NAMED_CID(NS_CHILDPROCESSMESSAGEMANAGER_CID);
NS_DEFINE_NAMED_CID(NSCHANNELPOLICY_CID);
NS_DEFINE_NAMED_CID(NS_SCRIPTSECURITYMANAGER_CID);
NS_DEFINE_NAMED_CID(NS_PRINCIPAL_CID);
NS_DEFINE_NAMED_CID(NS_SYSTEMPRINCIPAL_CID);
@ -1045,6 +1048,7 @@ static const mozilla::Module::CIDEntry kLayoutCIDs[] = {
{ &kNS_GLOBALMESSAGEMANAGER_CID, false, nullptr, CreateGlobalMessageManager },
{ &kNS_PARENTPROCESSMESSAGEMANAGER_CID, false, nullptr, CreateParentMessageManager },
{ &kNS_CHILDPROCESSMESSAGEMANAGER_CID, false, nullptr, CreateChildMessageManager },
{ &kNSCHANNELPOLICY_CID, false, nullptr, nsChannelPolicyConstructor },
{ &kNS_SCRIPTSECURITYMANAGER_CID, false, nullptr, Construct_nsIScriptSecurityManager },
{ &kNS_PRINCIPAL_CID, false, nullptr, nsPrincipalConstructor },
{ &kNS_SYSTEMPRINCIPAL_CID, false, nullptr, nsSystemPrincipalConstructor },
@ -1202,6 +1206,7 @@ static const mozilla::Module::ContractIDEntry kLayoutContracts[] = {
{ NS_GLOBALMESSAGEMANAGER_CONTRACTID, &kNS_GLOBALMESSAGEMANAGER_CID },
{ NS_PARENTPROCESSMESSAGEMANAGER_CONTRACTID, &kNS_PARENTPROCESSMESSAGEMANAGER_CID },
{ NS_CHILDPROCESSMESSAGEMANAGER_CONTRACTID, &kNS_CHILDPROCESSMESSAGEMANAGER_CID },
{ NSCHANNELPOLICY_CONTRACTID, &kNSCHANNELPOLICY_CID },
{ NS_SCRIPTSECURITYMANAGER_CONTRACTID, &kNS_SCRIPTSECURITYMANAGER_CID },
{ NS_GLOBAL_CHANNELEVENTSINK_CONTRACTID, &kNS_SCRIPTSECURITYMANAGER_CID },
{ NS_PRINCIPAL_CONTRACTID, &kNS_PRINCIPAL_CID },

View File

@ -1931,6 +1931,7 @@ nsImageFrame::LoadIcon(const nsAString& aSpec,
nullptr, /* Not associated with any particular document */
loadFlags,
nullptr,
nullptr, /* channel policy not needed */
EmptyString(),
aRequest);
}

