Bug 863878 - The CSP logging from bug 821877 should go to the new Security Pane in the Web Console. r=bzbarsky r=ddahl

2024-09-13 09:24:08 -07:00 · 2013-04-23 17:39:10 -05:00 · 2013-04-23 17:39:10 -05:00 · 02b569fd5b
commit 02b569fd5b
parent 986ed711e2
5 changed files with 21 additions and 30 deletions
--- a/browser/devtools/webconsole/test/browser_webconsole_bug_821877_csp_errors.js
+++ b/browser/devtools/webconsole/test/browser_webconsole_bug_821877_csp_errors.js
@ -12,14 +12,17 @@ function test()
  browser.addEventListener("load", function onLoad(aEvent) {
    browser.removeEventListener(aEvent.type, onLoad, true);
    openConsole(null, function testCSPErrorLogged (hud) {
-      waitForSuccess({
-        name: "CSP error displayed successfully",
-        validatorFn: function () {
-          return hud.outputNode.textContent.indexOf(CSP_DEPRECATED_HEADER_MSG) > -1;
-        },
-        successFn: finishTest,
-        failureFn: finishTest,
-      });
+      waitForMessages({
+        webconsole: hud,
+        messages: [
+          {
+            name: "Deprecated CSP header error displayed successfully",
+            text: CSP_DEPRECATED_HEADER_MSG,
+            category: CATEGORY_SECURITY,
+            severity: SEVERITY_WARNING
+          },
+        ],
+      }).then(finishTest);
    });
  }, true);
 }
--- a/browser/devtools/webconsole/webconsole.js
+++ b/browser/devtools/webconsole/webconsole.js
@ -4278,6 +4278,7 @@ var Utils = {
        return CATEGORY_CSS;

      case "Mixed Content Blocker":
+      case "CSP":
        return CATEGORY_SECURITY;

      default:
--- a/content/base/src/nsDocument.cpp
+++ b/content/base/src/nsDocument.cpp
@ -2373,7 +2373,7 @@ CSPErrorQueue::Flush(nsIDocument* aDocument)
  for (uint32_t i = 0; i < mErrors.Length(); i++) {
    nsContentUtils::ReportToConsole(nsIScriptError::warningFlag,
        "CSP", aDocument,
-        nsContentUtils::eDOM_PROPERTIES,
+        nsContentUtils::eSECURITY_PROPERTIES,
        mErrors[i]);
  }
  mErrors.Clear();
@ -2530,22 +2530,11 @@ nsDocument::InitCSP(nsIChannel* aChannel)

  // If the old header is present, warn that it will be deprecated.
  if (!cspOldHeaderValue.IsEmpty() || !cspOldROHeaderValue.IsEmpty()) {
-    nsContentUtils::ReportToConsole(nsIScriptError::warningFlag,
-                                    "CSP", this,
-                                    nsContentUtils::eDOM_PROPERTIES,
-                                    "OldCSPHeaderDeprecated");
-
-    // Additionally log deprecated warning to Web Console.
    mCSPWebConsoleErrorQueue.Add("OldCSPHeaderDeprecated");

