mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-18 07:45:30 +00:00
Bug 1605814 - Don't capture CSP nonce when loading a child sheet. r=emilio,ckerschb
Differential Revision: https://phabricator.services.mozilla.com/D58686 --HG-- extra : moz-landing-system : lando
This commit is contained in:
parent
4e8d36ea9b
commit
84c462a2d0
@ -681,6 +681,8 @@ nsresult nsContentSink::ProcessStyleLinkFromHeader(
|
||||
CORS_NONE,
|
||||
aTitle,
|
||||
aMedia,
|
||||
/* integrity = */ EmptyString(),
|
||||
/* nonce = */ EmptyString(),
|
||||
aAlternate ? Loader::HasAlternateRel::Yes : Loader::HasAlternateRel::No,
|
||||
Loader::IsInline::No,
|
||||
Loader::IsExplicitlyEnabled::No,
|
||||
|
@ -98,6 +98,7 @@ class nsIStyleSheetLinkingElement : public nsISupports {
|
||||
nsString mTitle;
|
||||
nsString mMedia;
|
||||
nsString mIntegrity;
|
||||
nsString mNonce;
|
||||
|
||||
bool mHasAlternateRel;
|
||||
bool mIsInline;
|
||||
@ -108,7 +109,10 @@ class nsIStyleSheetLinkingElement : public nsISupports {
|
||||
already_AddRefed<nsIPrincipal> aTriggeringPrincipal,
|
||||
already_AddRefed<nsIReferrerInfo> aReferrerInfo,
|
||||
mozilla::CORSMode, const nsAString& aTitle,
|
||||
const nsAString& aMedia, HasAlternateRel, IsInline,
|
||||
const nsAString& aMedia,
|
||||
const nsAString& aIntegrity,
|
||||
const nsAString& aNonce,
|
||||
HasAlternateRel, IsInline,
|
||||
IsExplicitlyEnabled);
|
||||
|
||||
~SheetInfo();
|
||||
|
@ -40,7 +40,8 @@ nsStyleLinkElement::SheetInfo::SheetInfo(
|
||||
already_AddRefed<nsIPrincipal> aTriggeringPrincipal,
|
||||
already_AddRefed<nsIReferrerInfo> aReferrerInfo,
|
||||
mozilla::CORSMode aCORSMode, const nsAString& aTitle,
|
||||
const nsAString& aMedia, HasAlternateRel aHasAlternateRel,
|
||||
const nsAString& aMedia, const nsAString& aIntegrity,
|
||||
const nsAString& aNonce, HasAlternateRel aHasAlternateRel,
|
||||
IsInline aIsInline, IsExplicitlyEnabled aIsExplicitlyEnabled)
|
||||
: mContent(aContent),
|
||||
mURI(aURI),
|
||||
@ -49,17 +50,16 @@ nsStyleLinkElement::SheetInfo::SheetInfo(
|
||||
mCORSMode(aCORSMode),
|
||||
mTitle(aTitle),
|
||||
mMedia(aMedia),
|
||||
mIntegrity(aIntegrity),
|
||||
mNonce(aNonce),
|
||||
mHasAlternateRel(aHasAlternateRel == HasAlternateRel::Yes),
|
||||
mIsInline(aIsInline == IsInline::Yes),
|
||||
mIsExplicitlyEnabled(aIsExplicitlyEnabled) {
|
||||
MOZ_ASSERT(!mIsInline || aContent);
|
||||
MOZ_ASSERT_IF(aContent, aContent->OwnerDoc() == &aDocument);
|
||||
MOZ_ASSERT(mReferrerInfo);
|
||||
|
||||
if (!mIsInline && aContent && aContent->IsElement()) {
|
||||
aContent->AsElement()->GetAttr(kNameSpaceID_None, nsGkAtoms::integrity,
|
||||
mIntegrity);
|
||||
}
|
||||
MOZ_ASSERT(mIntegrity.IsEmpty() || !mIsInline,
|
||||
"Integrity only applies to <link>");
|
||||
}
|
||||
|
||||
nsStyleLinkElement::SheetInfo::~SheetInfo() = default;
|
||||
|
@ -464,10 +464,17 @@ Maybe<nsStyleLinkElement::SheetInfo> HTMLLinkElement::GetStyleSheetInfo() {
