mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-24 05:11:16 +00:00
Bug 1233098 - Refactor CSP upgrade insecure requests flag within loadInfo (r=sicking)
This commit is contained in:
parent
86457169b6
commit
c42851930c
@ -1561,7 +1561,7 @@ WebSocketImpl::Init(JSContext* aCx,
|
||||
// to reflect that upgrade. Please note that we can not upgrade from ws:
|
||||
// to wss: before performing content policy checks because CSP needs to
|
||||
// send reports in case the scheme is about to be upgraded.
|
||||
if (!mSecure && originDoc && originDoc->GetUpgradeInsecureRequests()) {
|
||||
if (!mSecure && originDoc && originDoc->GetUpgradeInsecureRequests(false)) {
|
||||
// let's use the old specification before the upgrade for logging
|
||||
NS_ConvertUTF8toUTF16 reportSpec(mURI);
|
||||
|
||||
|
@ -116,8 +116,8 @@ nsContentPolicy::CheckPolicy(CPMethod policyMethod,
|
||||
nsContentPolicyType externalType =
|
||||
nsContentUtils::InternalContentPolicyTypeToExternal(contentType);
|
||||
|
||||
nsContentPolicyType externalTypeOrScript =
|
||||
nsContentUtils::InternalContentPolicyTypeToExternalOrScript(contentType);
|
||||
nsContentPolicyType externalTypeOrMCBInternal =
|
||||
nsContentUtils::InternalContentPolicyTypeToExternalOrMCBInternal(contentType);
|
||||
|
||||
nsContentPolicyType externalTypeOrCSPInternal =
|
||||
nsContentUtils::InternalContentPolicyTypeToExternalOrCSPInternal(contentType);
|
||||
@ -140,11 +140,13 @@ nsContentPolicy::CheckPolicy(CPMethod policyMethod,
|
||||
/* check the appropriate policy */
|
||||
// Send the internal content policy type to the mixed content blocker
|
||||
// which needs to know about TYPE_INTERNAL_WORKER,
|
||||
// TYPE_INTERNAL_SHARED_WORKER and TYPE_INTERNAL_SERVICE_WORKER.
|
||||
// TYPE_INTERNAL_SHARED_WORKER and TYPE_INTERNAL_SERVICE_WORKER
|
||||
// and also preloads: TYPE_INTERNAL_SCRIPT_PRELOAD,
|
||||
// TYPE_INTERNAL_IMAGE_PRELOAD, TYPE_INTERNAL_STYLESHEET_PRELOAD
|
||||
bool isMixedContentBlocker = mixedContentBlocker == entries[i];
|
||||
nsContentPolicyType type = externalType;
|
||||
if (isMixedContentBlocker) {
|
||||
type = externalTypeOrScript;
|
||||
type = externalTypeOrMCBInternal;
|
||||
}
|
||||
// Send the internal content policy type for CSP which needs to
|
||||
// know about preloads and workers, in particular:
|
||||
|
@ -7991,7 +7991,7 @@ nsContentUtils::InternalContentPolicyTypeToExternal(nsContentPolicyType aType)
|
||||
|
||||
/* static */
|
||||
nsContentPolicyType
|
||||
nsContentUtils::InternalContentPolicyTypeToExternalOrScript(nsContentPolicyType aType)
|
||||
nsContentUtils::InternalContentPolicyTypeToExternalOrMCBInternal(nsContentPolicyType aType)
|
||||
{
|
||||
switch (aType) {
|
||||
case nsIContentPolicy::TYPE_INTERNAL_SCRIPT:
|
||||
@ -8001,7 +8001,7 @@ nsContentUtils::InternalContentPolicyTypeToExternalOrScript(nsContentPolicyType
|
||||
return aType;
|
||||
|
||||
default:
|
||||
return InternalContentPolicyTypeToExternal(aType);
|
||||
return InternalContentPolicyTypeToExternalOrPreload(aType);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -986,16 +986,18 @@ public:
|
||||
static nsContentPolicyType InternalContentPolicyTypeToExternal(nsContentPolicyType aType);
|
||||
|
||||
/**
|
||||
* Map internal content policy types to external ones or script types:
|
||||
* Map internal content policy types to external ones or script types or preload types:
|
||||
* * TYPE_INTERNAL_SCRIPT
|
||||
* * TYPE_INTERNAL_WORKER
|
||||
* * TYPE_INTERNAL_SHARED_WORKER
|
||||
* * TYPE_INTERNAL_SERVICE_WORKER
|
||||
*
|
||||
* * TYPE_INTERNAL_SCRIPT_PRELOAD
|
||||
* * TYPE_INTERNAL_IMAGE_PRELOAD
|
||||
* * TYPE_INTERNAL_STYLESHEET_PRELOAD
|
||||
*
|
||||
* Note: DO NOT call this function unless you know what you're doing!
