mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-24 13:21:05 +00:00
Bug 1584998
: Make x-frame-options work with fission enabled. r=jkt,farre,johannh
Differential Revision: https://phabricator.services.mozilla.com/D50588 --HG-- extra : moz-landing-system : lando
This commit is contained in:
parent
4409bd1dbb
commit
9c55479432
@ -259,9 +259,9 @@ function initPage() {
|
||||
document.getElementById("netErrorButtonContainer").style.display = "none";
|
||||
}
|
||||
|
||||
if (err == "cspBlocked") {
|
||||
// Remove the "Try again" button for CSP violations, since it's
|
||||
// almost certainly useless. (Bug 553180)
|
||||
if (err == "cspBlocked" || err == "xfoBlocked") {
|
||||
// Remove the "Try again" button for XFO and CSP violations,
|
||||
// since it's almost certainly useless. (Bug 553180)
|
||||
document.getElementById("netErrorButtonContainer").style.display = "none";
|
||||
}
|
||||
|
||||
|
@ -66,6 +66,7 @@
|
||||
<h1 id="et_nssBadCert">&certerror.longpagetitle2;</h1>
|
||||
<h1 id="et_nssBadCert_sts">&certerror.sts.longpagetitle;</h1>
|
||||
<h1 id="et_cspBlocked">&cspBlocked.title;</h1>
|
||||
<h1 id="et_xfoBlocked">&xfoBlocked.title;</h1>
|
||||
<h1 id="et_remoteXUL">&remoteXUL.title;</h1>
|
||||
<h1 id="et_corruptedContentErrorv2">&corruptedContentErrorv2.title;</h1>
|
||||
<h1 id="et_sslv3Used">&sslv3Used.title;</h1>
|
||||
@ -102,6 +103,7 @@
|
||||
<div id="ed_nssBadCert_SEC_ERROR_EXPIRED_CERTIFICATE">&certerror.expiredCert.introPara;</div>
|
||||
<div id="ed_mitm">&certerror.mitm.longDesc;</div>
|
||||
<div id="ed_cspBlocked">&cspBlocked.longDesc;</div>
|
||||
<div id="ed_xfoBlocked">&xfoBlocked.longDesc;</div>
|
||||
<div id="ed_remoteXUL">&remoteXUL.longDesc;</div>
|
||||
<div id="ed_corruptedContentErrorv2">&corruptedContentErrorv2.longDesc;</div>
|
||||
<div id="ed_sslv3Used">&sslv3Used.longDesc2;</div>
|
||||
|
@ -35,6 +35,7 @@ harmfulBlocked=The site at %S has been reported as a potentially harmful site an
|
||||
unwantedBlocked=The site at %S has been reported as serving unwanted software and has been blocked based on your security preferences.
|
||||
deceptiveBlocked=This web page at %S has been reported as a deceptive site and has been blocked based on your security preferences.
|
||||
cspBlocked=This page has a content security policy that prevents it from being loaded in this way.
|
||||
xfoBlocked=This page has an X-Frame-Options policy that prevents it from being loaded in this context.
|
||||
corruptedContentErrorv2=The site at %S has experienced a network protocol violation that cannot be repaired.
|
||||
remoteXUL=This page uses an unsupported technology that is no longer available by default in Firefox.
|
||||
## LOCALIZATION NOTE (sslv3Used) - Do not translate "%S".
|
||||
|
@ -189,6 +189,9 @@ was trying to connect. -->
|
||||
<!ENTITY cspBlocked.title "Blocked by Content Security Policy">
|
||||
<!ENTITY cspBlocked.longDesc "<p>&brandShortName; prevented this page from loading in this way because the page has a content security policy that disallows it.</p>">
|
||||
|
||||
<!ENTITY xfoBlocked.title "Blocked by X-Frame-Options Policy">
|
||||
<!ENTITY xfoBlocked.longDesc "<p>&brandShortName; prevented this page from loading in this context because the page has an X-Frame-Options policy that disallows it.</p>">
|
||||
|
||||
<!ENTITY corruptedContentErrorv2.title "Corrupted Content Error">
|
||||
<!ENTITY corruptedContentErrorv2.longDesc "<p>The page you are trying to view cannot be shown because an error in the data transmission was detected.</p><ul><li>Please contact the website owners to inform them of this problem.</li></ul>">
|
||||
|
||||
|
@ -3847,6 +3847,10 @@ nsDocShell::DisplayLoadError(nsresult aError, nsIURI* aURI,
|
||||
// CSP error
|
||||
cssClass.AssignLiteral("neterror");
|
||||
error = "cspBlocked";
|
||||
} else if (NS_ERROR_XFO_VIOLATION == aError) {
|
||||
// XFO error
|
||||
cssClass.AssignLiteral("neterror");
|
||||
error = "xfoBlocked";
|
||||
} else if (NS_ERROR_GET_MODULE(aError) == NS_ERROR_MODULE_SECURITY) {
|
||||
nsCOMPtr<nsINSSErrorsService> nsserr =
|
||||
do_GetService(NS_NSS_ERRORS_SERVICE_CONTRACTID);
|
||||
@ -10253,10 +10257,10 @@ nsresult nsDocShell::DoURILoad(nsDocShellLoadState* aLoadState,
|
||||
|
||||
bool isActive =
|
||||
mIsActive || (mLoadType & (LOAD_CMD_NORMAL | LOAD_CMD_HISTORY));
|
||||
if (!CreateChannelForLoadState(aLoadState, loadInfo, this, this,
|
||||
initiatorType, loadFlags, mLoadType, cacheKey,
