Bug 1605814 - Don't capture CSP nonce when loading a child sheet. r=emilio,ckerschb

Differential Revision: https://phabricator.services.mozilla.com/D58686 --HG-- extra : moz-landing-system : lando
2024-10-18 07:45:30 +00:00 · 2020-01-13 11:47:25 +00:00 · 2020-01-13 11:47:25 +00:00 · 84c462a2d0
commit 84c462a2d0
parent 4e8d36ea9b
9 changed files with 43 additions and 19 deletions
--- a/dom/base/nsContentSink.cpp
+++ b/dom/base/nsContentSink.cpp
@ -681,6 +681,8 @@ nsresult nsContentSink::ProcessStyleLinkFromHeader(
      CORS_NONE,
      aTitle,
      aMedia,
+      /* integrity = */ EmptyString(),
+      /* nonce = */ EmptyString(),
      aAlternate ? Loader::HasAlternateRel::Yes : Loader::HasAlternateRel::No,
      Loader::IsInline::No,
      Loader::IsExplicitlyEnabled::No,
--- a/dom/base/nsIStyleSheetLinkingElement.h
+++ b/dom/base/nsIStyleSheetLinkingElement.h
@ -98,6 +98,7 @@ class nsIStyleSheetLinkingElement : public nsISupports {
    nsString mTitle;
    nsString mMedia;
    nsString mIntegrity;
+    nsString mNonce;

    bool mHasAlternateRel;
    bool mIsInline;
@ -108,7 +109,10 @@ class nsIStyleSheetLinkingElement : public nsISupports {
              already_AddRefed<nsIPrincipal> aTriggeringPrincipal,
              already_AddRefed<nsIReferrerInfo> aReferrerInfo,
              mozilla::CORSMode, const nsAString& aTitle,
-              const nsAString& aMedia, HasAlternateRel, IsInline,
+              const nsAString& aMedia,
+              const nsAString& aIntegrity,
+              const nsAString& aNonce,
+              HasAlternateRel, IsInline,
              IsExplicitlyEnabled);

    ~SheetInfo();
--- a/dom/base/nsStyleLinkElement.cpp
+++ b/dom/base/nsStyleLinkElement.cpp
@ -40,7 +40,8 @@ nsStyleLinkElement::SheetInfo::SheetInfo(
    already_AddRefed<nsIPrincipal> aTriggeringPrincipal,
    already_AddRefed<nsIReferrerInfo> aReferrerInfo,
    mozilla::CORSMode aCORSMode, const nsAString& aTitle,
-    const nsAString& aMedia, HasAlternateRel aHasAlternateRel,
+    const nsAString& aMedia, const nsAString& aIntegrity,
+    const nsAString& aNonce, HasAlternateRel aHasAlternateRel,
    IsInline aIsInline, IsExplicitlyEnabled aIsExplicitlyEnabled)
    : mContent(aContent),
      mURI(aURI),
@ -49,17 +50,16 @@ nsStyleLinkElement::SheetInfo::SheetInfo(
      mCORSMode(aCORSMode),
      mTitle(aTitle),
      mMedia(aMedia),
+      mIntegrity(aIntegrity),
+      mNonce(aNonce),
      mHasAlternateRel(aHasAlternateRel == HasAlternateRel::Yes),
      mIsInline(aIsInline == IsInline::Yes),
      mIsExplicitlyEnabled(aIsExplicitlyEnabled) {
  MOZ_ASSERT(!mIsInline || aContent);
  MOZ_ASSERT_IF(aContent, aContent->OwnerDoc() == &aDocument);
  MOZ_ASSERT(mReferrerInfo);
-
-  if (!mIsInline && aContent && aContent->IsElement()) {
-    aContent->AsElement()->GetAttr(kNameSpaceID_None, nsGkAtoms::integrity,
-                                   mIntegrity);
-  }
+  MOZ_ASSERT(mIntegrity.IsEmpty() || !mIsInline,
+             "Integrity only applies to <link>");
 }

 nsStyleLinkElement::SheetInfo::~SheetInfo() = default;
--- a/dom/html/HTMLLinkElement.cpp
+++ b/dom/html/HTMLLinkElement.cpp
@ -464,10 +464,17 @@ Maybe<nsStyleLinkElement::SheetInfo> HTMLLinkElement::GetStyleSheetInfo() {
    return Nothing();
  }