View File

@ -19,6 +19,7 @@
#include "mozilla/AsyncEventDispatcher.h"
#include "nsCrossSiteListenerProxy.h"
#include "nsFontFaceLoader.h"
#include "nsIChannelPolicy.h"
#include "nsIConsoleService.h"
#include "nsIContentPolicy.h"
#include "nsIContentSecurityPolicy.h"
@ -396,6 +397,16 @@ FontFaceSet::StartLoad(gfxUserFontEntry* aUserFontEntry,
nsCOMPtr<nsILoadGroup> loadGroup(ps->GetDocument()->GetDocumentLoadGroup());
nsCOMPtr<nsIChannel> channel;
// get Content Security Policy from principal to pass into channel
nsCOMPtr<nsIChannelPolicy> channelPolicy;
nsCOMPtr<nsIContentSecurityPolicy> csp;
rv = aUserFontEntry->GetPrincipal()->GetCsp(getter_AddRefs(csp));
NS_ENSURE_SUCCESS(rv, rv);
if (csp) {
channelPolicy = do_CreateInstance("@mozilla.org/nschannelpolicy;1");
channelPolicy->SetContentSecurityPolicy(csp);
channelPolicy->SetLoadType(nsIContentPolicy::TYPE_FONT);
}
// Note we are calling NS_NewChannelInternal() with both a node and a
// principal. This is because the document where the font is being loaded
// might have a different origin from the principal of the stylesheet
@ -406,6 +417,7 @@ FontFaceSet::StartLoad(gfxUserFontEntry* aUserFontEntry,
aUserFontEntry->GetPrincipal(),
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_FONT,
channelPolicy,
loadGroup);
NS_ENSURE_SUCCESS(rv, rv);
@ -1142,6 +1154,17 @@ FontFaceSet::SyncLoadFontData(gfxUserFontEntry* aFontToLoad,
nsresult rv;
nsCOMPtr<nsIChannel> channel;
// get Content Security Policy from principal to pass into channel
nsCOMPtr<nsIChannelPolicy> channelPolicy;
nsCOMPtr<nsIContentSecurityPolicy> csp;
rv = aFontToLoad->GetPrincipal()->GetCsp(getter_AddRefs(csp));
NS_ENSURE_SUCCESS(rv, rv);
if (csp) {
channelPolicy = do_CreateInstance("@mozilla.org/nschannelpolicy;1");
channelPolicy->SetContentSecurityPolicy(csp);
channelPolicy->SetLoadType(nsIContentPolicy::TYPE_FONT);
}
nsIPresShell* ps = mPresContext->PresShell();
if (!ps) {
return NS_ERROR_FAILURE;
@ -1155,7 +1178,8 @@ FontFaceSet::SyncLoadFontData(gfxUserFontEntry* aFontToLoad,
ps->GetDocument(),
aFontToLoad->GetPrincipal(),
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_FONT);
nsIContentPolicy::TYPE_FONT,
channelPolicy);
NS_ENSURE_SUCCESS(rv, rv);

View File

@ -60,6 +60,7 @@
#include "nsIDOMStyleSheet.h"
#include "nsError.h"
#include "nsIChannelPolicy.h"
#include "nsIContentSecurityPolicy.h"
#include "mozilla/dom/EncodingUtils.h"
@ -1551,10 +1552,20 @@ Loader::LoadSheet(SheetLoadData* aLoadData, StyleSheetState aSheetState)
mSyncCallback = true;
#endif
nsCOMPtr<nsILoadGroup> loadGroup;
// Content Security Policy information to pass into channel
nsCOMPtr<nsIChannelPolicy> channelPolicy;
if (mDocument) {
loadGroup = mDocument->GetDocumentLoadGroup();
NS_ASSERTION(loadGroup,
"No loadgroup for stylesheet; onload will fire early");
nsCOMPtr<nsIContentSecurityPolicy> csp;
rv = mDocument->NodePrincipal()->GetCsp(getter_AddRefs(csp));
NS_ENSURE_SUCCESS(rv, rv);
if (csp) {
channelPolicy = do_CreateInstance("@mozilla.org/nschannelpolicy;1");
channelPolicy->SetContentSecurityPolicy(csp);
channelPolicy->SetLoadType(nsIContentPolicy::TYPE_STYLESHEET);
}
}
nsLoadFlags securityFlags = nsILoadInfo::SEC_NORMAL;
@ -1573,6 +1584,7 @@ Loader::LoadSheet(SheetLoadData* aLoadData, StyleSheetState aSheetState)
requestingPrincipal,
securityFlags,
nsIContentPolicy::TYPE_STYLESHEET,
channelPolicy,
loadGroup,
nullptr, // aCallbacks
nsIChannel::LOAD_NORMAL |

View File

@ -13,6 +13,7 @@
#include "nsIPrefService.h"
#include "nsIPrefBranch.h"
#include "nsIViewSourceChannel.h"
#include "nsChannelProperties.h"
#include "nsContentUtils.h"
#include "nsProxyRelease.h"