|
||||
return Nothing();
|
||||
}
|
||||
|
||||
nsAutoString integrity;
|
||||
GetAttr(kNameSpaceID_None, nsGkAtoms::integrity, integrity);
|
||||
|
||||
nsCOMPtr<nsIURI> uri = Link::GetURI();
|
||||
nsCOMPtr<nsIPrincipal> prin = mTriggeringPrincipal;
|
||||
nsCOMPtr<nsIReferrerInfo> referrerInfo = new ReferrerInfo();
|
||||
referrerInfo->InitWithNode(this);
|
||||
|
||||
nsAutoString nonce;
|
||||
GetAttr(kNameSpaceID_None, nsGkAtoms::nonce, nonce);
|
||||
|
||||
return Some(SheetInfo{
|
||||
*OwnerDoc(),
|
||||
this,
|
||||
@ -477,6 +484,8 @@ Maybe<nsStyleLinkElement::SheetInfo> HTMLLinkElement::GetStyleSheetInfo() {
|
||||
GetCORSMode(),
|
||||
title,
|
||||
media,
|
||||
integrity,
|
||||
nonce,
|
||||
alternate ? HasAlternateRel::Yes : HasAlternateRel::No,
|
||||
IsInline::No,
|
||||
mExplicitlyEnabled ? IsExplicitlyEnabled::Yes : IsExplicitlyEnabled::No,
|
||||
|
@ -174,16 +174,20 @@ Maybe<nsStyleLinkElement::SheetInfo> HTMLStyleElement::GetStyleSheetInfo() {
|
||||
|
||||
nsCOMPtr<nsIReferrerInfo> referrerInfo = new ReferrerInfo();
|
||||
referrerInfo->InitWithNode(this);
|
||||
nsCOMPtr<nsIPrincipal> prin = mTriggeringPrincipal;
|
||||
|
||||
return Some(SheetInfo{
|
||||
*OwnerDoc(),
|
||||
this,
|
||||
nullptr,
|
||||
prin.forget(),
|
||||
do_AddRef(mTriggeringPrincipal),
|
||||
referrerInfo.forget(),
|
||||
CORS_NONE,
|
||||
title,
|
||||
media,
|
||||
/* integrity = */ EmptyString(),
|
||||
/* nsStyleUtil::CSPAllowsInlineStyle takes care of nonce checking for
|
||||
inline styles. Bug 1607011 */
|
||||
/* nonce = */ EmptyString(),
|
||||
HasAlternateRel::No,
|
||||
IsInline::Yes,
|
||||
IsExplicitlyEnabled::No,
|
||||
|
@ -195,6 +195,10 @@ Maybe<nsStyleLinkElement::SheetInfo> SVGStyleElement::GetStyleSheetInfo() {
|
||||
AttrValueToCORSMode(GetParsedAttr(nsGkAtoms::crossorigin)),
|
||||
title,
|
||||
media,
|
||||
/* integrity = */ EmptyString(),
|
||||
/* nsStyleUtil::CSPAllowsInlineStyle takes care of nonce checking for
|
||||
inline styles. Bug 1607011 */
|
||||
/* nonce = */ EmptyString(),
|
||||
HasAlternateRel::No,
|
||||
IsInline::Yes,
|
||||
IsExplicitlyEnabled::No,
|
||||
|
@ -136,6 +136,8 @@ XMLStylesheetProcessingInstruction::GetStyleSheetInfo() {
|
||||
CORS_NONE,
|
||||
title,
|
||||
media,
|
||||
/* integrity = */ EmptyString(),
|
||||
/* nonce = */ EmptyString(),
|
||||
alternate ? HasAlternateRel::Yes : HasAlternateRel::No,
|
||||
IsInline::No,
|
||||
IsExplicitlyEnabled::No,
|
||||
|
@ -1066,6 +1066,7 @@ nsresult Loader::CheckContentPolicy(nsIPrincipal* aLoadingPrincipal,
|
||||
nsIPrincipal* aTriggeringPrincipal,
|
||||
nsIURI* aTargetURI,
|
||||
nsINode* aRequestingNode,
|
||||
const nsAString& aNonce,
|
||||
IsPreload aIsPreload) {
|
||||
// When performing a system load (e.g. aUseSystemPrincipal = true)
|
||||
// then aLoadingPrincipal == null; don't consult content policies.