+  nsAutoString integrity;
+  GetAttr(kNameSpaceID_None, nsGkAtoms::integrity, integrity);
+
  nsCOMPtr<nsIURI> uri = Link::GetURI();
  nsCOMPtr<nsIPrincipal> prin = mTriggeringPrincipal;
  nsCOMPtr<nsIReferrerInfo> referrerInfo = new ReferrerInfo();
  referrerInfo->InitWithNode(this);
+
+  nsAutoString nonce;
+  GetAttr(kNameSpaceID_None, nsGkAtoms::nonce, nonce);
+
  return Some(SheetInfo{
      *OwnerDoc(),
      this,
@ -477,6 +484,8 @@ Maybe<nsStyleLinkElement::SheetInfo> HTMLLinkElement::GetStyleSheetInfo() {
      GetCORSMode(),
      title,
      media,
+      integrity,
+      nonce,
      alternate ? HasAlternateRel::Yes : HasAlternateRel::No,
      IsInline::No,
      mExplicitlyEnabled ? IsExplicitlyEnabled::Yes : IsExplicitlyEnabled::No,
--- a/dom/html/HTMLStyleElement.cpp
+++ b/dom/html/HTMLStyleElement.cpp
@ -174,16 +174,20 @@ Maybe<nsStyleLinkElement::SheetInfo> HTMLStyleElement::GetStyleSheetInfo() {

  nsCOMPtr<nsIReferrerInfo> referrerInfo = new ReferrerInfo();
  referrerInfo->InitWithNode(this);
-  nsCOMPtr<nsIPrincipal> prin = mTriggeringPrincipal;
+
  return Some(SheetInfo{
      *OwnerDoc(),
      this,
      nullptr,
-      prin.forget(),
+      do_AddRef(mTriggeringPrincipal),
      referrerInfo.forget(),
      CORS_NONE,
      title,
      media,
+      /* integrity = */ EmptyString(),
+      /* nsStyleUtil::CSPAllowsInlineStyle takes care of nonce checking for
+         inline styles. Bug 1607011 */
+      /* nonce = */ EmptyString(),
      HasAlternateRel::No,
      IsInline::Yes,
      IsExplicitlyEnabled::No,
--- a/dom/svg/SVGStyleElement.cpp
+++ b/dom/svg/SVGStyleElement.cpp
@ -195,6 +195,10 @@ Maybe<nsStyleLinkElement::SheetInfo> SVGStyleElement::GetStyleSheetInfo() {
      AttrValueToCORSMode(GetParsedAttr(nsGkAtoms::crossorigin)),
      title,
      media,
+      /* integrity = */ EmptyString(),
+      /* nsStyleUtil::CSPAllowsInlineStyle takes care of nonce checking for
+         inline styles. Bug 1607011 */
+      /* nonce = */ EmptyString(),
      HasAlternateRel::No,
      IsInline::Yes,
      IsExplicitlyEnabled::No,
--- a/dom/xml/XMLStylesheetProcessingInstruction.cpp
+++ b/dom/xml/XMLStylesheetProcessingInstruction.cpp
@ -136,6 +136,8 @@ XMLStylesheetProcessingInstruction::GetStyleSheetInfo() {
      CORS_NONE,
      title,
      media,
+      /* integrity = */ EmptyString(),
+      /* nonce = */ EmptyString(),
      alternate ? HasAlternateRel::Yes : HasAlternateRel::No,
      IsInline::No,
      IsExplicitlyEnabled::No,
--- a/layout/style/Loader.cpp
+++ b/layout/style/Loader.cpp
@ -1066,6 +1066,7 @@ nsresult Loader::CheckContentPolicy(nsIPrincipal* aLoadingPrincipal,
                                    nsIPrincipal* aTriggeringPrincipal,
                                    nsIURI* aTargetURI,
                                    nsINode* aRequestingNode,
+                                    const nsAString& aNonce,
                                    IsPreload aIsPreload) {
  // When performing a system load (e.g. aUseSystemPrincipal = true)
  // then aLoadingPrincipal == null; don't consult content policies.
@ -1084,12 +1085,8 @@ nsresult Loader::CheckContentPolicy(nsIPrincipal* aLoadingPrincipal,