View File

@ -29,6 +29,7 @@ XPIDL_SOURCES += [
'nsICancelable.idl',
'nsIChannel.idl',
'nsIChannelEventSink.idl',
'nsIChannelPolicy.idl',
'nsIChildChannel.idl',
'nsIContentSniffer.idl',
'nsICryptoFIPSInfo.idl',
@ -136,6 +137,8 @@ EXPORTS += [
'netCore.h',
'nsASocketHandler.h',
'nsAsyncRedirectVerifyHelper.h',
'nsChannelProperties.h',
'nsNetStrings.h',
'nsNetUtil.h',
'nsReadLine.h',
'nsStreamListenerWrapper.h',

View File

@ -0,0 +1,35 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef nsChannelProperties_h__
#define nsChannelProperties_h__
#include "nsStringGlue.h"
#ifdef IMPL_LIBXUL
#include "nsNetStrings.h"
#endif
/**
* @file
* This file contains constants for properties channels can expose.
* They can be accessed by using QueryInterface to access the nsIPropertyBag
* or nsIPropertyBag2 interface on a channel and reading the value.
*/
/**
* Exists to allow content policy mechanism to function properly during channel
* redirects. Contains security contextual information about the load.
* Type: nsIChannelPolicy
*/
#define NS_CHANNEL_PROP_CHANNEL_POLICY_STR "channel-policy"
#ifdef IMPL_LIBXUL
#define NS_CHANNEL_PROP_CHANNEL_POLICY gNetStrings->kChannelPolicy
#else
#define NS_CHANNEL_PROP_CHANNEL_POLICY \
NS_LITERAL_STRING(NS_CHANNEL_PROP_CHANNEL_POLICY_STR)
#endif
#endif

View File

@ -0,0 +1,29 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "nsISupports.idl"
/**
* A container for policy information to be used during channel creation.
*
* This interface exists to allow the content policy mechanism to function
* properly during channel redirects. Channels can be created with this
* interface placed in the property bag and upon redirect, the interface can
* be transferred from the old channel to the new channel.
*/
[scriptable, uuid(18045e96-1afe-4162-837a-04691267158c)]
interface nsIChannelPolicy : nsISupports
{
/**
* Indicates what type of content is being loaded, e.g.
* nsIContentPolicy::TYPE_IMAGE
*/
attribute unsigned long loadType;
/**
* A nsIContentSecurityPolicy object to determine if the load should
* be allowed.
*/
attribute nsISupports contentSecurityPolicy;
};

View File

@ -0,0 +1,24 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef nsNetStrings_h__
#define nsNetStrings_h__
#include "nsLiteralString.h"
/**
* Class on which wide strings are available, to avoid constructing strings
* wherever these strings are used.
*/
class nsNetStrings {
public:
nsNetStrings();
const nsLiteralString kChannelPolicy;
};
extern nsNetStrings* gNetStrings;
#endif

