Backed out changeset d63424e06b3e (bug 916446) for failing on b2g

2024-09-13 09:24:08 -07:00 · 2013-09-17 15:46:37 -07:00 · 2013-09-17 15:46:37 -07:00 · 20dc80154f
commit 20dc80154f
parent d4ebc26fea
5 changed files with 1 additions and 144 deletions
--- a/content/base/src/CSPUtils.jsm
+++ b/content/base/src/CSPUtils.jsm
@ -243,8 +243,6 @@ CSPRep.ALLOW_DIRECTIVE   = "allow";
  *        while the policy-uri is asynchronously fetched
  * @param csp (optional)
  *        the CSP object to update once the policy has been fetched
-  * @param reportOnly (optional)
-  *        whether or not this CSP is report-only (defaults to false)
  * @returns
  *        an instance of CSPRep
  */
@ -482,8 +480,7 @@ CSPRep.fromString = function(aStr, self, docRequest, csp, reportOnly) {
  // directive to be present.
  if (!aCSPR._directives[SD.DEFAULT_SRC]) {
    cspWarn(aCSPR, CSPLocalizer.getStr("allowOrDefaultSrcRequired"));
-    return CSPRep.fromString("default-src 'none'", selfUri, docRequest, csp,
-                             reportOnly);
+    return CSPRep.fromString("default-src 'none'", selfUri);
  }
  return aCSPR;
 };
@ -501,8 +498,6 @@ CSPRep.fromString = function(aStr, self, docRequest, csp, reportOnly) {
  *        while the policy-uri is asynchronously fetched
  * @param csp (optional)
  *        the CSP object to update once the policy has been fetched
-  * @param reportOnly (optional)
-  *        whether or not this CSP is report-only (defaults to false)
  * @returns
  *        an instance of CSPRep
  */
--- a/content/base/test/csp/Makefile.in
+++ b/content/base/test/csp/Makefile.in
@ -97,9 +97,6 @@ MOCHITEST_FILES := \
  file_bug836922_npolicies.html^headers^ \
  file_bug836922_npolicies_violation.sjs \
  file_bug836922_npolicies_ro_violation.sjs \
-  test_CSP_bug916446.html \
-  file_CSP_bug916446.html \
-  file_CSP_bug916446.html^headers^ \
  $(NULL)

 MOCHITEST_CHROME_FILES := \
--- a/content/base/test/csp/file_CSP_bug916446.html
+++ b/content/base/test/csp/file_CSP_bug916446.html
@ -1,16 +0,0 @@
-<!doctype html>
-<html>
-  <body>
-    <ol>
-      <li id="inline-script">Inline script (green if allowed, black if blocked)</li>
-    </ol>
-
-    <script>
-      // Use inline script to set a style attribute
-      document.getElementById("inline-script").style.color = "rgb(0, 128, 0)";
-    </script>
-
-    <img src="file_CSP.sjs?testid=img_bad&type=img/png"></img>
-
-  </body>
-</html>
--- a/content/base/test/csp/file_CSP_bug916446.html^headers^
+++ b/content/base/test/csp/file_CSP_bug916446.html^headers^
@ -1 +0,0 @@
-x-content-security-policy-report-only: options eval-script; script-src 'self' ; report-uri /csp_report
--- a/content/base/test/csp/test_CSP_bug916446.html
+++ b/content/base/test/csp/test_CSP_bug916446.html
@ -1,118 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<head>
-  <title>Test for Bug 916446</title>
-   <!--
-   test that an invalid report-only policy (a stripped down version of what
-   web.tweetdeck.com was serving) defaults to "default-src 'none'" but only
-   sends reports and is not accidentally enforced
-   -->
-  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
-  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
-</head>
-<body>
-<iframe style="width:200px;height:200px;" id='testframe'></iframe>
-
-<script class="testbody" type="text/javascript">
-
-// This is used to watch the blocked data bounce off CSP and allowed data
-// get sent out to the wire.