|
||||
*/
|
||||
static nsContentPolicyType InternalContentPolicyTypeToExternalOrScript(nsContentPolicyType aType);
|
||||
static nsContentPolicyType InternalContentPolicyTypeToExternalOrMCBInternal(nsContentPolicyType aType);
|
||||
|
||||
/**
|
||||
* Map internal content policy types to external ones or preload types:
|
||||
|
@ -2550,12 +2550,12 @@ nsDocument::StartDocumentLoad(const char* aCommand, nsIChannel* aChannel,
|
||||
treeItem->GetSameTypeParent(getter_AddRefs(sameTypeParent));
|
||||
if (sameTypeParent) {
|
||||
mUpgradeInsecureRequests =
|
||||
sameTypeParent->GetDocument()->GetUpgradeInsecureRequests();
|
||||
sameTypeParent->GetDocument()->GetUpgradeInsecureRequests(false);
|
||||
// if the parent document makes use of upgrade-insecure-requests
|
||||
// then subdocument preloads should always be upgraded.
|
||||
mUpgradeInsecurePreloads =
|
||||
mUpgradeInsecureRequests ||
|
||||
sameTypeParent->GetDocument()->GetUpgradeInsecurePreloads();
|
||||
sameTypeParent->GetDocument()->GetUpgradeInsecureRequests(true);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -321,19 +321,14 @@ public:
|
||||
* of the document's ancestors up to the toplevel document makes use
|
||||
* of the CSP directive 'upgrade-insecure-requests'.
|
||||
*/
|
||||
bool GetUpgradeInsecureRequests() const
|
||||
bool GetUpgradeInsecureRequests(bool aPreload) const
|
||||
{
|
||||
if (aPreload) {
|
||||
return mUpgradeInsecurePreloads;
|
||||
}
|
||||
return mUpgradeInsecureRequests;
|
||||
}
|
||||
|
||||
/**
|
||||
* Same as GetUpgradeInsecureRequests() but *only* for preloads.
|
||||
*/
|
||||
bool GetUpgradeInsecurePreloads() const
|
||||
{
|
||||
return mUpgradeInsecurePreloads;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the principal responsible for this document.
|
||||
*/
|
||||
|
@ -1746,7 +1746,7 @@ HTMLFormElement::GetActionURL(nsIURI** aActionURL,
|
||||
bool isHttpScheme = false;
|
||||
rv = actionURL->SchemeIs("http", &isHttpScheme);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
if (isHttpScheme && document->GetUpgradeInsecureRequests()) {
|
||||
if (isHttpScheme && document->GetUpgradeInsecureRequests(false)) {
|
||||
// let's use the old specification before the upgrade for logging
|
||||
nsAutoCString spec;
|
||||
rv = actionURL->GetSpec(spec);
|
||||
|
@ -310,7 +310,7 @@ nsMixedContentBlocker::AsyncOnChannelRedirect(nsIChannel* aOldChannel,
|
||||
}
|
||||
|
||||
int16_t decision = REJECT_REQUEST;
|
||||
rv = ShouldLoad(nsContentUtils::InternalContentPolicyTypeToExternalOrScript(contentPolicyType),
|
||||
rv = ShouldLoad(nsContentUtils::InternalContentPolicyTypeToExternalOrMCBInternal(contentPolicyType),
|
||||
newUri,
|
||||
requestingLocation,
|
||||
loadInfo->LoadingNode(),
|
||||
@ -378,9 +378,11 @@ nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect,
|
||||
// to them.
|
||||
MOZ_ASSERT(NS_IsMainThread());
|
||||
|
||||
MOZ_ASSERT(aContentType == nsContentUtils::InternalContentPolicyTypeToExternalOrScript(aContentType),
|
||||
MOZ_ASSERT(aContentType == nsContentUtils::InternalContentPolicyTypeToExternalOrMCBInternal(aContentType),
|
||||
"We should only see external content policy types here.");
|
||||
|
||||
bool isPreload = nsContentUtils::IsPreloadType(aContentType);
|
||||
|
||||
// The content policy type that we receive may be an internal type for
|
||||
// scripts. Let's remember if we have seen a worker type, and reset it to the
|
||||
// external type in all cases right now.