View File

@ -32,6 +32,7 @@
#include "nsIIOService.h"
#include "nsIServiceManager.h"
#include "nsIChannel.h"
#include "nsChannelProperties.h"
#include "nsIInputStreamChannel.h"
#include "nsITransport.h"
#include "nsIStreamTransportService.h"
@ -68,6 +69,7 @@
#include "nsIWritablePropertyBag2.h"
#include "nsIIDNService.h"
#include "nsIChannelEventSink.h"
#include "nsIChannelPolicy.h"
#include "nsISocketProviderService.h"
#include "nsISocketProvider.h"
#include "nsIRedirectChannelRegistrar.h"
@ -200,6 +202,7 @@ inline nsresult
NS_NewChannelInternal(nsIChannel** outChannel,
nsIURI* aUri,
nsILoadInfo* aLoadInfo,
nsIChannelPolicy* aChannelPolicy = nullptr,
nsILoadGroup* aLoadGroup = nullptr,
nsIInterfaceRequestor* aCallbacks = nullptr,
nsLoadFlags aLoadFlags = nsIRequest::LOAD_NORMAL,
@ -233,6 +236,14 @@ NS_NewChannelInternal(nsIChannel** outChannel,
rv = channel->SetLoadFlags(aLoadFlags | (normalLoadFlags & nsIChannel::LOAD_REPLACE));
NS_ENSURE_SUCCESS(rv, rv);
}
if (aChannelPolicy) {
nsCOMPtr<nsIWritablePropertyBag2> props = do_QueryInterface(channel);
if (props) {
props->SetPropertyAsInterface(NS_CHANNEL_PROP_CHANNEL_POLICY, aChannelPolicy);
}
}
channel->SetLoadInfo(aLoadInfo);
// If we're sandboxed, make sure to clear any owner the channel
@ -252,6 +263,7 @@ NS_NewChannelInternal(nsIChannel** outChannel,
nsIPrincipal* aRequestingPrincipal,
nsSecurityFlags aSecurityFlags,
nsContentPolicyType aContentPolicyType,
nsIChannelPolicy* aChannelPolicy = nullptr,
nsILoadGroup* aLoadGroup = nullptr,
nsIInterfaceRequestor* aCallbacks = nullptr,
nsLoadFlags aLoadFlags = nsIRequest::LOAD_NORMAL,
@ -270,6 +282,7 @@ NS_NewChannelInternal(nsIChannel** outChannel,
return NS_NewChannelInternal(outChannel,
aUri,
loadInfo,
aChannelPolicy,
aLoadGroup,
aCallbacks,
aLoadFlags,
@ -282,6 +295,7 @@ NS_NewChannel(nsIChannel** outChannel,
nsINode* aRequestingNode,
nsSecurityFlags aSecurityFlags,
nsContentPolicyType aContentPolicyType,
nsIChannelPolicy* aChannelPolicy = nullptr,
nsILoadGroup* aLoadGroup = nullptr,
nsIInterfaceRequestor* aCallbacks = nullptr,
nsLoadFlags aLoadFlags = nsIRequest::LOAD_NORMAL,
@ -294,6 +308,7 @@ NS_NewChannel(nsIChannel** outChannel,
aRequestingNode->NodePrincipal(),
aSecurityFlags,
aContentPolicyType,
aChannelPolicy,
aLoadGroup,
aCallbacks,
aLoadFlags,
@ -306,6 +321,7 @@ NS_NewChannel(nsIChannel** outChannel,
nsIPrincipal* aRequestingPrincipal,
nsSecurityFlags aSecurityFlags,
nsContentPolicyType aContentPolicyType,
nsIChannelPolicy* aChannelPolicy = nullptr,
nsILoadGroup* aLoadGroup = nullptr,
nsIInterfaceRequestor* aCallbacks = nullptr,
nsLoadFlags aLoadFlags = nsIRequest::LOAD_NORMAL,
@ -317,6 +333,7 @@ NS_NewChannel(nsIChannel** outChannel,
aRequestingPrincipal,
aSecurityFlags,
aContentPolicyType,
aChannelPolicy,
aLoadGroup,
aCallbacks,
aLoadFlags,
@ -349,6 +366,7 @@ NS_OpenURIInternal(nsIInputStream** outStream,
aRequestingPrincipal,
aSecurityFlags,
aContentPolicyType,
nullptr, // aChannelPolicy,
aLoadGroup,
aCallbacks,
aLoadFlags,
@ -405,6 +423,7 @@ NS_OpenURIInternal(nsIStreamListener* aListener,
nsresult rv = NS_NewChannelInternal(getter_AddRefs(channel),
aUri,
aLoadInfo,
nullptr, // aChannelPolicy
aLoadGroup,
aCallbacks,
aLoadFlags,
@ -815,6 +834,7 @@ NS_NewStreamLoaderInternal(nsIStreamLoader** outStream,
aRequestingPrincipal,
aSecurityFlags,
aContentPolicyType,
nullptr, // aChannelPolicy
aLoadGroup,
aCallbacks,
aLoadFlags);