|
||||
isActive, isTopLevelDoc, mBrowsingContext->GetSandboxFlags(), rv,
|
||||
getter_AddRefs(channel))) {
|
||||
if (!CreateChannelForLoadState(
|
||||
aLoadState, loadInfo, this, this, initiatorType, loadFlags, mLoadType,
|
||||
cacheKey, isActive, isTopLevelDoc,
|
||||
mBrowsingContext->GetSandboxFlags(), rv, getter_AddRefs(channel))) {
|
||||
return rv;
|
||||
}
|
||||
|
||||
|
@ -125,8 +125,8 @@ function initPage() {
|
||||
document.getElementById("errorTryAgain").style.display = "none";
|
||||
}
|
||||
|
||||
if (err == "cspBlocked") {
|
||||
// Remove the "Try again" button for CSP violations, since it's
|
||||
if (err == "cspBlocked" || err == "xfoBlocked") {
|
||||
// Remove the "Try again" button for XFO and CSP violations, since it's
|
||||
// almost certainly useless. (Bug 553180)
|
||||
document.getElementById("errorTryAgain").style.display = "none";
|
||||
}
|
||||
|
@ -57,6 +57,7 @@
|
||||
<h1 id="et_nssFailure2">&nssFailure2.title;</h1>
|
||||
<h1 id="et_nssBadCert">&nssBadCert.title;</h1>
|
||||
<h1 id="et_cspBlocked">&cspBlocked.title;</h1>
|
||||
<h1 id="et_xfoBlocked">&xfoBlocked.title;</h1>
|
||||
<h1 id="et_remoteXUL">&remoteXUL.title;</h1>
|
||||
<h1 id="et_corruptedContentErrorv2">&corruptedContentErrorv2.title;</h1>
|
||||
<h1 id="et_inadequateSecurityError">&inadequateSecurityError.title;</h1>
|
||||
@ -86,6 +87,7 @@
|
||||
<div id="ed_nssFailure2">&nssFailure2.longDesc2;</div>
|
||||
<div id="ed_nssBadCert">&nssBadCert.longDesc2;</div>
|
||||
<div id="ed_cspBlocked">&cspBlocked.longDesc;</div>
|
||||
<div id="ed_xfoBlocked">&xfoBlocked.longDesc;</div>
|
||||
<div id="ed_remoteXUL">&remoteXUL.longDesc;</div>
|
||||
<div id="ed_corruptedContentErrorv2">&corruptedContentErrorv2.longDesc;</div>
|
||||
<div id="ed_inadequateSecurityError">&inadequateSecurityError.longDesc;</div>
|
||||
|
@ -99,7 +99,6 @@
|
||||
#include "mozilla/dom/Event.h"
|
||||
#include "mozilla/dom/FeaturePolicy.h"
|
||||
#include "mozilla/dom/FeaturePolicyUtils.h"
|
||||
#include "mozilla/dom/FramingChecker.h"
|
||||
#include "mozilla/dom/HTMLAllCollection.h"
|
||||
#include "mozilla/dom/HTMLMetaElement.h"
|
||||
#include "mozilla/dom/HTMLSharedElement.h"
|
||||
@ -1556,7 +1555,7 @@ void Document::GetFailedCertSecurityInfo(
|
||||
return;
|
||||
}
|
||||
|
||||
for (const auto& certificate: failedCertArray) {
|
||||
for (const auto& certificate : failedCertArray) {
|
||||
rv = certificate->GetIssuerCommonName(issuerCommonName);
|
||||
if (NS_WARN_IF(NS_FAILED(rv))) {
|
||||
aRv.Throw(rv);
|
||||
@ -3009,16 +3008,6 @@ nsresult Document::StartDocumentLoad(const char* aCommand, nsIChannel* aChannel,
|
||||
rv = InitFeaturePolicy(aChannel);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
// XFO needs to be checked after CSP because it is ignored if
|
||||
// the CSP defines frame-ancestors.
|
||||
nsCOMPtr<nsIContentSecurityPolicy> cspForFA = mCSP;
|
||||
if (!FramingChecker::CheckFrameOptions(aChannel, docShell, cspForFA)) {
|
||||
MOZ_LOG(gCspPRLog, LogLevel::Debug,
|
||||
("XFO doesn't like frame's ancestry, not loading."));
|
||||
// stop! ERROR page!
|
||||
aChannel->Cancel(NS_ERROR_CSP_FRAME_ANCESTOR_VIOLATION);
|
||||
}
|
||||
|
||||
rv = loadInfo->GetCookieSettings(getter_AddRefs(mCookieSettings));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
|
@ -41,7 +41,6 @@ support-files =
|
||||
support-files =
|
||||
file_x-frame-options_main.html
|
||||
file_x-frame-options_page.sjs
|
||||
skip-if = fission
|
||||
[browser_bug902350.js]
|
||||
tags = mcb
|
||||
[browser_bug1011748.js]
|
||||
|
@ -6,6 +6,8 @@
|
||||
* https://bugzilla.mozilla.org/show_bug.cgi?id=593387#c17
|
||||
*/
|
||||
|
||||
// X-Frame-Options checks happen in the parent, hence we have to
|
||||
// proxy the csp violation notifications.
|
||||
add_task(async function test() {
|
||||
// We have to disable CSP for this test otherwise the CSP of about:plugins will
|
||||
// block the dynamic frame creation.
|
||||
@ -19,68 +21,82 @@ add_task(async function test() {
|
||||
await BrowserTestUtils.withNewTab(
|
||||
{ gBrowser, url: "about:plugins" },
|
||||
async function(newBrowser) {
|
||||
// Note: We load the about: page in the parent process, so this will work.
|
||||
await ContentTask.spawn(newBrowser, null, testXFOFrameInChrome);
|
||||
// ---------------------------------------------------
|
||||
// Test 1: We load the about: page in the parent process, so this will work.