  // snapshot the nonce at load start time for performing CSP checks
  if (contentPolicyType == nsIContentPolicy::TYPE_INTERNAL_STYLESHEET) {
-    nsCOMPtr<Element> element = do_QueryInterface(aRequestingNode);
-    if (element && element->IsHTMLElement()) {
-      nsAutoString cspNonce;
-      element->GetAttr(nsGkAtoms::nonce, cspNonce);
-      secCheckLoadInfo->SetCspNonce(cspNonce);
-    }
+    secCheckLoadInfo->SetCspNonce(aNonce);
+    MOZ_ASSERT_IF(aIsPreload != IsPreload::No, aNonce.IsEmpty());
  }

  int16_t shouldLoad = nsIContentPolicy::ACCEPT;
@ -1404,6 +1401,7 @@ nsresult Loader::LoadSheet(SheetLoadData& aLoadData, SheetState aSheetState,
      nsCOMPtr<Element> element = do_QueryInterface(aLoadData.mRequestingNode);
      if (element && element->IsHTMLElement()) {
        nsAutoString cspNonce;
+        // TODO(bug 1607009) move to SheetLoadData
        element->GetAttr(nsGkAtoms::nonce, cspNonce);
        nsCOMPtr<nsILoadInfo> loadInfo = channel->LoadInfo();
        loadInfo->SetCspNonce(cspNonce);
@ -1534,6 +1532,7 @@ nsresult Loader::LoadSheet(SheetLoadData& aLoadData, SheetState aSheetState,
    nsCOMPtr<Element> element = do_QueryInterface(aLoadData.mRequestingNode);
    if (element && element->IsHTMLElement()) {
      nsAutoString cspNonce;
+      // TODO(bug 1607009) move to SheetLoadData
      element->GetAttr(nsGkAtoms::nonce, cspNonce);
      nsCOMPtr<nsILoadInfo> loadInfo = channel->LoadInfo();
      loadInfo->SetCspNonce(cspNonce);
@ -2018,7 +2017,7 @@ Result<Loader::LoadSheetResult, nsresult> Loader::LoadStyleLink(
  MOZ_ASSERT_IF(syncLoad, !aObserver);

  nsresult rv = CheckContentPolicy(loadingPrincipal, principal, aInfo.mURI,
-                                   context, IsPreload::No);
+                                   context, aInfo.mNonce, IsPreload::No);
  if (NS_WARN_IF(NS_FAILED(rv))) {
    // Don't fire the error event if our document is loaded as data.  We're
    // supposed to not even try to do loads in that case... Unfortunately, we
@ -2167,7 +2166,7 @@ nsresult Loader::LoadChildSheet(StyleSheet& aParentSheet,

  nsIPrincipal* principal = aParentSheet.Principal();
  nsresult rv = CheckContentPolicy(loadingPrincipal, principal, aURL, context,
-                                   IsPreload::No);
+                                   EmptyString(), IsPreload::No);
  if (NS_WARN_IF(NS_FAILED(rv))) {
    if (aParentData) {
      MarkLoadTreeFailed(*aParentData);
@ -2292,7 +2291,7 @@ Result<RefPtr<StyleSheet>, nsresult> Loader::InternalLoadNonDocumentSheet(
  nsCOMPtr<nsIPrincipal> loadingPrincipal =
      (aOriginPrincipal && mDocument ? mDocument->NodePrincipal() : nullptr);
  nsresult rv = CheckContentPolicy(loadingPrincipal, aOriginPrincipal, aURL,
-                                   mDocument, aIsPreload);
+                                   mDocument, EmptyString(), aIsPreload);
  if (NS_FAILED(rv)) {
    return Err(rv);
  }
--- a/layout/style/Loader.h
+++ b/layout/style/Loader.h
@ -331,7 +331,7 @@ class Loader final {
  nsresult CheckContentPolicy(nsIPrincipal* aLoadingPrincipal,
                              nsIPrincipal* aTriggeringPrincipal,
                              nsIURI* aTargetURI, nsINode* aRequestingNode,
-                              IsPreload);
+                              const nsAString& aNonce, IsPreload);

  enum class SheetState : uint8_t {
    Unknown = 0,