View File

@ -47,6 +47,7 @@ UNIFIED_SOURCES += [
'nsMediaFragmentURIParser.cpp',
'nsMIMEInputStream.cpp',
'nsNetAddr.cpp',
'nsNetStrings.cpp',
'nsNetUtil.cpp',
'nsPACMan.cpp',
'nsPreloadedStream.cpp',

View File

@ -267,6 +267,7 @@ nsIncrementalDownload::ProcessTimeout()
nsContentUtils::GetSystemPrincipal(),
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_OTHER,
nullptr, // aChannelPolicy
nullptr, // loadGroup
this, // aCallbacks
mLoadFlags);

View File

@ -0,0 +1,14 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "nsNetStrings.h"
#include "nsChannelProperties.h"
nsNetStrings* gNetStrings;
nsNetStrings::nsNetStrings()
: NS_LITERAL_STRING_INIT(kChannelPolicy, NS_CHANNEL_PROP_CHANNEL_POLICY_STR)
{}

View File

@ -31,6 +31,7 @@
#include "nsApplicationCache.h"
#include "nsApplicationCacheService.h"
#include "nsMimeTypes.h"
#include "nsNetStrings.h"
#include "nsDNSPrefetch.h"
#include "nsAboutProtocolHandler.h"
#include "nsXULAppAPI.h"
@ -629,9 +630,11 @@ CreateNewBinaryDetectorFactory(nsISupports *aOuter, REFNSIID aIID, void **aResul
// Net module startup hook
static nsresult nsNetStartup()
{
return NS_OK;
gNetStrings = new nsNetStrings();
return gNetStrings ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
}
// Net module shutdown hook
static void nsNetShutdown()
{
@ -644,6 +647,10 @@ static void nsNetShutdown()
net_ShutdownURLHelperOSX();
#endif
// Release necko strings
delete gNetStrings;
gNetStrings = nullptr;
// Release DNS service reference.
nsDNSPrefetch::Shutdown();

View File

@ -132,6 +132,7 @@ FTPChannelParent::DoAsyncOpen(const URIParams& aURI,
requestingPrincipal,
aSecurityFlags,
aContentPolicyType,
nullptr, // aChannelPolicy
nullptr, // aLoadGroup
nullptr, // aCallbacks
nsIRequest::LOAD_NORMAL,

View File

@ -219,6 +219,7 @@ HttpChannelParent::DoAsyncOpen( const URIParams& aURI,
requestingPrincipal,
aSecurityFlags,
aContentPolicyType,
nullptr, // aChannelPolicy
nullptr, // loadGroup
nullptr, // aCallbacks
loadFlags,

View File

@ -92,6 +92,7 @@ WyciwygChannelParent::RecvInit(const URIParams& aURI,
requestingPrincipal,
aSecurityFlags,
aContentPolicyType,
nullptr, // aChannelPolicy
nullptr, // loadGroup
nullptr, // aCallbacks
nsIRequest::LOAD_NORMAL,

View File

@ -312,6 +312,7 @@ nsresult auxLoad(char *uriBuf)
systemPrincipal,
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_OTHER,
nullptr, // aChannelPolicy
nullptr, // loadGroup
callbacks);
@ -370,6 +371,7 @@ int main(int argc, char **argv)
systemPrincipal,
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_OTHER,
nullptr, // aChannelPolicy
nullptr, // loadGroup
callbacks);

View File

@ -49,6 +49,7 @@
#include "nsIPropertyBag2.h"
#include "nsIWritablePropertyBag2.h"
#include "nsITimedChannel.h"
#include "nsChannelProperties.h"
#include "mozilla/Attributes.h"
#include "mozilla/unused.h"
#include "nsIScriptSecurityManager.h"
@ -643,6 +644,7 @@ nsresult StartLoadingURL(const char* aUrlString)
systemPrincipal,
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_OTHER,
nullptr, // aChannelPolicy
nullptr, // loadGroup
callbacks,
nsIRequest::LOAD_NORMAL,

