From 02b569fd5b6e14873d079ec805095c8b84f64e66 Mon Sep 17 00:00:00 2001 From: Garrett Robinson Date: Tue, 23 Apr 2013 17:39:10 -0500 Subject: [PATCH] Bug 863878 - The CSP logging from bug 821877 should go to the new Security Pane in the Web Console. r=bzbarsky r=ddahl --- ...rowser_webconsole_bug_821877_csp_errors.js | 19 +++++++++++-------- browser/devtools/webconsole/webconsole.js | 1 + content/base/src/nsDocument.cpp | 18 +----------------- dom/locales/en-US/chrome/dom/dom.properties | 5 ----- .../en-US/chrome/security/security.properties | 8 ++++++++ 5 files changed, 21 insertions(+), 30 deletions(-) diff --git a/browser/devtools/webconsole/test/browser_webconsole_bug_821877_csp_errors.js b/browser/devtools/webconsole/test/browser_webconsole_bug_821877_csp_errors.js index 5a1001d78b3..dae8f4d8b42 100644 --- a/browser/devtools/webconsole/test/browser_webconsole_bug_821877_csp_errors.js +++ b/browser/devtools/webconsole/test/browser_webconsole_bug_821877_csp_errors.js @@ -12,14 +12,17 @@ function test() browser.addEventListener("load", function onLoad(aEvent) { browser.removeEventListener(aEvent.type, onLoad, true); openConsole(null, function testCSPErrorLogged (hud) { - waitForSuccess({ - name: "CSP error displayed successfully", - validatorFn: function () { - return hud.outputNode.textContent.indexOf(CSP_DEPRECATED_HEADER_MSG) > -1; - }, - successFn: finishTest, - failureFn: finishTest, - }); + waitForMessages({ + webconsole: hud, + messages: [ + { + name: "Deprecated CSP header error displayed successfully", + text: CSP_DEPRECATED_HEADER_MSG, + category: CATEGORY_SECURITY, + severity: SEVERITY_WARNING + }, + ], + }).then(finishTest); }); }, true); } diff --git a/browser/devtools/webconsole/webconsole.js b/browser/devtools/webconsole/webconsole.js index ff9dcb77fd4..dd43473682e 100644 --- a/browser/devtools/webconsole/webconsole.js +++ b/browser/devtools/webconsole/webconsole.js @@ -4278,6 +4278,7 @@ var Utils = { return CATEGORY_CSS; case "Mixed Content Blocker": + case "CSP": return CATEGORY_SECURITY; default: diff --git a/content/base/src/nsDocument.cpp b/content/base/src/nsDocument.cpp index 0db4ccd8358..5975228f2db 100644 --- a/content/base/src/nsDocument.cpp +++ b/content/base/src/nsDocument.cpp @@ -2373,7 +2373,7 @@ CSPErrorQueue::Flush(nsIDocument* aDocument) for (uint32_t i = 0; i < mErrors.Length(); i++) { nsContentUtils::ReportToConsole(nsIScriptError::warningFlag, "CSP", aDocument, - nsContentUtils::eDOM_PROPERTIES, + nsContentUtils::eSECURITY_PROPERTIES, mErrors[i]); } mErrors.Clear(); @@ -2530,22 +2530,11 @@ nsDocument::InitCSP(nsIChannel* aChannel) // If the old header is present, warn that it will be deprecated. if (!cspOldHeaderValue.IsEmpty() || !cspOldROHeaderValue.IsEmpty()) { - nsContentUtils::ReportToConsole(nsIScriptError::warningFlag, - "CSP", this, - nsContentUtils::eDOM_PROPERTIES, - "OldCSPHeaderDeprecated"); - - // Additionally log deprecated warning to Web Console. mCSPWebConsoleErrorQueue.Add("OldCSPHeaderDeprecated"); // Also, if the new headers AND the old headers were present, warn // that the old headers will be ignored. if (cspSpecCompliant) { - nsContentUtils::ReportToConsole(nsIScriptError::warningFlag, - "CSP", this, - nsContentUtils::eDOM_PROPERTIES, - "BothCSPHeadersPresent"); - // Additionally log to Web Console. mCSPWebConsoleErrorQueue.Add("BothCSPHeadersPresent"); } } @@ -2582,11 +2571,6 @@ nsDocument::InitCSP(nsIChannel* aChannel) // CSP policies are present since CSP only allows one policy and it can't // be partially report-only. if (applyAppDefaultCSP || applyCSPFromHeader) { - nsContentUtils::ReportToConsole(nsIScriptError::warningFlag, - "CSP", this, - nsContentUtils::eDOM_PROPERTIES, - "ReportOnlyCSPIgnored"); - // Additionally log to Web Console. mCSPWebConsoleErrorQueue.Add("ReportOnlyCSPIgnored"); #ifdef PR_LOGGING PR_LOG(gCspPRLog, PR_LOG_DEBUG, diff --git a/dom/locales/en-US/chrome/dom/dom.properties b/dom/locales/en-US/chrome/dom/dom.properties index 291ee789d14..4e00643ba7e 100644 --- a/dom/locales/en-US/chrome/dom/dom.properties +++ b/dom/locales/en-US/chrome/dom/dom.properties @@ -83,7 +83,6 @@ RemovedFullScreenElement=Exited full-screen because full-screen element was remo FocusedWindowedPluginWhileFullScreen=Exited full-screen because windowed plugin was focused. HTMLSyncXHRWarning=HTML parsing in XMLHttpRequest is not supported in the synchronous mode. InvalidRedirectChannelWarning=Unable to redirect to %S because the channel doesn't implement nsIWritablePropertyBag2. -ReportOnlyCSPIgnored=Report-only CSP policy will be ignored because there are other non-report-only CSP policies applied. ResponseTypeSyncXHRWarning=Use of XMLHttpRequest's responseType attribute is no longer supported in the synchronous mode in window context. WithCredentialsSyncXHRWarning=Use of XMLHttpRequest's withCredentials attribute is no longer supported in the synchronous mode in window context. TimeoutSyncXHRWarning=Use of XMLHttpRequest's timeout attribute is not supported in the synchronous mode in window context. @@ -128,10 +127,6 @@ PluginHangUIWaitButton=Continue PluginHangUIStopButton=Stop plugin # LOCALIZATION NOTE: Do not translate "mozHidden", "mozVisibilityState", "hidden", or "visibilityState" PrefixedVisibilityApiWarning='mozHidden' and 'mozVisibilityState' are deprecated. Please use the unprefixed 'hidden' and 'visibilityState' instead. -# LOCALIZATION NOTE: Do not translate "X-Content-Security-Policy", "X-Content-Security-Policy-Report-Only", "Content-Security-Policy" or "Content-Security-Policy-Report-Only" -OldCSPHeaderDeprecated=The X-Content-Security-Policy and X-Content-Security-Report-Only headers will be deprecated in the future. Please use the Content-Security-Policy and Content-Security-Report-Only headers with CSP spec compliant syntax instead. -# LOCALIZATION NOTE: Do not translate "X-Content-Security-Policy/Report-Only" or "Content-Security-Policy/Report-Only" -BothCSPHeadersPresent=This site specified both an X-Content-Security-Policy/Report-Only header and a Content-Security-Policy/Report-Only header. The X-Content-Security-Policy/Report-Only header(s) will be ignored. # LOCALIZATION NOTE: Do not translate "NodeIterator" or "detach()". NodeIteratorDetachWarning=Calling detach() on a NodeIterator no longer has an effect. # LOCALIZATION NOTE: Do not translate "Mozilla Audio Data API" and "Web Audio API". diff --git a/dom/locales/en-US/chrome/security/security.properties b/dom/locales/en-US/chrome/security/security.properties index 67cc80e611b..93f8387f7c3 100644 --- a/dom/locales/en-US/chrome/security/security.properties +++ b/dom/locales/en-US/chrome/security/security.properties @@ -1,2 +1,10 @@ +# Mixed Content Blocker BlockMixedDisplayContent = Blocked loading mixed display content "%1$S" BlockMixedActiveContent = Blocked loading mixed active content "%1$S" + +# CSP +ReportOnlyCSPIgnored=Report-only CSP policy will be ignored because there are other non-report-only CSP policies applied. +# LOCALIZATION NOTE: Do not translate "X-Content-Security-Policy", "X-Content-Security-Policy-Report-Only", "Content-Security-Policy" or "Content-Security-Policy-Report-Only" +OldCSPHeaderDeprecated=The X-Content-Security-Policy and X-Content-Security-Report-Only headers will be deprecated in the future. Please use the Content-Security-Policy and Content-Security-Report-Only headers with CSP spec compliant syntax instead. +# LOCALIZATION NOTE: Do not translate "X-Content-Security-Policy/Report-Only" or "Content-Security-Policy/Report-Only" +BothCSPHeadersPresent=This site specified both an X-Content-Security-Policy/Report-Only header and a Content-Security-Policy/Report-Only header. The X-Content-Security-Policy/Report-Only header(s) will be ignored.