|
||||
await ContentTask.spawn(newBrowser, null, async function() {
|
||||
// Insert an iframe that specifies "X-Frame-Options: DENY" and verify
|
||||
// that it loads, since the top context is chrome
|
||||
var deferred = {};
|
||||
deferred.promise = new Promise(resolve => {
|
||||
deferred.resolve = resolve;
|
||||
});
|
||||
|
||||
var frame = content.document.createElement("iframe");
|
||||
frame.src =
|
||||
"http://mochi.test:8888/browser/dom/base/test/file_x-frame-options_page.sjs?testid=deny&xfo=deny";
|
||||
frame.addEventListener(
|
||||
"load",
|
||||
function() {
|
||||
// Test that the frame loaded
|
||||
var testFrame = this.contentDocument.getElementById("test");
|
||||
is(testFrame.tagName, "H1", "wrong element type");
|
||||
is(testFrame.textContent, "deny", "wrong textContent");
|
||||
deferred.resolve();
|
||||
},
|
||||
{ capture: true, once: true }
|
||||
);
|
||||
content.document.body.appendChild(frame);
|
||||
return deferred.promise;
|
||||
});
|
||||
|
||||
// ---------------------------------------------------
|
||||
// Test 2: Try the same with a content top-level context)
|
||||
var observerDeferred = {};
|
||||
observerDeferred.promise = new Promise(resolve => {
|
||||
observerDeferred.resolve = resolve;
|
||||
});
|
||||
|
||||
SpecialPowers.registerObservers("xfo-on-violate-policy");
|
||||
|
||||
function examiner() {
|
||||
SpecialPowers.addObserver(this, "specialpowers-xfo-on-violate-policy");
|
||||
}
|
||||
examiner.prototype = {
|
||||
observe(subject, topic, data) {
|
||||
var asciiSpec = SpecialPowers.getPrivilegedProps(
|
||||
SpecialPowers.do_QueryInterface(subject, "nsIURI"),
|
||||
"asciiSpec"
|
||||
);
|
||||
is(
|
||||
asciiSpec,
|
||||
"http://mochi.test:8888/browser/dom/base/test/file_x-frame-options_page.sjs?testid=deny&xfo=deny",
|
||||
"correct subject"
|
||||
);
|
||||
is(topic, "specialpowers-xfo-on-violate-policy", "correct topic");
|
||||
is(data, "DENY", "correct data");
|
||||
|
||||
myExaminer.remove();
|
||||
observerDeferred.resolve();
|
||||
},
|
||||
remove() {
|
||||
SpecialPowers.removeObserver(
|
||||
this,
|
||||
"specialpowers-xfo-on-violate-policy"
|
||||
);
|
||||
},
|
||||
};
|
||||
let myExaminer = new examiner();
|
||||
|
||||
// Run next test (try the same with a content top-level context)
|
||||
await BrowserTestUtils.loadURI(newBrowser, "http://example.com/");
|
||||
await BrowserTestUtils.browserLoaded(newBrowser);
|
||||
|
||||
await ContentTask.spawn(newBrowser, null, testXFOFrameInContent);
|
||||
await ContentTask.spawn(newBrowser, null, function() {
|
||||
var frame = content.document.createElement("iframe");
|
||||
frame.src =
|
||||
"http://mochi.test:8888/browser/dom/base/test/file_x-frame-options_page.sjs?testid=deny&xfo=deny";
|
||||
content.document.body.appendChild(frame);
|
||||
});
|
||||
await observerDeferred.promise;
|
||||
}
|
||||
);
|
||||
});
|
||||
|
||||
function testXFOFrameInChrome() {
|
||||
// Insert an iframe that specifies "X-Frame-Options: DENY" and verify
|
||||
// that it loads, since the top context is chrome
|
||||
var deferred = {};
|
||||
deferred.promise = new Promise(resolve => {
|
||||
deferred.resolve = resolve;
|
||||
});
|
||||
|
||||
var frame = content.document.createElement("iframe");
|
||||
frame.src =
|
||||
"http://mochi.test:8888/browser/dom/base/test/file_x-frame-options_page.sjs?testid=deny&xfo=deny";
|
||||
frame.addEventListener(
|
||||
"load",
|
||||
function() {
|
||||
// Test that the frame loaded
|
||||
var test = this.contentDocument.getElementById("test");
|
||||
is(test.tagName, "H1", "wrong element type");
|
||||
is(test.textContent, "deny", "wrong textContent");
|
||||
deferred.resolve();
|
||||
},
|
||||
{ capture: true, once: true }
|
||||
);
|
||||
|
||||
content.document.body.appendChild(frame);
|
||||
return deferred.promise;
|
||||
}
|
||||
|
||||
function testXFOFrameInContent() {
|
||||
// Insert an iframe that specifies "X-Frame-Options: DENY" and verify that it
|
||||
// is blocked from loading since the top browsing context is another site
|
||||
var deferred = {};
|
||||
deferred.promise = new Promise(resolve => {
|
||||
deferred.resolve = resolve;
|
||||
});
|
||||
|
||||
var frame = content.document.createElement("iframe");
|
||||
frame.src =
|
||||
"http://mochi.test:8888/browser/dom/base/test/file_x-frame-options_page.sjs?testid=deny&xfo=deny";
|
||||
frame.addEventListener(
|
||||
"load",
|
||||
function() {
|
||||
// Test that the frame DID NOT load
|
||||
var test = this.contentDocument.getElementById("test");
|
||||
Assert.equal(test, null, "should be about:blank");
|
||||
|
||||
deferred.resolve();
|
||||
},
|
||||
{ capture: true, once: true }
|
||||
);
|
||||
|
||||
content.document.body.appendChild(frame);
|
||||
return deferred.promise;
|
||||
}
|
||||
|
@ -857,7 +857,6 @@ fail-if = fission
|
||||
[test_window_proto.html]
|
||||
[test_writable-replaceable.html]
|
||||
[test_x-frame-options.html]
|
||||
fail-if = fission # Cross-origin X-Frame-Options
|
||||
skip-if = toolkit == 'android' && debug && !is_fennec
|
||||
[test_youtube_flash_embed.html]
|
||||
# Please keep alphabetical order.
|
||||
|
@ -1199,6 +1199,9 @@ BrowserElementChild.prototype = {
|
||||
case Cr.NS_ERROR_CSP_FRAME_ANCESTOR_VIOLATION:
|
||||
sendAsyncMsg("error", { type: "cspBlocked" });
|
||||
return;
|
||||
case Cr.NS_ERROR_XFO_VIOLATION:
|
||||
sendAsyncMsg("error", { type: "xfoBlocked" });
|
||||
return;
|
||||
case Cr.NS_ERROR_PHISHING_URI:
|
||||
sendAsyncMsg("error", { type: "deceptiveBlocked" });
|
||||
return;
|
||||
|
@ -28,6 +28,7 @@ harmfulBlocked=The site at %S has been reported as a potentially harmful site an
|
||||
unwantedBlocked=The site at %S has been reported as serving unwanted software and has been blocked based on your security preferences.
|
||||
deceptiveBlocked=This web page at %S has been reported as a deceptive site and has been blocked based on your security preferences.
|
||||
cspBlocked=This page has a content security policy that prevents it from being loaded in this way.
|
||||
xfoBlocked=This page has an X-Frame-Options policy that prevents it from being loaded in this context.