View File

@ -3534,6 +3534,7 @@ nsDownload::Resume()
nsContentUtils::GetSystemPrincipal(),
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_OTHER,
nullptr, // aChannelPolicy
nullptr, // aLoadGroup
ir);

View File

@ -99,6 +99,7 @@ nsUrlClassifierStreamUpdater::FetchUpdate(nsIURI *aUpdateUrl,
nsContentUtils::GetSystemPrincipal(),
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_OTHER,
nullptr, // aChannelPolicy
nullptr, // aLoadGroup
this, // aInterfaceRequestor
loadFlags);

View File

@ -57,6 +57,7 @@
#include "nsNetUtil.h"
#include "nsIIOService.h"
#include "nsNetCID.h"
#include "nsChannelProperties.h"
#include "nsMimeTypes.h"
// used for header disposition information.

View File

@ -185,6 +185,7 @@ nsManifestCheck::Begin()
nsContentUtils::GetSystemPrincipal(),
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_OTHER,
nullptr, // aChannelPolicy
nullptr, // loadGroup
nullptr, // aCallbacks
nsIRequest::LOAD_BYPASS_CACHE);
@ -382,6 +383,7 @@ nsOfflineCacheUpdateItem::OpenChannel(nsOfflineCacheUpdate *aUpdate)
nsContentUtils::GetSystemPrincipal(),
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_OTHER,
nullptr, // aChannelPolicy
nullptr, // aLoadGroup
this, // aCallbacks
flags);

View File

@ -192,6 +192,7 @@ nsPrefetchNode::OpenChannel()
nsContentUtils::GetSystemPrincipal(),
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_OTHER,
nullptr, // aChannelPolicy
loadGroup, // aLoadGroup
this, // aCallbacks
nsIRequest::LOAD_BACKGROUND |

View File

@ -244,7 +244,7 @@ OSXNotificationCenter::ShowAlertNotification(const nsAString & aImageUrl, const
if (imageUri) {
nsresult rv = il->LoadImage(imageUri, nullptr, nullptr, aPrincipal, nullptr,
this, nullptr, nsIRequest::LOAD_NORMAL, nullptr,
EmptyString(),
nullptr, EmptyString(),
getter_AddRefs(osxni->mIconRequest));
if (NS_SUCCEEDED(rv)) {
// Set a timer for six seconds. If we don't have an icon by the time this

View File

@ -305,9 +305,11 @@ nsMenuItemIconX::LoadIcon(nsIURI* aIconURI)
[mNativeMenuItem setImage:sPlaceholderIconImage];
}
// Passing in null for channelPolicy here since nsMenuItemIconX::LoadIcon is
// not exposed to web content
nsresult rv = loader->LoadImage(aIconURI, nullptr, nullptr, nullptr, loadGroup, this,
nullptr, nsIRequest::LOAD_NORMAL, nullptr,
EmptyString(), getter_AddRefs(mIconRequest));
nullptr, nsIRequest::LOAD_NORMAL, nullptr,
nullptr, EmptyString(), getter_AddRefs(mIconRequest));
if (NS_FAILED(rv)) return rv;
// We need to request the icon be decoded (bug 573583, bug 705516).

View File

@ -74,6 +74,7 @@ nsresult nsDataObj::CStream::Init(nsIURI *pSourceURI,
aRequestingNode,
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_OTHER,
nullptr, // aChannelPolicy
nullptr, // loadGroup
nullptr, // aCallbacks
nsIRequest::LOAD_FROM_CACHE);

View File

@ -1305,6 +1305,7 @@ nsDirectoryViewerFactory::CreateInstance(const char *aCommand,
nsContentUtils::GetSystemPrincipal(),
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_OTHER,
nullptr, // aChannelPolicy
aLoadGroup);
if (NS_FAILED(rv)) return rv;