|
||||
@ -668,7 +670,7 @@ nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect,
|
||||
bool isHttpScheme = false;
|
||||
rv = aContentLocation->SchemeIs("http", &isHttpScheme);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
if (isHttpScheme && docShell->GetDocument()->GetUpgradeInsecureRequests()) {
|
||||
if (isHttpScheme && docShell->GetDocument()->GetUpgradeInsecureRequests(isPreload)) {
|
||||
*aDecision = ACCEPT;
|
||||
return NS_OK;
|
||||
}
|
||||
|
@ -244,7 +244,6 @@ LoadInfoToLoadInfoArgs(nsILoadInfo *aLoadInfo,
|
||||
aLoadInfo->InternalContentPolicyType(),
|
||||
static_cast<uint32_t>(aLoadInfo->GetTainting()),
|
||||
aLoadInfo->GetUpgradeInsecureRequests(),
|
||||
aLoadInfo->GetUpgradeInsecurePreloads(),
|
||||
aLoadInfo->GetInnerWindowID(),
|
||||
aLoadInfo->GetOuterWindowID(),
|
||||
aLoadInfo->GetParentOuterWindowID(),
|
||||
@ -304,7 +303,6 @@ LoadInfoArgsToLoadInfo(const OptionalLoadInfoArgs& aOptionalLoadInfoArgs,
|
||||
loadInfoArgs.contentPolicyType(),
|
||||
static_cast<LoadTainting>(loadInfoArgs.tainting()),
|
||||
loadInfoArgs.upgradeInsecureRequests(),
|
||||
loadInfoArgs.upgradeInsecurePreloads(),
|
||||
loadInfoArgs.innerWindowID(),
|
||||
loadInfoArgs.outerWindowID(),
|
||||
loadInfoArgs.parentOuterWindowID(),
|
||||
|
@ -38,7 +38,6 @@ LoadInfo::LoadInfo(nsIPrincipal* aLoadingPrincipal,
|
||||
, mInternalContentPolicyType(aContentPolicyType)
|
||||
, mTainting(LoadTainting::Basic)
|
||||
, mUpgradeInsecureRequests(false)
|
||||
, mUpgradeInsecurePreloads(false)
|
||||
, mInnerWindowID(0)
|
||||
, mOuterWindowID(0)
|
||||
, mParentOuterWindowID(0)
|
||||
@ -89,8 +88,13 @@ LoadInfo::LoadInfo(nsIPrincipal* aLoadingPrincipal,
|
||||
ComputeIsThirdPartyContext(outerWindow);
|
||||
}
|
||||
|
||||
mUpgradeInsecureRequests = aLoadingContext->OwnerDoc()->GetUpgradeInsecureRequests();
|
||||
mUpgradeInsecurePreloads = aLoadingContext->OwnerDoc()->GetUpgradeInsecurePreloads();
|
||||
// if the document forces all requests to be upgraded from http to https, then
|
||||
// we should do that for all requests. If it only forces preloads to be upgraded
|
||||
// then we should enforce upgrade insecure requests only for preloads.
|
||||
mUpgradeInsecureRequests =
|
||||
aLoadingContext->OwnerDoc()->GetUpgradeInsecureRequests(false) ||
|
||||
(nsContentUtils::IsPreloadType(mInternalContentPolicyType) &&
|
||||
aLoadingContext->OwnerDoc()->GetUpgradeInsecureRequests(true));
|
||||
}
|
||||
|
||||
const PrincipalOriginAttributes attrs = BasePrincipal::Cast(mLoadingPrincipal)->OriginAttributesRef();
|
||||
@ -105,7 +109,6 @@ LoadInfo::LoadInfo(const LoadInfo& rhs)
|
||||
, mInternalContentPolicyType(rhs.mInternalContentPolicyType)
|
||||
, mTainting(rhs.mTainting)
|
||||
, mUpgradeInsecureRequests(rhs.mUpgradeInsecureRequests)
|
||||
, mUpgradeInsecurePreloads(rhs.mUpgradeInsecurePreloads)
|
||||
, mInnerWindowID(rhs.mInnerWindowID)
|
||||
, mOuterWindowID(rhs.mOuterWindowID)
|
||||
, mParentOuterWindowID(rhs.mParentOuterWindowID)
|
||||
@ -128,7 +131,6 @@ LoadInfo::LoadInfo(nsIPrincipal* aLoadingPrincipal,
|
||||
nsContentPolicyType aContentPolicyType,
|
||||
LoadTainting aTainting,
|
||||
bool aUpgradeInsecureRequests,
|
||||
bool aUpgradeInsecurePreloads,
|
||||
uint64_t aInnerWindowID,
|
||||
uint64_t aOuterWindowID,
|
||||
uint64_t aParentOuterWindowID,
|
||||
@ -147,7 +149,6 @@ LoadInfo::LoadInfo(nsIPrincipal* aLoadingPrincipal,
|
||||
, mInternalContentPolicyType(aContentPolicyType)
|
||||
, mTainting(aTainting)
|
||||
