mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-09 03:15:11 +00:00
Bug 1409200 - Use nsILoadInfo for nsIContentSecurityPolicy::ShouldLoad. r=freddyb
Differential Revision: https://phabricator.services.mozilla.com/D179823
This commit is contained in:
Tom Schuster
parent
789a99b940
commit
bd7f60690a
@ -915,11 +915,10 @@ function isFrameBlockedByCSP(node) {
|
||||
const res = node.ownerDocument.csp.shouldLoad(
|
||||
Ci.nsIContentPolicy.TYPE_SUBDOCUMENT,
|
||||
null, // nsICSPEventListener
|
||||
null, // nsILoadInfo
|
||||
uri,
|
||||
null, // aOriginalURIIfRedirect
|
||||
false, // aSendViolationReports
|
||||
null, // aNonce
|
||||
false // aParserCreated
|
||||
false // aSendViolationReports
|
||||
);
|
||||
|
||||
return res !== Ci.nsIContentPolicy.ACCEPT;
|
||||
|
||||
@ -344,11 +344,10 @@ interface nsIContentSecurityPolicy : nsISerializable
|
||||
*/
|
||||
short shouldLoad(in nsContentPolicyType aContentType,
|
||||
in nsICSPEventListener aCSPEventListener,
|
||||
in nsILoadInfo aLoadInfo,
|
||||
in nsIURI aContentLocation,
|
||||
in nsIURI aOriginalURIIfRedirect,
|
||||
in bool aSendViolationReports,
|
||||
in AString aNonce,
|
||||
in boolean aParserCreated);
|
||||
in bool aSendViolationReports);
|
||||
|
||||
%{ C++
|
||||
// nsIObserver topic to fire when the policy encounters a violation.
|
||||
|
||||
@ -130,10 +130,9 @@ static void BlockedContentSourceToString(
|
||||
NS_IMETHODIMP
|
||||
nsCSPContext::ShouldLoad(nsContentPolicyType aContentType,
|
||||
nsICSPEventListener* aCSPEventListener,
|
||||
nsIURI* aContentLocation,
|
||||
nsILoadInfo* aLoadInfo, nsIURI* aContentLocation,
|
||||
nsIURI* aOriginalURIIfRedirect,
|
||||
bool aSendViolationReports, const nsAString& aNonce,
|
||||
bool aParserCreated, int16_t* outDecision) {
|
||||
bool aSendViolationReports, int16_t* outDecision) {
|
||||
if (CSPCONTEXTLOGENABLED()) {
|
||||
CSPCONTEXTLOG(("nsCSPContext::ShouldLoad, aContentLocation: %s",
|
||||
aContentLocation->GetSpecOrDefault().get()));
|
||||
@ -159,14 +158,19 @@ nsCSPContext::ShouldLoad(nsContentPolicyType aContentType,
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
nsAutoString cspNonce;
|
||||
if (aLoadInfo) {
|
||||
MOZ_ALWAYS_SUCCEEDS(aLoadInfo->GetCspNonce(cspNonce));
|
||||
}
|
||||
|
||||
bool permitted = permitsInternal(
|
||||
dir,
|
||||
nullptr, // aTriggeringElement
|
||||
aCSPEventListener, aContentLocation, aOriginalURIIfRedirect, aNonce,
|
||||
aCSPEventListener, aContentLocation, aOriginalURIIfRedirect, cspNonce,
|
||||
false, // allow fallback to default-src
|
||||
aSendViolationReports,
|
||||
true, // send blocked URI in violation reports
|
||||
aParserCreated);
|
||||
aLoadInfo ? aLoadInfo->GetParserCreatedScript() : false);
|
||||
|
||||
*outDecision =
|
||||
permitted ? nsIContentPolicy::ACCEPT : nsIContentPolicy::REJECT_SERVER;
|
||||
|
||||
@ -111,7 +111,6 @@ bool subjectToCSP(nsIURI* aURI, nsContentPolicyType aContentType) {
|
||||
}
|
||||
|
||||
nsContentPolicyType contentType = aLoadInfo->InternalContentPolicyType();
|
||||
bool parserCreatedScript = aLoadInfo->GetParserCreatedScript();
|
||||
|
||||
nsCOMPtr<nsICSPEventListener> cspEventListener;
|
||||
nsresult rv =
|
||||
@ -136,10 +135,6 @@ bool subjectToCSP(nsIURI* aURI, nsContentPolicyType aContentType) {
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
nsAutoString cspNonce;
|
||||
rv = aLoadInfo->GetCspNonce(cspNonce);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
// 1) Apply speculate CSP for preloads
|
||||
bool isPreload = nsContentUtils::IsPreloadType(contentType);
|
||||
|
||||
@ -148,9 +143,9 @@ bool subjectToCSP(nsIURI* aURI, nsContentPolicyType aContentType) {
|
||||
if (preloadCsp) {
|
||||
// obtain the enforcement decision
|
||||
rv = preloadCsp->ShouldLoad(
|
||||
contentType, cspEventListener, aContentLocation,
|
||||
contentType, cspEventListener, aLoadInfo, aContentLocation,
|
||||
nullptr, // no redirect, aOriginal URL is null.
|
||||
false, cspNonce, parserCreatedScript, aDecision);
|
||||
false, aDecision);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
// if the preload policy already denied the load, then there
|
||||
@ -192,10 +187,9 @@ bool subjectToCSP(nsIURI* aURI, nsContentPolicyType aContentType) {
|
||||
|
||||
// obtain the enforcement decision
|
||||
rv = csp->ShouldLoad(
|
||||
contentType, cspEventListener, aContentLocation,
|
||||
contentType, cspEventListener, aLoadInfo, aContentLocation,
|
||||
originalURI, // no redirect, unless it's a frame navigation.