    // Also, if the new headers AND the old headers were present, warn
    // that the old headers will be ignored.
    if (cspSpecCompliant) {
-      nsContentUtils::ReportToConsole(nsIScriptError::warningFlag,
-                                      "CSP", this,
-                                      nsContentUtils::eDOM_PROPERTIES,
-                                      "BothCSPHeadersPresent");
-      // Additionally log to Web Console.
      mCSPWebConsoleErrorQueue.Add("BothCSPHeadersPresent");
    }
  }
@ -2582,11 +2571,6 @@ nsDocument::InitCSP(nsIChannel* aChannel)
    // CSP policies are present since CSP only allows one policy and it can't
    // be partially report-only.
    if (applyAppDefaultCSP || applyCSPFromHeader) {
-      nsContentUtils::ReportToConsole(nsIScriptError::warningFlag,
-                                      "CSP", this,
-                                      nsContentUtils::eDOM_PROPERTIES,
-                                      "ReportOnlyCSPIgnored");
-      // Additionally log to Web Console.
      mCSPWebConsoleErrorQueue.Add("ReportOnlyCSPIgnored");
 #ifdef PR_LOGGING
      PR_LOG(gCspPRLog, PR_LOG_DEBUG,
--- a/dom/locales/en-US/chrome/dom/dom.properties
+++ b/dom/locales/en-US/chrome/dom/dom.properties
@ -83,7 +83,6 @@ RemovedFullScreenElement=Exited full-screen because full-screen element was remo
 FocusedWindowedPluginWhileFullScreen=Exited full-screen because windowed plugin was focused.
 HTMLSyncXHRWarning=HTML parsing in XMLHttpRequest is not supported in the synchronous mode.
 InvalidRedirectChannelWarning=Unable to redirect to %S because the channel doesn't implement nsIWritablePropertyBag2.
-ReportOnlyCSPIgnored=Report-only CSP policy will be ignored because there are other non-report-only CSP policies applied.
 ResponseTypeSyncXHRWarning=Use of XMLHttpRequest's responseType attribute is no longer supported in the synchronous mode in window context.
 WithCredentialsSyncXHRWarning=Use of XMLHttpRequest's withCredentials attribute is no longer supported in the synchronous mode in window context.
 TimeoutSyncXHRWarning=Use of XMLHttpRequest's timeout attribute is not supported in the synchronous mode in window context.
@ -128,10 +127,6 @@ PluginHangUIWaitButton=Continue
 PluginHangUIStopButton=Stop plugin
 # LOCALIZATION NOTE: Do not translate "mozHidden", "mozVisibilityState", "hidden", or "visibilityState"
 PrefixedVisibilityApiWarning='mozHidden' and 'mozVisibilityState' are deprecated.  Please use the unprefixed 'hidden' and 'visibilityState' instead.
-# LOCALIZATION NOTE: Do not translate "X-Content-Security-Policy", "X-Content-Security-Policy-Report-Only",  "Content-Security-Policy" or "Content-Security-Policy-Report-Only"
-OldCSPHeaderDeprecated=The X-Content-Security-Policy and X-Content-Security-Report-Only headers will be deprecated in the future. Please use the Content-Security-Policy and Content-Security-Report-Only headers with CSP spec compliant syntax instead.
-# LOCALIZATION NOTE: Do not translate "X-Content-Security-Policy/Report-Only" or "Content-Security-Policy/Report-Only"
-BothCSPHeadersPresent=This site specified both an X-Content-Security-Policy/Report-Only header and a Content-Security-Policy/Report-Only header. The X-Content-Security-Policy/Report-Only header(s) will be ignored.
 # LOCALIZATION NOTE: Do not translate "NodeIterator" or "detach()".
 NodeIteratorDetachWarning=Calling detach() on a NodeIterator no longer has an effect.
 # LOCALIZATION NOTE: Do not translate "Mozilla Audio Data API" and "Web Audio API".
--- a/dom/locales/en-US/chrome/security/security.properties
+++ b/dom/locales/en-US/chrome/security/security.properties
@ -1,2 +1,10 @@
+# Mixed Content Blocker
 BlockMixedDisplayContent = Blocked loading mixed display content "%1$S"
 BlockMixedActiveContent = Blocked loading mixed active content "%1$S"
+
+# CSP
+ReportOnlyCSPIgnored=Report-only CSP policy will be ignored because there are other non-report-only CSP policies applied.
+# LOCALIZATION NOTE: Do not translate "X-Content-Security-Policy", "X-Content-Security-Policy-Report-Only",  "Content-Security-Policy" or "Content-Security-Policy-Report-Only"
+OldCSPHeaderDeprecated=The X-Content-Security-Policy and X-Content-Security-Report-Only headers will be deprecated in the future. Please use the Content-Security-Policy and Content-Security-Report-Only headers with CSP spec compliant syntax instead.
+# LOCALIZATION NOTE: Do not translate "X-Content-Security-Policy/Report-Only" or "Content-Security-Policy/Report-Only"
+BothCSPHeadersPresent=This site specified both an X-Content-Security-Policy/Report-Only header and a Content-Security-Policy/Report-Only header. The X-Content-Security-Policy/Report-Only header(s) will be ignored.