From bf57be0652865b0e25e59eaad9b558e74ed85f7f Mon Sep 17 00:00:00 2001 From: Tom Schuster Date: Fri, 9 Jun 2023 18:39:59 +0000 Subject: [PATCH] Bug 1409200 - Use nsILoadInfo for nsIContentSecurityPolicy::ShouldLoad. r=freddyb Differential Revision: https://phabricator.services.mozilla.com/D179823 --- devtools/shared/layout/utils.js | 5 ++-- .../security/nsIContentSecurityPolicy.idl | 5 ++-- dom/security/nsCSPContext.cpp | 14 +++++---- dom/security/nsCSPService.cpp | 29 +++++-------------- dom/security/test/unit/test_csp_reports.js | 20 +++++-------- 5 files changed, 29 insertions(+), 44 deletions(-) diff --git a/devtools/shared/layout/utils.js b/devtools/shared/layout/utils.js index 804290654a2c..ebd2353414d1 100644 --- a/devtools/shared/layout/utils.js +++ b/devtools/shared/layout/utils.js @@ -915,11 +915,10 @@ function isFrameBlockedByCSP(node) { const res = node.ownerDocument.csp.shouldLoad( Ci.nsIContentPolicy.TYPE_SUBDOCUMENT, null, // nsICSPEventListener + null, // nsILoadInfo uri, null, // aOriginalURIIfRedirect - false, // aSendViolationReports - null, // aNonce - false // aParserCreated + false // aSendViolationReports ); return res !== Ci.nsIContentPolicy.ACCEPT; diff --git a/dom/interfaces/security/nsIContentSecurityPolicy.idl b/dom/interfaces/security/nsIContentSecurityPolicy.idl index bf691ed215c6..827849b77b77 100644 --- a/dom/interfaces/security/nsIContentSecurityPolicy.idl +++ b/dom/interfaces/security/nsIContentSecurityPolicy.idl @@ -344,11 +344,10 @@ interface nsIContentSecurityPolicy : nsISerializable */ short shouldLoad(in nsContentPolicyType aContentType, in nsICSPEventListener aCSPEventListener, + in nsILoadInfo aLoadInfo, in nsIURI aContentLocation, in nsIURI aOriginalURIIfRedirect, - in bool aSendViolationReports, - in AString aNonce, - in boolean aParserCreated); + in bool aSendViolationReports); %{ C++ // nsIObserver topic to fire when the policy encounters a violation. diff --git a/dom/security/nsCSPContext.cpp b/dom/security/nsCSPContext.cpp index 8bed4cbad0f3..3b842af6db97 100644 --- a/dom/security/nsCSPContext.cpp +++ b/dom/security/nsCSPContext.cpp @@ -130,10 +130,9 @@ static void BlockedContentSourceToString( NS_IMETHODIMP nsCSPContext::ShouldLoad(nsContentPolicyType aContentType, nsICSPEventListener* aCSPEventListener, - nsIURI* aContentLocation, + nsILoadInfo* aLoadInfo, nsIURI* aContentLocation, nsIURI* aOriginalURIIfRedirect, - bool aSendViolationReports, const nsAString& aNonce, - bool aParserCreated, int16_t* outDecision) { + bool aSendViolationReports, int16_t* outDecision) { if (CSPCONTEXTLOGENABLED()) { CSPCONTEXTLOG(("nsCSPContext::ShouldLoad, aContentLocation: %s", aContentLocation->GetSpecOrDefault().get())); @@ -159,14 +158,19 @@ nsCSPContext::ShouldLoad(nsContentPolicyType aContentType, return NS_OK; } + nsAutoString cspNonce; + if (aLoadInfo) { + MOZ_ALWAYS_SUCCEEDS(aLoadInfo->GetCspNonce(cspNonce)); + } + bool permitted = permitsInternal( dir, nullptr, // aTriggeringElement - aCSPEventListener, aContentLocation, aOriginalURIIfRedirect, aNonce, + aCSPEventListener, aContentLocation, aOriginalURIIfRedirect, cspNonce, false, // allow fallback to default-src aSendViolationReports, true, // send blocked URI in violation reports - aParserCreated); + aLoadInfo ? aLoadInfo->GetParserCreatedScript() : false); *outDecision = permitted ? nsIContentPolicy::ACCEPT : nsIContentPolicy::REJECT_SERVER; diff --git a/dom/security/nsCSPService.cpp b/dom/security/nsCSPService.cpp index c5c65ad4d200..c7c58a37dc01 100644 --- a/dom/security/nsCSPService.cpp +++ b/dom/security/nsCSPService.cpp @@ -111,7 +111,6 @@ bool subjectToCSP(nsIURI* aURI, nsContentPolicyType aContentType) { } nsContentPolicyType contentType = aLoadInfo->InternalContentPolicyType(); - bool parserCreatedScript = aLoadInfo->GetParserCreatedScript(); nsCOMPtr cspEventListener; nsresult rv = @@ -136,10 +135,6 @@ bool subjectToCSP(nsIURI* aURI, nsContentPolicyType aContentType) { return NS_OK; } - nsAutoString cspNonce; - rv = aLoadInfo->GetCspNonce(cspNonce); - NS_ENSURE_SUCCESS(rv, rv); - // 