|
||||
corruptedContentErrorv2=The site at %S has experienced a network protocol violation that cannot be repaired.
|
||||
remoteXUL=This page uses an unsupported technology that is no longer available by default.
|
||||
sslv3Used=The safety of your data on %S could not be guaranteed because it uses SSLv3, a broken security protocol.
|
||||
|
@ -87,6 +87,9 @@
|
||||
<!ENTITY cspBlocked.title "Blocked by Content Security Policy">
|
||||
<!ENTITY cspBlocked.longDesc "<p>The browser prevented this page from loading in this way because the page has a content security policy that disallows it.</p>">
|
||||
|
||||
<!ENTITY xfoBlocked.title "Blocked by X-Frame-Options Policy">
|
||||
<!ENTITY xfoBlocked.longDesc "<p>The browser prevented this page from loading in this context because the page has an X-Frame-Options policy that disallows it.</p>">
|
||||
|
||||
<!ENTITY corruptedContentErrorv2.title "Corrupted Content Error">
|
||||
<!ENTITY corruptedContentErrorv2.longDesc "<p>The page you are trying to view cannot be shown because an error in the data transmission was detected.</p><ul><li>Please contact the website owners to inform them of this problem.</li></ul>">
|
||||
|
||||
|
@ -7,6 +7,7 @@
|
||||
#include "DOMSecurityManager.h"
|
||||
#include "nsCSPContext.h"
|
||||
#include "nsContentSecurityUtils.h"
|
||||
#include "mozilla/dom/FramingChecker.h"
|
||||
#include "mozilla/dom/WindowGlobalParent.h"
|
||||
|
||||
#include "nsIMultiPartChannel.h"
|
||||
@ -83,7 +84,17 @@ DOMSecurityManager::Observe(nsISupports* aSubject, const char* aTopic,
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
nsresult rv = ParseCSPAndEnforceFrameAncestorCheck(channel);
|
||||
nsCOMPtr<nsIContentSecurityPolicy> csp;
|
||||
nsresult rv =
|
||||
ParseCSPAndEnforceFrameAncestorCheck(channel, getter_AddRefs(csp));
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
|
||||
// X-Frame-Options needs to be enforced after CSP frame-ancestors
|
||||
// checks because if frame-ancestors is present, then x-frame-options
|
||||
// will be discarded
|
||||
rv = EnforeXFrameOptionsCheck(channel, csp);
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
@ -92,7 +103,7 @@ DOMSecurityManager::Observe(nsISupports* aSubject, const char* aTopic,
|
||||
}
|
||||
|
||||
nsresult DOMSecurityManager::ParseCSPAndEnforceFrameAncestorCheck(
|
||||
nsIChannel* aChannel) {
|
||||
nsIChannel* aChannel, nsIContentSecurityPolicy** aOutCSP) {
|
||||
MOZ_ASSERT(aChannel);
|
||||
|
||||
// CSP can only hang off an http channel, if this channel is not
|
||||
@ -176,5 +187,19 @@ nsresult DOMSecurityManager::ParseCSPAndEnforceFrameAncestorCheck(
|
||||
aChannel->Cancel(NS_ERROR_CSP_FRAME_ANCESTOR_VIOLATION);
|
||||
}
|
||||
|
||||
// return the CSP for x-frame-options check
|
||||
csp.forget(aOutCSP);
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
nsresult DOMSecurityManager::EnforeXFrameOptionsCheck(
|
||||
nsIChannel* aChannel, nsIContentSecurityPolicy* aCsp) {
|
||||
MOZ_ASSERT(aChannel);
|
||||
|
||||
if (!FramingChecker::CheckFrameOptions(aChannel, aCsp)) {
|
||||
// stop! ERROR page!
|
||||
aChannel->Cancel(NS_ERROR_XFO_VIOLATION);
|
||||
}
|
||||
return NS_OK;
|
||||
}
|
||||
|
@ -8,6 +8,7 @@
|
||||
#define mozilla_dom_DOMSecurityManager_h
|
||||
|
||||
#include "nsIObserver.h"
|
||||
#include "nsIContentSecurityPolicy.h"
|
||||
|
||||
class DOMSecurityManager final : public nsIObserver {
|
||||
public:
|
||||
@ -23,7 +24,12 @@ class DOMSecurityManager final : public nsIObserver {
|
||||
// Only enforces the frame-anecstor check which needs to happen in
|
||||
// the parent because we can only access the window global in the
|
||||
// parent. The actual CSP gets parsed and applied in content.
|
||||
nsresult ParseCSPAndEnforceFrameAncestorCheck(nsIChannel* aChannel);
|
||||
nsresult ParseCSPAndEnforceFrameAncestorCheck(
|
||||
nsIChannel* aChannel, nsIContentSecurityPolicy** aOutCSP);
|
||||
|
||||
// XFO checks are ignored in case CSP frame-ancestors is present,
|
||||
nsresult EnforeXFrameOptionsCheck(nsIChannel* aChannel,
|
||||
nsIContentSecurityPolicy* aCsp);
|
||||
|
||||
static void Shutdown();
|
||||
};
|
||||
|
@ -19,24 +19,23 @@
|
||||
#include "mozilla/NullPrincipal.h"
|
||||
#include "nsIStringBundle.h"
|
||||
|
||||
#include "nsIObserverService.h"
|
||||
|
||||
using namespace mozilla;
|
||||
|
||||
void FramingChecker::ReportError(const char* aMessageTag,
|
||||
nsIDocShellTreeItem* aParentDocShellItem,
|
||||
nsIURI* aChildURI, const nsAString& aPolicy) {
|
||||
MOZ_ASSERT(aParentDocShellItem, "Need a parent docshell");
|
||||
if (!aChildURI || !aParentDocShellItem) {
|
||||
/* static */
|
||||
void FramingChecker::ReportError(const char* aMessageTag, nsIURI* aParentURI,
|
||||
nsIURI* aChildURI, const nsAString& aPolicy,
|
||||
uint64_t aInnerWindowID) {
|
||||
MOZ_ASSERT(aParentURI, "Need a parent URI");
|
||||
if (!aChildURI || !aParentURI) {
|
||||
return;
|
||||
}
|
||||
|
||||
Document* parentDocument = aParentDocShellItem->GetDocument();
|
||||
MOZ_ASSERT(!parentDocument->NodePrincipal()->IsSystemPrincipal(),
|
||||
"Should not get system principal here.");
|
||||
|
||||
// Get the parent URL spec
|
||||
nsAutoCString parentSpec;
|
||||
nsresult rv;
|
||||
rv = parentDocument->NodePrincipal()->GetAsciiSpec(parentSpec);
|
||||
rv = aParentURI->GetAsciiSpec(parentSpec);
|
||||
if (NS_FAILED(rv)) {
|
||||
return;
|
||||
}
|
||||
@ -82,7 +81,7 @@ void FramingChecker::ReportError(const char* aMessageTag,
|
||||
|
||||
rv = error->InitWithWindowID(message, EmptyString(), EmptyString(), 0, 0,
|
||||
nsIScriptError::errorFlag, "X-Frame-Options",
|
||||
parentDocument->InnerWindowID());
|
||||
aInnerWindowID);
|
||||
if (NS_FAILED(rv)) {
|
||||
return;
|
||||
}
|
||||
@ -90,115 +89,79 @@ void FramingChecker::ReportError(const char* aMessageTag,
|
||||
}
|
||||
|
||||
/* static */
|
||||
bool FramingChecker::CheckOneFrameOptionsPolicy(nsIHttpChannel* aHttpChannel,
|
||||
const nsAString& aPolicy,
|
||||
nsIDocShell* aDocShell) {
|
||||
nsresult rv;
|
||||
// Find the top docshell in our parent chain that doesn't have the system
|
||||
// principal and use it for the principal comparison. Finding the top
|
||||
// content-type docshell doesn't work because some chrome documents are
|
||||
// loaded in content docshells (see bug 593387).
