mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-14 05:45:37 +00:00
Bug 858789 - CSP should use the spec compliant pref to determine what parser to use for apps (r=jst)
This commit is contained in:
parent
b5d5319eca
commit
6e905c8967
@ -2418,17 +2418,14 @@ nsDocument::InitCSP(nsIChannel* aChannel)
|
||||
NS_ConvertASCIItoUTF16 cspOldHeaderValue(tCspOldHeaderValue);
|
||||
NS_ConvertASCIItoUTF16 cspOldROHeaderValue(tCspOldROHeaderValue);
|
||||
|
||||
// Until we want to turn on our CSP 1.0 spec compliant support
|
||||
// only use the 1.0 spec compliant headers if a pref to do so
|
||||
// is set (this lets us land CSP 1.0 support with tests without
|
||||
// having to turn it on before it's ready). When we turn on
|
||||
// CSP 1.0 in the release, we should remove this pref check.
|
||||
// This pref will never be set by default, it should only
|
||||
// be created/set by the CSP tests.
|
||||
if (!cspHeaderValue.IsEmpty() || !cspROHeaderValue.IsEmpty()) {
|
||||
bool specCompliantEnabled =
|
||||
Preferences::GetBool("security.csp.speccompliant");
|
||||
// Only use the CSP 1.0 spec compliant headers if a pref to do so
|
||||
// is set. This lets us turn on the 1.0 parser per platform. This
|
||||
// pref is also set by the tests for 1.0 spec compliant CSP.
|
||||
bool specCompliantEnabled =
|
||||
Preferences::GetBool("security.csp.speccompliant");
|
||||
|
||||
if ((!cspHeaderValue.IsEmpty() || !cspROHeaderValue.IsEmpty()) &&
|
||||
!specCompliantEnabled) {
|
||||
// If spec compliant pref isn't set, pretend we never got
|
||||
// these headers.
|
||||
if (!specCompliantEnabled) {
|
||||
@ -2523,7 +2520,8 @@ nsDocument::InitCSP(nsIChannel* aChannel)
|
||||
}
|
||||
|
||||
if (appCSP)
|
||||
csp->RefinePolicy(appCSP, chanURI, true);
|
||||
// Use the 1.0 CSP parser for apps if the pref to do so is set.
|
||||
csp->RefinePolicy(appCSP, chanURI, specCompliantEnabled);
|
||||
}
|
||||
|
||||
// While we are supporting both CSP 1.0 and the x- headers, the 1.0 headers
|
||||
|
Loading…
Reference in New Issue
Block a user