1) Apply speculate CSP for preloads bool isPreload = nsContentUtils::IsPreloadType(contentType); @@ -148,9 +143,9 @@ bool subjectToCSP(nsIURI* aURI, nsContentPolicyType aContentType) { if (preloadCsp) { // obtain the enforcement decision rv = preloadCsp->ShouldLoad( - contentType, cspEventListener, aContentLocation, + contentType, cspEventListener, aLoadInfo, aContentLocation, nullptr, // no redirect, aOriginal URL is null. - false, cspNonce, parserCreatedScript, aDecision); + false, aDecision); NS_ENSURE_SUCCESS(rv, rv); // if the preload policy already denied the load, then there @@ -192,10 +187,9 @@ bool subjectToCSP(nsIURI* aURI, nsContentPolicyType aContentType) { // obtain the enforcement decision rv = csp->ShouldLoad( - contentType, cspEventListener, aContentLocation, + contentType, cspEventListener, aLoadInfo, aContentLocation, originalURI, // no redirect, unless it's a frame navigation. - !isPreload && aLoadInfo->GetSendCSPViolationEvents(), cspNonce, - parserCreatedScript, aDecision); + !isPreload && aLoadInfo->GetSendCSPViolationEvents(), aDecision); if (NS_CP_REJECTED(*aDecision)) { NS_SetRequestBlockingReason( @@ -350,10 +344,6 @@ nsresult CSPService::ConsultCSPForRedirect(nsIURI* aOriginalURI, aLoadInfo->GetCspEventListener(getter_AddRefs(cspEventListener)); MOZ_ALWAYS_SUCCEEDS(rv); - nsAutoString cspNonce; - rv = aLoadInfo->GetCspNonce(cspNonce); - MOZ_ALWAYS_SUCCEEDS(rv); - bool isPreload = nsContentUtils::IsPreloadType(policyType); /* On redirect, if the content policy is a preload type, rejecting the @@ -362,7 +352,6 @@ nsresult CSPService::ConsultCSPForRedirect(nsIURI* aOriginalURI, */ int16_t decision = nsIContentPolicy::ACCEPT; - bool parserCreatedScript = aLoadInfo->GetParserCreatedScript(); // 1) Apply speculative CSP for preloads if (isPreload) { @@ -371,12 +360,11 @@ nsresult CSPService::ConsultCSPForRedirect(nsIURI* aOriginalURI, // Pass originalURI to indicate the redirect preloadCsp->ShouldLoad( policyType, // load type per nsIContentPolicy (uint32_t) - cspEventListener, + cspEventListener, aLoadInfo, aNewURI, // nsIURI aOriginalURI, // Original nsIURI true, // aSendViolationReports - cspNonce, // nonce - parserCreatedScript, &decision); + &decision); // if the preload policy already denied the load, then there // is no point in checking the real policy @@ -392,12 +380,11 @@ nsresult CSPService::ConsultCSPForRedirect(nsIURI* aOriginalURI, if (csp) { // Pass originalURI to indicate the redirect csp->ShouldLoad(policyType, // load type per nsIContentPolicy (uint32_t) - cspEventListener, + cspEventListener, aLoadInfo, aNewURI, // nsIURI aOriginalURI, // Original nsIURI true, // aSendViolationReports - cspNonce, // nonce - parserCreatedScript, &decision); + &decision); if (NS_CP_REJECTED(decision)) { aCancelCode = Some(NS_ERROR_DOM_BAD_URI); return NS_BINDING_FAILED; diff --git a/dom/security/test/unit/test_csp_reports.js b/dom/security/test/unit/test_csp_reports.js index 7248f1b4117a..49cece5d7907 100644 --- a/dom/security/test/unit/test_csp_reports.js +++ b/dom/security/test/unit/test_csp_reports.js @@ -194,11 +194,10 @@ function run_test() { csp.shouldLoad( Ci.nsIContentPolicy.TYPE_SCRIPT, null, // nsICSPEventListener + null, // aLoadInfo NetUtil.newURI("http://blocked.test/foo.js"), null, - true, - null, - false + true ); } ); @@ -261,11 +260,10 @@ function run_test() { csp.shouldLoad( Ci.nsIContentPolicy.TYPE_IMAGE, null, // nsICSPEventListener + null, // nsILoadInfo NetUtil.newURI("data:image/png;base64," + base64data), null, - true, - null, - false + true ); }); @@ -275,11 +273,10 @@ function run_test() { csp.shouldLoad( Ci.nsIContentPolicy.TYPE_SUBDOCUMENT, null, // nsICSPEventListener + null, // nsILoadInfo NetUtil.newURI("intent://mymaps.com/maps?um=1&ie=UTF-8&fb=1&sll"), null, - true, - null, - false + true ); }); @@ -291,11 +288,10 @@ function run_test() { csp.shouldLoad( Ci.nsIContentPolicy.TYPE_SCRIPT, null, // nsICSPEventListener + null, // nsILoadInfo NetUtil.newURI(selfSpec + "#bar"), null, - true, - null, - false + true ); }); }