|
||||
nsCOMPtr<nsIDocShellTreeItem> thisDocShellItem(aDocShell);
|
||||
nsCOMPtr<nsIDocShellTreeItem> parentDocShellItem;
|
||||
nsCOMPtr<nsIDocShellTreeItem> curDocShellItem = thisDocShellItem;
|
||||
nsCOMPtr<Document> topDoc;
|
||||
nsCOMPtr<nsIScriptSecurityManager> ssm =
|
||||
do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
|
||||
|
||||
if (!ssm) {
|
||||
MOZ_CRASH();
|
||||
void FramingChecker::ReportError(const char* aMessageTag,
|
||||
BrowsingContext* aParentContext,
|
||||
nsIURI* aChildURI, const nsAString& aPolicy,
|
||||
uint64_t aInnerWindowID) {
|
||||
nsCOMPtr<nsIURI> parentURI;
|
||||
if (aParentContext) {
|
||||
BrowsingContext* topContext = aParentContext->Top();
|
||||
WindowGlobalParent* window =
|
||||
topContext->Canonical()->GetCurrentWindowGlobal();
|
||||
if (window) {
|
||||
parentURI = window->GetDocumentURI();
|
||||
}
|
||||
}
|
||||
ReportError(aMessageTag, parentURI, aChildURI, aPolicy, aInnerWindowID);
|
||||
}
|
||||
|
||||
/* static */
|
||||
bool FramingChecker::CheckOneFrameOptionsPolicy(nsIHttpChannel* aHttpChannel,
|
||||
const nsAString& aPolicy) {
|
||||
nsCOMPtr<nsIURI> uri;
|
||||
aHttpChannel->GetURI(getter_AddRefs(uri));
|
||||
|
||||
nsCOMPtr<nsILoadInfo> loadInfo = aHttpChannel->LoadInfo();
|
||||
uint64_t innerWindowID = loadInfo->GetInnerWindowID();
|
||||
RefPtr<mozilla::dom::BrowsingContext> ctx;
|
||||
loadInfo->GetBrowsingContext(getter_AddRefs(ctx));
|
||||
|
||||
// return early if header does not have one of the values with meaning
|
||||
if (!aPolicy.LowerCaseEqualsLiteral("deny") &&
|
||||
!aPolicy.LowerCaseEqualsLiteral("sameorigin")) {
|
||||
nsCOMPtr<nsIDocShellTreeItem> root;
|
||||
curDocShellItem->GetInProcessSameTypeRootTreeItem(getter_AddRefs(root));
|
||||
ReportError("XFOInvalid", root, uri, aPolicy);
|
||||
return true;
|
||||
}
|
||||
|
||||
// XXXkhuey when does this happen? Is returning true safe here?
|
||||
if (!aDocShell) {
|
||||
return true;
|
||||
}
|
||||
|
||||
// We need to check the location of this window and the location of the top
|
||||
// window, if we're not the top. X-F-O: SAMEORIGIN requires that the
|
||||
// document must be same-origin with top window. X-F-O: DENY requires that
|
||||
// the document must never be framed.
|
||||
nsCOMPtr<nsPIDOMWindowOuter> thisWindow = aDocShell->GetWindow();
|
||||
// If we don't have DOMWindow there is no risk of clickjacking
|
||||
if (!thisWindow) {
|
||||
return true;
|
||||
}
|
||||
|
||||
// GetInProcessScriptableTop, not GetTop, because we want this to respect
|
||||
// <iframe mozbrowser> boundaries.
|
||||
nsCOMPtr<nsPIDOMWindowOuter> topWindow =
|
||||
thisWindow->GetInProcessScriptableTop();
|
||||
|
||||
// if the document is in the top window, it's not in a frame.
|
||||
if (thisWindow == topWindow) {
|
||||
ReportError("XFOInvalid", ctx, uri, aPolicy, innerWindowID);
|
||||
return true;
|
||||
}
|
||||
|
||||
// If the X-Frame-Options value is SAMEORIGIN, then the top frame in the
|
||||
// parent chain must be from the same origin as this document.
|
||||
bool checkSameOrigin = aPolicy.LowerCaseEqualsLiteral("sameorigin");
|
||||
nsCOMPtr<nsIScriptSecurityManager> ssm = nsContentUtils::GetSecurityManager();
|
||||
nsCOMPtr<nsIURI> topUri;
|
||||
|
||||
// Traverse up the parent chain and stop when we see a docshell whose
|
||||
// parent has a system principal, or a docshell corresponding to
|
||||
// <iframe mozbrowser>.