, mUpgradeInsecureRequests(aUpgradeInsecureRequests)
|
||||
, mUpgradeInsecurePreloads(aUpgradeInsecurePreloads)
|
||||
, mInnerWindowID(aInnerWindowID)
|
||||
, mOuterWindowID(aOuterWindowID)
|
||||
, mParentOuterWindowID(aParentOuterWindowID)
|
||||
@ -380,13 +381,6 @@ LoadInfo::GetUpgradeInsecureRequests(bool* aResult)
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
LoadInfo::GetUpgradeInsecurePreloads(bool* aResult)
|
||||
{
|
||||
*aResult = mUpgradeInsecurePreloads;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
LoadInfo::GetInnerWindowID(uint64_t* aResult)
|
||||
{
|
||||
|
@ -74,7 +74,6 @@ private:
|
||||
nsContentPolicyType aContentPolicyType,
|
||||
LoadTainting aTainting,
|
||||
bool aUpgradeInsecureRequests,
|
||||
bool aUpgradeInsecurePreloads,
|
||||
uint64_t aInnerWindowID,
|
||||
uint64_t aOuterWindowID,
|
||||
uint64_t aParentOuterWindowID,
|
||||
@ -112,7 +111,6 @@ private:
|
||||
nsContentPolicyType mInternalContentPolicyType;
|
||||
LoadTainting mTainting;
|
||||
bool mUpgradeInsecureRequests;
|
||||
bool mUpgradeInsecurePreloads;
|
||||
uint64_t mInnerWindowID;
|
||||
uint64_t mOuterWindowID;
|
||||
uint64_t mParentOuterWindowID;
|
||||
|
@ -29,7 +29,7 @@ typedef unsigned long nsSecurityFlags;
|
||||
/**
|
||||
* An nsILoadOwner represents per-load information about who started the load.
|
||||
*/
|
||||
[scriptable, builtinclass, uuid(41e311d0-5894-4aaa-80b5-5b7099dfc404)]
|
||||
[scriptable, builtinclass, uuid(ddc65bf9-2f60-41ab-b22a-4f1ae9efcd36)]
|
||||
interface nsILoadInfo : nsISupports
|
||||
{
|
||||
/**
|
||||
@ -336,11 +336,6 @@ interface nsILoadInfo : nsISupports
|
||||
*/
|
||||
[infallible] readonly attribute boolean upgradeInsecureRequests;
|
||||
|
||||
/**
|
||||
* Same as upgradeInsecureRequests but for preloads.
|
||||
*/
|
||||
[infallible] readonly attribute boolean upgradeInsecurePreloads;
|
||||
|
||||
/**
|
||||
* Typically these are the window IDs of the window in which the element being
|
||||
* loaded lives. However, if the element being loaded is <frame
|
||||
|
@ -2258,11 +2258,6 @@ NS_ShouldSecureUpgrade(nsIURI* aURI,
|
||||
// the promise to CSP and mixed content blocking to upgrade the channel
|
||||
// from http to https.
|
||||
if (aLoadInfo) {
|
||||
bool isPreload = nsContentUtils::IsPreloadType(aLoadInfo->InternalContentPolicyType());
|
||||
bool upgradeRequests =
|
||||
((isPreload && aLoadInfo->GetUpgradeInsecurePreloads()) ||
|
||||
(aLoadInfo->GetUpgradeInsecureRequests()));
|
||||
|
||||
// Please note that cross origin top level navigations are not subject
|
||||
// to upgrade-insecure-requests, see:
|
||||
// http://www.w3.org/TR/upgrade-insecure-requests/#examples
|
||||
@ -2270,7 +2265,7 @@ NS_ShouldSecureUpgrade(nsIURI* aURI,
|
||||
(aLoadInfo->GetExternalContentPolicyType() == nsIContentPolicy::TYPE_DOCUMENT) &&
|
||||
(!aChannelResultPrincipal->Equals(aLoadInfo->LoadingPrincipal()));
|
||||
|
||||
if (upgradeRequests && !crossOriginNavigation) {
|
||||
if (aLoadInfo->GetUpgradeInsecureRequests() && !crossOriginNavigation) {
|
||||
// let's log a message to the console that we are upgrading a request
|
||||
nsAutoCString spec, scheme;
|
||||
aURI->GetSpec(spec);
|
||||
|
@ -33,7 +33,6 @@ struct LoadInfoArgs
|
||||
uint32_t contentPolicyType;
|
||||
uint32_t tainting;
|
||||
bool upgradeInsecureRequests;
|
||||
bool upgradeInsecurePreloads;
|
||||
uint64_t innerWindowID;
|
||||
uint64_t outerWindowID;
|
||||
uint64_t parentOuterWindowID;
|
||||
|
Loading…
Reference in New Issue
Block a user