|
||||
!isPreload && aLoadInfo->GetSendCSPViolationEvents(), cspNonce,
|
||||
parserCreatedScript, aDecision);
|
||||
!isPreload && aLoadInfo->GetSendCSPViolationEvents(), aDecision);
|
||||
|
||||
if (NS_CP_REJECTED(*aDecision)) {
|
||||
NS_SetRequestBlockingReason(
|
||||
@ -350,10 +344,6 @@ nsresult CSPService::ConsultCSPForRedirect(nsIURI* aOriginalURI,
|
||||
aLoadInfo->GetCspEventListener(getter_AddRefs(cspEventListener));
|
||||
MOZ_ALWAYS_SUCCEEDS(rv);
|
||||
|
||||
nsAutoString cspNonce;
|
||||
rv = aLoadInfo->GetCspNonce(cspNonce);
|
||||
MOZ_ALWAYS_SUCCEEDS(rv);
|
||||
|
||||
bool isPreload = nsContentUtils::IsPreloadType(policyType);
|
||||
|
||||
/* On redirect, if the content policy is a preload type, rejecting the
|
||||
@ -362,7 +352,6 @@ nsresult CSPService::ConsultCSPForRedirect(nsIURI* aOriginalURI,
|
||||
*/
|
||||
|
||||
int16_t decision = nsIContentPolicy::ACCEPT;
|
||||
bool parserCreatedScript = aLoadInfo->GetParserCreatedScript();
|
||||
|
||||
// 1) Apply speculative CSP for preloads
|
||||
if (isPreload) {
|
||||
@ -371,12 +360,11 @@ nsresult CSPService::ConsultCSPForRedirect(nsIURI* aOriginalURI,
|
||||
// Pass originalURI to indicate the redirect
|
||||
preloadCsp->ShouldLoad(
|
||||
policyType, // load type per nsIContentPolicy (uint32_t)
|
||||
cspEventListener,
|
||||
cspEventListener, aLoadInfo,
|
||||
aNewURI, // nsIURI
|
||||
aOriginalURI, // Original nsIURI
|
||||
true, // aSendViolationReports
|
||||
cspNonce, // nonce
|
||||
parserCreatedScript, &decision);
|
||||
&decision);
|
||||
|
||||
// if the preload policy already denied the load, then there
|
||||
// is no point in checking the real policy
|
||||
@ -392,12 +380,11 @@ nsresult CSPService::ConsultCSPForRedirect(nsIURI* aOriginalURI,
|
||||
if (csp) {
|
||||
// Pass originalURI to indicate the redirect
|
||||
csp->ShouldLoad(policyType, // load type per nsIContentPolicy (uint32_t)
|
||||
cspEventListener,
|
||||
cspEventListener, aLoadInfo,
|
||||
aNewURI, // nsIURI
|
||||
aOriginalURI, // Original nsIURI
|
||||
true, // aSendViolationReports
|
||||
cspNonce, // nonce
|
||||
parserCreatedScript, &decision);
|
||||
&decision);
|
||||
if (NS_CP_REJECTED(decision)) {
|
||||
aCancelCode = Some(NS_ERROR_DOM_BAD_URI);
|
||||
return NS_BINDING_FAILED;
|
||||
|
||||
@ -194,11 +194,10 @@ function run_test() {
|
||||
csp.shouldLoad(
|
||||
Ci.nsIContentPolicy.TYPE_SCRIPT,
|
||||
null, // nsICSPEventListener
|
||||
null, // aLoadInfo
|
||||
NetUtil.newURI("http://blocked.test/foo.js"),
|
||||
null,
|
||||
true,
|
||||
null,
|
||||
false
|
||||
true
|
||||
);
|
||||
}
|
||||
);
|
||||
@ -261,11 +260,10 @@ function run_test() {
|
||||
csp.shouldLoad(
|
||||
Ci.nsIContentPolicy.TYPE_IMAGE,
|
||||
null, // nsICSPEventListener
|
||||
null, // nsILoadInfo
|
||||
NetUtil.newURI("data:image/png;base64," + base64data),
|
||||
null,
|
||||
true,
|
||||
null,
|
||||
false
|
||||
true
|
||||
);
|
||||
});
|
||||
|
||||
@ -275,11 +273,10 @@ function run_test() {
|
||||
csp.shouldLoad(
|
||||
Ci.nsIContentPolicy.TYPE_SUBDOCUMENT,
|
||||
null, // nsICSPEventListener
|
||||
null, // nsILoadInfo
|
||||
NetUtil.newURI("intent://mymaps.com/maps?um=1&ie=UTF-8&fb=1&sll"),
|
||||
null,
|
||||
true,
|
||||
null,
|
||||
false
|
||||
true
|
||||
);
|
||||
});
|
||||
|
||||
@ -291,11 +288,10 @@ function run_test() {
|
||||
csp.shouldLoad(
|
||||
Ci.nsIContentPolicy.TYPE_SCRIPT,
|
||||
null, // nsICSPEventListener
|
||||
null, // nsILoadInfo
|
||||
NetUtil.newURI(selfSpec + "#bar"),
|
||||
null,
|
||||
true,
|
||||
null,
|
||||
false
|
||||
true
|
||||
);
|
||||
});
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user