|
||||
while (NS_SUCCEEDED(curDocShellItem->GetInProcessParent(
|
||||
getter_AddRefs(parentDocShellItem))) &&
|
||||
parentDocShellItem) {
|
||||
nsCOMPtr<nsIDocShell> curDocShell = do_QueryInterface(curDocShellItem);
|
||||
if (curDocShell && curDocShell->GetIsMozBrowser()) {
|
||||
break;
|
||||
}
|
||||
|
||||
topDoc = parentDocShellItem->GetDocument();
|
||||
if (topDoc) {
|
||||
if (topDoc->NodePrincipal()->IsSystemPrincipal()) {
|
||||
// Found a system-principled doc: last docshell was top.
|
||||
break;
|
||||
while (ctx) {
|
||||
WindowGlobalParent* window = ctx->Canonical()->GetCurrentWindowGlobal();
|
||||
if (window) {
|
||||
if (window->DocumentPrincipal()->IsSystemPrincipal()) {
|
||||
return true;
|
||||
}
|
||||
// Using the URI of the Principal and not the document because e.g.
|
||||
// window.open inherits the principal and hence the URI of the
|
||||
// opening context needed for same origin checks.
|
||||
nsCOMPtr<nsIPrincipal> principal = window->DocumentPrincipal();
|
||||
principal->GetURI(getter_AddRefs(topUri));
|
||||
|
||||
if (checkSameOrigin) {
|
||||
topDoc->NodePrincipal()->GetURI(getter_AddRefs(topUri));
|
||||
bool isPrivateWin =
|
||||
topDoc->NodePrincipal()->OriginAttributesRef().mPrivateBrowsingId >
|
||||
0;
|
||||
rv = ssm->CheckSameOriginURI(uri, topUri, true, isPrivateWin);
|
||||
|
||||
principal->OriginAttributesRef().mPrivateBrowsingId > 0;
|
||||
nsresult rv = ssm->CheckSameOriginURI(uri, topUri, true, isPrivateWin);
|
||||
// one of the ancestors is not same origin as this document
|
||||
if (NS_FAILED(rv)) {
|
||||
ReportError("XFOSameOrigin", curDocShellItem, uri, aPolicy);
|
||||
ReportError("XFOSameOrigin", topUri, uri, aPolicy, innerWindowID);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
curDocShellItem = parentDocShellItem;
|
||||
}
|
||||
|
||||
// If this document has the top non-SystemPrincipal docshell it is not being
|
||||
// framed or it is being framed by a chrome document, which we allow.
|
||||
if (curDocShellItem == thisDocShellItem) {
|
||||
return true;
|
||||
ctx = ctx->GetParent();
|
||||
}
|
||||
|
||||
// If the value of the header is DENY, and the previous condition is
|
||||
// not met (current docshell is not the top docshell), prohibit the
|
||||
// load.
|
||||
if (aPolicy.LowerCaseEqualsLiteral("deny")) {
|
||||
ReportError("XFODeny", curDocShellItem, uri, aPolicy);
|
||||
RefPtr<mozilla::dom::BrowsingContext> ctx;
|
||||
loadInfo->GetBrowsingContext(getter_AddRefs(ctx));
|
||||
ReportError("XFODeny", ctx, uri, aPolicy, innerWindowID);
|
||||
return false;
|
||||
}
|
||||
|
||||
@ -242,27 +205,37 @@ static bool ShouldIgnoreFrameOptions(nsIChannel* aChannel,
|
||||
// in the request (comma-separated in a header, multiple headers, etc).
|
||||
/* static */
|
||||
bool FramingChecker::CheckFrameOptions(nsIChannel* aChannel,
|
||||
nsIDocShell* aDocShell,
|
||||
nsIContentSecurityPolicy* aCsp) {
|
||||
if (!aChannel || !aDocShell) {
|
||||
MOZ_ASSERT(XRE_IsParentProcess(), "x-frame-options check only in parent");
|
||||
|
||||
if (!aChannel) {
|
||||
return true;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
|
||||
nsContentPolicyType contentType = loadInfo->GetExternalContentPolicyType();
|
||||
|
||||
// xfo check only makes sense for subdocument loads, if this is
|
||||
// not a load of such type, there is nothing to do here.
|
||||
if (contentType != nsIContentPolicy::TYPE_SUBDOCUMENT) {
|
||||
return true;
|
||||
}
|
||||
|
||||
// xfo checks are ignored in case CSP frame-ancestors is present,
|
||||
// if so, there is nothing to do here.
|
||||
if (ShouldIgnoreFrameOptions(aChannel, aCsp)) {
|
||||
return true;
|
||||
}
|
||||
|
||||
nsresult rv;
|
||||
nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(aChannel);
|
||||
if (!httpChannel) {
|
||||
// check if it is hiding in a multipart channel
|
||||
rv = nsDocShell::Cast(aDocShell)->GetHttpChannel(
|
||||
aChannel, getter_AddRefs(httpChannel));
|
||||
if (NS_FAILED(rv)) {
|
||||
return false;
|
||||
}
|
||||
nsCOMPtr<nsIHttpChannel> httpChannel;
|
||||
nsresult rv = nsContentSecurityUtils::GetHttpChannelFromPotentialMultiPart(
|
||||
aChannel, getter_AddRefs(httpChannel));
|
||||
if (NS_WARN_IF(NS_FAILED(rv))) {
|
||||
return true;
|
||||
}
|
||||
|
||||
// xfo can only hang off an httpchannel, if this is not an httpChannel
|
||||
// then there is nothing to do here.