-function examiner() {
-  SpecialPowers.addObserver(this, "csp-on-violate-policy", false);
-  SpecialPowers.addObserver(this, "http-on-modify-request", false);
-}
-examiner.prototype  = {
-  completedTests: 0,
-  totalTests: 4,
-
-  observe: function(subject, topic, data) {
-    // subject should be an nsURI, and should be either allowed or blocked.
-    if (!SpecialPowers.can_QI(subject))
-      return;
-
-    var testpat = new RegExp("testid=([a-z0-9_]+)");
-
-    if (topic === "http-on-modify-request") {
-      //these things were allowed by CSP
-      var asciiSpec = SpecialPowers.getPrivilegedProps(SpecialPowers.do_QueryInterface(subject, "nsIHttpChannel"), "URI.asciiSpec");
-      if (!testpat.test(asciiSpec)) return;
-      var testid = testpat.exec(asciiSpec)[1];
-      if (testid === "img_bad") {
-        // img_bad should be *allowed* because the policy is report-only
-        ok(true, "Inline scripts should execute (because the policy is report-only)");
-        this.completedTests++;
-      }
-    }
-
-    if(topic === "csp-on-violate-policy") {
-      // these were blocked
-      try {
-        var asciiSpec = SpecialPowers.getPrivilegedProps(SpecialPowers.do_QueryInterface(subject, "nsIURI"), "asciiSpec");
-        if (!testpat.test(asciiSpec)) return;
-        var testid = testpat.exec(asciiSpec)[1];
-        if (testid === "img_bad") {
-          ok(true, "External loads should trigger a violation report (because the policy should fail closed to \"default-src 'none'\")");
-          this.completedTests++;
-        }
-      } catch (e) {
-        // if that fails, the subject is probably a string
-        violation_msg = SpecialPowers.getPrivilegedProps(SpecialPowers.do_QueryInterface(subject, "nsISupportsCString"), "data");
-        if (/Inline Scripts will not execute/.test(violation_msg)) {
-          ok(true, "Inline scripts should trigger a violation report (because the policy should fail closed to \"default-src 'none'\")");
-          this.completedTests++;
-        }
-      }
-    }
-  },
-
-  // must eventually call this to remove the listener,
-  // or mochitests might get borked.
-  remove: function() {
-    SpecialPowers.removeObserver(this, "csp-on-violate-policy");
-    SpecialPowers.removeObserver(this, "http-on-modify-request");
-  }
-}
-
-window.examiner = new examiner();
-
-function checkInlineScriptExecuted() {
-  var green = 'rgb(0, 128, 0)';
-  var black = 'rgb(0, 0, 0)';
-  var that = this;
-  function getElementColorById(id) {
-    return window.getComputedStyle(that.contentDocument.getElementById(id)).color;
-  }
-  if (getElementColorById('inline-script') === green) {
-    ok(true, "Inline scripts should execute (because the policy is report-only)");
-    window.examiner.completedTests++;
-  }
-
-  waitToFinish();
-}
-
-function waitToFinish() {
-  setTimeout(function wait() {
-    if (window.examiner.completedTests < window.examiner.totalTests) {
-        waitToFinish();
-    } else {
-      // Cleanup
-      window.examiner.remove();
-      SimpleTest.finish();
-    }
-  }, 10);
-}
-
-SimpleTest.waitForExplicitFinish();
-
-SpecialPowers.pushPrefEnv(
-  {'set':[["security.csp.speccompliant", false]]},
-  function() {
-    var testframe = document.getElementById('testframe');
-    testframe.src = 'file_CSP_bug916446.html';
-    testframe.addEventListener('load', checkInlineScriptExecuted);
-  }
-);
-</script>
-</pre>
-</body>
-</html>
				`@ -1 +0,0 @@`
				`x-content-security-policy-report-only: options eval-script; script-src 'self' ; report-uri /csp_report`