|
||||
@ -1084,12 +1085,8 @@ nsresult Loader::CheckContentPolicy(nsIPrincipal* aLoadingPrincipal,
|
||||
|
||||
// snapshot the nonce at load start time for performing CSP checks
|
||||
if (contentPolicyType == nsIContentPolicy::TYPE_INTERNAL_STYLESHEET) {
|
||||
nsCOMPtr<Element> element = do_QueryInterface(aRequestingNode);
|
||||
if (element && element->IsHTMLElement()) {
|
||||
nsAutoString cspNonce;
|
||||
element->GetAttr(nsGkAtoms::nonce, cspNonce);
|
||||
secCheckLoadInfo->SetCspNonce(cspNonce);
|
||||
}
|
||||
secCheckLoadInfo->SetCspNonce(aNonce);
|
||||
MOZ_ASSERT_IF(aIsPreload != IsPreload::No, aNonce.IsEmpty());
|
||||
}
|
||||
|
||||
int16_t shouldLoad = nsIContentPolicy::ACCEPT;
|
||||
@ -1404,6 +1401,7 @@ nsresult Loader::LoadSheet(SheetLoadData& aLoadData, SheetState aSheetState,
|
||||
nsCOMPtr<Element> element = do_QueryInterface(aLoadData.mRequestingNode);
|
||||
if (element && element->IsHTMLElement()) {
|
||||
nsAutoString cspNonce;
|
||||
// TODO(bug 1607009) move to SheetLoadData
|
||||
element->GetAttr(nsGkAtoms::nonce, cspNonce);
|
||||
nsCOMPtr<nsILoadInfo> loadInfo = channel->LoadInfo();
|
||||
loadInfo->SetCspNonce(cspNonce);
|
||||
@ -1534,6 +1532,7 @@ nsresult Loader::LoadSheet(SheetLoadData& aLoadData, SheetState aSheetState,
|
||||
nsCOMPtr<Element> element = do_QueryInterface(aLoadData.mRequestingNode);
|
||||
if (element && element->IsHTMLElement()) {
|
||||
nsAutoString cspNonce;
|
||||
// TODO(bug 1607009) move to SheetLoadData
|
||||
element->GetAttr(nsGkAtoms::nonce, cspNonce);
|
||||
nsCOMPtr<nsILoadInfo> loadInfo = channel->LoadInfo();
|
||||
loadInfo->SetCspNonce(cspNonce);
|
||||
@ -2018,7 +2017,7 @@ Result<Loader::LoadSheetResult, nsresult> Loader::LoadStyleLink(
|
||||
MOZ_ASSERT_IF(syncLoad, !aObserver);
|
||||
|
||||
nsresult rv = CheckContentPolicy(loadingPrincipal, principal, aInfo.mURI,
|
||||
context, IsPreload::No);
|
||||
context, aInfo.mNonce, IsPreload::No);
|
||||
if (NS_WARN_IF(NS_FAILED(rv))) {
|
||||
// Don't fire the error event if our document is loaded as data. We're
|
||||
// supposed to not even try to do loads in that case... Unfortunately, we
|
||||
@ -2167,7 +2166,7 @@ nsresult Loader::LoadChildSheet(StyleSheet& aParentSheet,
|
||||
|
||||
nsIPrincipal* principal = aParentSheet.Principal();
|
||||
nsresult rv = CheckContentPolicy(loadingPrincipal, principal, aURL, context,
|
||||
IsPreload::No);
|
||||
EmptyString(), IsPreload::No);
|
||||
if (NS_WARN_IF(NS_FAILED(rv))) {
|
||||
if (aParentData) {
|
||||
MarkLoadTreeFailed(*aParentData);
|
||||
@ -2292,7 +2291,7 @@ Result<RefPtr<StyleSheet>, nsresult> Loader::InternalLoadNonDocumentSheet(
|
||||
nsCOMPtr<nsIPrincipal> loadingPrincipal =
|
||||
(aOriginPrincipal && mDocument ? mDocument->NodePrincipal() : nullptr);
|
||||
nsresult rv = CheckContentPolicy(loadingPrincipal, aOriginPrincipal, aURL,
|
||||
mDocument, aIsPreload);
|
||||
mDocument, EmptyString(), aIsPreload);
|
||||
if (NS_FAILED(rv)) {
|
||||
return Err(rv);
|
||||
}
|
||||
|
@ -331,7 +331,7 @@ class Loader final {
|
||||
nsresult CheckContentPolicy(nsIPrincipal* aLoadingPrincipal,
|
||||
nsIPrincipal* aTriggeringPrincipal,
|
||||
nsIURI* aTargetURI, nsINode* aRequestingNode,
|
||||
IsPreload);
|
||||
const nsAString& aNonce, IsPreload);
|
||||
|
||||
enum class SheetState : uint8_t {
|
||||
Unknown = 0,
|
||||
|
Loading…
Reference in New Issue
Block a user