|
||||
if (!httpChannel) {
|
||||
return true;
|
||||
}
|
||||
@ -282,25 +255,19 @@ bool FramingChecker::CheckFrameOptions(nsIChannel* aChannel,
|
||||
nsCharSeparatedTokenizer tokenizer(xfoHeaderValue, ',');
|
||||
while (tokenizer.hasMoreTokens()) {
|
||||
const nsAString& tok = tokenizer.nextToken();
|
||||
if (!CheckOneFrameOptionsPolicy(httpChannel, tok, aDocShell)) {
|
||||
// cancel the load and display about:blank
|
||||
httpChannel->Cancel(NS_BINDING_ABORTED);
|
||||
if (aDocShell) {
|
||||
nsCOMPtr<nsIWebNavigation> webNav(do_QueryObject(aDocShell));
|
||||
if (webNav) {
|
||||
nsCOMPtr<nsILoadInfo> loadInfo = httpChannel->LoadInfo();
|
||||
RefPtr<NullPrincipal> principal =
|
||||
NullPrincipal::CreateWithInheritedAttributes(
|
||||
loadInfo->TriggeringPrincipal());
|
||||
|
||||
LoadURIOptions loadURIOptions;
|
||||
loadURIOptions.mTriggeringPrincipal = principal;
|
||||
webNav->LoadURI(NS_LITERAL_STRING("about:blank"), loadURIOptions);
|
||||
}
|
||||
}
|
||||
if (!CheckOneFrameOptionsPolicy(httpChannel, tok)) {
|
||||
// if xfo blocks the load we are notifying observers for
|
||||
// testing purposes because there is no event to gather
|
||||
// what an iframe load was blocked or not.
|
||||
nsCOMPtr<nsIURI> uri;
|
||||
httpChannel->GetURI(getter_AddRefs(uri));
|
||||
nsCOMPtr<nsIObserverService> observerService =
|
||||
mozilla::services::GetObserverService();
|
||||
nsAutoString policy(tok);
|
||||
observerService->NotifyObservers(uri, "xfo-on-violate-policy",
|
||||
policy.get());
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
@ -14,11 +14,17 @@ class nsIDocShellTreeItem;
|
||||
class nsIURI;
|
||||
class nsIContentSecurityPolicy;
|
||||
|
||||
namespace mozilla {
|
||||
namespace dom {
|
||||
class BrowsingContext;
|
||||
}
|
||||
} // namespace mozilla
|
||||
|
||||
class FramingChecker {
|
||||
public:
|
||||
// Determine if X-Frame-Options allows content to be framed
|
||||
// as a subdocument
|
||||
static bool CheckFrameOptions(nsIChannel* aChannel, nsIDocShell* aDocShell,
|
||||
static bool CheckFrameOptions(nsIChannel* aChannel,
|
||||
nsIContentSecurityPolicy* aCSP);
|
||||
|
||||
protected:
|
||||
@ -28,18 +34,24 @@ class FramingChecker {
|
||||
* Logs to the window about a X-Frame-Options error.
|
||||
*
|
||||
* @param aMessageTag the error message identifier to log
|
||||
* @param aParentDocShellItem the containing docshell that the frame is
|
||||
* loading into
|
||||
* @param aParentURI || aParentBrowsingContext
|
||||
* * @parentURI: the URI
|
||||
* * @aParentBrowsingContext: the BrowsingContext
|
||||
* of the document that the frame is loading into
|
||||
* @param aChildURI the URI of the frame attempting to load
|
||||
* @param aPolicy the header value string from the frame
|
||||
* @param aInnerWindowID the inner window id for logging
|
||||
* to the console.
|
||||
*/
|
||||
static void ReportError(const char* aMessageTag, nsIURI* aParentURI,
|
||||
nsIURI* aChildURI, const nsAString& aPolicy,
|
||||
uint64_t aInnerWindowID);
|
||||
static void ReportError(const char* aMessageTag,
|
||||
nsIDocShellTreeItem* aParentDocShellItem,
|
||||
nsIURI* aChildURI, const nsAString& aPolicy);
|
||||
BrowsingContext* aParentContext, nsIURI* aChildURI,
|
||||
const nsAString& aPolicy, uint64_t aInnerWindowID);
|
||||
|
||||
static bool CheckOneFrameOptionsPolicy(nsIHttpChannel* aHttpChannel,
|
||||
const nsAString& aPolicy,
|
||||
nsIDocShell* aDocShell);
|
||||
const nsAString& aPolicy);
|
||||
};
|
||||
|
||||
#endif /* mozilla_dom_FramingChecker_h */
|
||||
|
@ -27,9 +27,33 @@ function checkFinished() {
|
||||
if (testcounter < 2) {
|
||||
return;
|
||||
}
|
||||
// remove the listener and we are done.
|
||||
window.examiner.remove();
|
||||
SimpleTest.finish();
|
||||
}
|
||||
|
||||
// X-Frame-Options checks happen in the parent, hence we have to
|
||||
// proxy the csp violation notifications.
|
||||
SpecialPowers.registerObservers("xfo-on-violate-policy");
|
||||
|
||||
function examiner() {
|
||||
SpecialPowers.addObserver(this, "specialpowers-xfo-on-violate-policy");
|
||||
}
|
||||
examiner.prototype = {
|
||||
observe(subject, topic, data) {
|
||||
var asciiSpec = SpecialPowers.getPrivilegedProps(SpecialPowers.do_QueryInterface(subject, "nsIURI"), "asciiSpec");
|
||||
|
||||
is(asciiSpec, "http://mochi.test:8888/tests/dom/security/test/csp/file_ro_ignore_xfo.html", "correct subject");
|
||||
is(topic, "specialpowers-xfo-on-violate-policy", "correct topic");
|
||||
is(data, "deny", "correct data");
|
||||
checkFinished();
|
||||
},
|
||||
remove() {
|
||||
SpecialPowers.removeObserver(this, "specialpowers-xfo-on-violate-policy");
|
||||
}
|
||||
}
|
||||
window.examiner = new examiner();
|
||||
|
||||
// 1) test XFO with CSP
|
||||
var csp_testframe = document.getElementById("csp_testframe");
|
||||
csp_testframe.onload = function() {
|
||||
@ -39,17 +63,23 @@ csp_testframe.onload = function() {
|
||||
}
|
||||
csp_testframe.onerror = function() {
|
||||
ok(false, "sanity: should not fire onerror for csp_testframe");
|
||||
checkFinished();
|
||||
}
|
||||
csp_testframe.src = "file_ignore_xfo.html";
|
||||
|
||||
// 2) test XFO with CSP_RO
|
||||
var csp_ro_testframe = document.getElementById("csp_ro_testframe");
|
||||
// If XFO denies framing the neither the onload, nor the onerror
|
||||
// event should fire, because we are displaying a about:neterror.
|
||||
// The actual error we are detecting within this test comes from
|
||||
// the xfo-on-violation-polcy observer.
|
||||
csp_ro_testframe.onload = function() {
|
||||
is(csp_ro_testframe.contentDocument, null, "Blocking frame with with XFO and CSP_RO");
|
||||
ok(false, "sanity: should not fire onload for csp_ro_testframe");
|
||||
checkFinished();
|
||||
}
|
||||
csp_ro_testframe.onerror = function() {
|
||||
ok(false, "sanity: should not fire onerror for csp_ro_testframe");
|
||||
checkFinished();
|
||||
}
|
||||
csp_ro_testframe.src = "file_ro_ignore_xfo.html";
|
||||
|
||||
|
@ -2,6 +2,10 @@
|
||||
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
|
||||
# BEFORE EDITING THIS FILE, PLEASE NOTE:
|
||||
# These strings are only here to support shipping Fennec ESR.
|
||||
# They are unused in GeckoView, so please don't make any changes.
|
||||
|
||||
malformedURI2=The URL is not valid and cannot be loaded.
|
||||
fileNotFound=Firefox can't find the file at %S.
|
||||
fileAccessDenied=The file at %S is not readable.
|
||||
|
@ -175,6 +175,9 @@ be temporary, and you can try again later.</li>
|
||||
<!ENTITY cspBlocked.title "Blocked by Content Security Policy">
|
||||
<!ENTITY cspBlocked.longDesc "<p>&brandShortName; prevented this page from loading in this way because the page has a content security policy that disallows it.</p>">
|
||||
|
||||
<!ENTITY xfoBlocked.title "Blocked by X-Frame-Options Policy">
|
||||
<!ENTITY xfoBlocked.longDesc "<p>&brandShortName; prevented this page from loading in this context because the page has an X-Frame-Options policy that disallows it.</p>">
|
||||
|
||||
<!ENTITY corruptedContentErrorv2.title "Corrupted Content Error">
|
||||
<!ENTITY corruptedContentErrorv2.longDesc "<p>The page you are trying to view cannot be shown because an error in the data transmission was detected.</p><ul><li>Please contact the website owners to inform them of this problem.</li></ul>">
|
||||
|
||||
|
@ -2279,6 +2279,15 @@ SpecialPowersChild.prototype._proxiedObservers = {
|
||||
aMessage.data.data
|
||||
);
|
||||
},
|
||||
|
||||
"specialpowers-xfo-on-violate-policy": function(aMessage) {
|
||||
let subject = Services.io.newURI(aMessage.data.subject);
|
||||
Services.obs.notifyObservers(
|
||||
subject,
|
||||
"specialpowers-xfo-on-violate-policy",
|
||||
aMessage.data.data
|
||||
);
|
||||
},
|
||||
};
|
||||
|
||||
SpecialPowersChild.prototype.permissionObserverProxy = {
|
||||
|
@ -178,6 +178,19 @@ class SpecialPowersParent extends JSWindowActorParent {
|
||||
};
|
||||
this._self.sendAsyncMessage("specialpowers-" + aTopic, msg);
|
||||
return;
|
||||
case "xfo-on-violate-policy":
|
||||
let uriSpec = null;
|
||||
if (aSubject instanceof Ci.nsIURI) {
|
||||
uriSpec = aSubject.asciiSpec;
|
||||
} else {
|
||||
throw new Error("Subject must be nsIURI");
|
||||
}
|
||||
msg = {
|
||||
subject: uriSpec,
|
||||
data: aData,
|
||||
};
|
||||
this._self.sendAsyncMessage("specialpowers-" + aTopic, msg);
|
||||
return;
|
||||
default:
|
||||
this._self.sendAsyncMessage("specialpowers-" + aTopic, msg);
|
||||
}
|
||||
|
@ -0,0 +1,8 @@
|
||||
[deny.sub.html]
|
||||
expected: TIMEOUT
|
||||
|
||||
[`XFO: DENY` blocks same-origin framing.]
|
||||
expected: TIMEOUT
|
||||
|
||||
[`XFO: DENY` blocks cross-origin framing.]
|
||||
expected: TIMEOUT
|
@ -0,0 +1,11 @@
|
||||
[multiple.sub.html]
|
||||
expected: TIMEOUT
|
||||
|
||||
[`XFO: SAMEORIGIN; XFO: DENY` blocks same-origin framing.]
|
||||
expected: TIMEOUT
|
||||
|
||||
[`XFO: DENY; XFO: SAMEORIGIN` blocks same-origin framing.]
|
||||
expected: TIMEOUT
|
||||
|
||||
[`XFO: SAMEORIGIN; XFO: SAMEORIGIN` blocks cross-origin framing.]
|
||||
expected: TIMEOUT
|
@ -0,0 +1,5 @@
|
||||
[redirect.sub.html]
|
||||
expected: TIMEOUT
|
||||
|
||||
[XFO on redirect responses is ignored.]
|
||||
expected: TIMEOUT
|
@ -0,0 +1,14 @@
|
||||
[sameorigin.sub.html]
|
||||
expected: TIMEOUT
|
||||
|
||||
[`XFO: SAMEORIGIN` blocks cross-origin framing.]
|
||||
expected: TIMEOUT
|
||||
|
||||
[`XFO: SAMEORIGIN` blocks cross-origin nested in same-origin framing.]
|
||||
expected: TIMEOUT
|
||||
|
||||
[`XFO: SAMEORIGIN` blocks same-origin nested in cross-origin framing.]
|
||||
expected: TIMEOUT
|
||||
|
||||
[`XFO: SAMEORIGIN` blocks cross-origin nested in cross-origin framing.]
|
||||
expected: TIMEOUT
|
@ -788,6 +788,9 @@ with modules["PROFILE"]:
|
||||
# 21: NS_ERROR_MODULE_SECURITY
|
||||
# =======================================================================
|
||||
with modules["SECURITY"]:
|
||||
# Error code for XFO
|
||||
errors["NS_ERROR_XFO_VIOLATION"] = FAILURE(96)
|
||||
|
||||
# Error code for CSP
|
||||
errors["NS_ERROR_CSP_NAVIGATE_TO_VIOLATION"] = FAILURE(97)
|
||||
errors["NS_ERROR_CSP_FORM_ACTION_VIOLATION"] = FAILURE(98)
|
||||
|
Loading…
Reference in New Issue
Block a user