mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
Bug 949549 - Ensure that CSP warnings reach webconsole for document hosted on app:// protocol. r=sstamm
This commit is contained in:
parent
a4ff8c1b2f
commit
2bb95c6160
@ -5,7 +5,7 @@
|
||||
#include "nsISupports.idl"
|
||||
|
||||
interface nsIURI;
|
||||
interface nsIHttpChannel;
|
||||
interface nsIChannel;
|
||||
interface nsIDocShell;
|
||||
|
||||
/**
|
||||
@ -15,7 +15,7 @@ interface nsIDocShell;
|
||||
* one of these per document/principal.
|
||||
*/
|
||||
|
||||
[scriptable, uuid(ff46c14e-5b2d-4aca-8961-d0b0d987cb81)]
|
||||
[scriptable, uuid(2e7875a3-8cb5-4ebb-905b-af0a90dae594)]
|
||||
interface nsIContentSecurityPolicy : nsISupports
|
||||
{
|
||||
|
||||
@ -183,7 +183,7 @@ interface nsIContentSecurityPolicy : nsISupports
|
||||
* Called after the CSP object is created to fill in the appropriate request
|
||||
* and request header information needed in case a report needs to be sent.
|
||||
*/
|
||||
void scanRequestData(in nsIHttpChannel aChannel);
|
||||
void scanRequestData(in nsIChannel aChannel);
|
||||
|
||||
/**
|
||||
* Verifies ancestry as permitted by the policy.
|
||||
|
@ -364,7 +364,7 @@ ContentSecurityPolicy.prototype = {
|
||||
.getService(Ci.nsIScriptSecurityManager)
|
||||
.getChannelPrincipal(aChannel));
|
||||
|
||||
if (aChannel.referrer) {
|
||||
if (aChannel instanceof Ci.nsIHttpChannel && aChannel.referrer) {
|
||||
let referrer = aChannel.referrer.cloneIgnoringRef();
|
||||
try { // GetUserPass throws for some protocols without userPass
|
||||
referrer.userPass = '';
|
||||
|
@ -2691,7 +2691,7 @@ nsDocument::InitCSP(nsIChannel* aChannel)
|
||||
aChannel->GetURI(getter_AddRefs(selfURI));
|
||||
|
||||
// Store the request context for violation reports
|
||||
csp->ScanRequestData(httpChannel);
|
||||
csp->ScanRequestData(aChannel);
|
||||
|
||||
// ----- if the doc is an app and we want a default CSP, apply it.
|
||||
if (applyAppDefaultCSP) {
|
||||
|
@ -132,3 +132,4 @@ support-files =
|
||||
[test_hash_source.html]
|
||||
[test_dual_headers_warning.html]
|
||||
[test_self_none_as_hostname_confusion.html]
|
||||
[test_bug949549.html]
|
||||
|
68
content/base/test/csp/test_bug949549.html
Normal file
68
content/base/test/csp/test_bug949549.html
Normal file
@ -0,0 +1,68 @@
|
||||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>Test for Bug 949549</title>
|
||||
<script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
|
||||
</head>
|
||||
<body>
|
||||
<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=949549">Mozilla Bug 949549</a>
|
||||
<div id="content" style="display: none"></div>
|
||||
<pre id="test">
|
||||
<script type="application/javascript;version=1.8">
|
||||
"use strict";
|
||||
|
||||
// Ensure that `scanRequestData` doesn't throw with app:// URLs
|
||||
|
||||
const csp = SpecialPowers.Cc["@mozilla.org/contentsecuritypolicy;1"]
|
||||
.createInstance(SpecialPowers.Ci.nsIContentSecurityPolicy);
|
||||
|
||||
const gManifestURL = "http://www.example.com/chrome/dom/tests/mochitest/webapps/apps/basic.webapp";
|
||||
|
||||
SimpleTest.waitForExplicitFinish();
|
||||
var launchableValue, app;
|
||||
|
||||
function setupTest() {
|
||||
// We have to install an app in order for the app URL to be valid
|
||||
// (otherwise we get a "DummyChannel" that throws NS_NOT_IMPLEMENTED)
|
||||
launchableValue = SpecialPowers.setAllAppsLaunchable(true);
|
||||
SpecialPowers.addPermission("webapps-manage", true, document);
|
||||
SpecialPowers.autoConfirmAppInstall(function () {
|
||||
let req = navigator.mozApps.install(gManifestURL);
|
||||
req.onsuccess = function () {
|
||||
app = this.result;
|
||||
runTest();
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
function runTest() {
|
||||
// We have to use a mochitest to test app:// urls,
|
||||
// as app channels can't be instanciated in xpcshell.
|
||||
// Because app protocol depends on webapps.jsm,
|
||||
// which doesn't instanciate properly on xpcshell without many hacks
|
||||
let appchan = SpecialPowers.Services.io.newChannel(gManifestURL, null, null);
|
||||
|
||||
try {
|
||||
csp.scanRequestData(appchan);
|
||||
ok(true, "scanRequestData hasn't thown");
|
||||
} catch(e) {
|
||||
ok(false, "scanRequestData throws");
|
||||
}
|
||||
|
||||
cleanup()
|
||||
}
|
||||
|
||||
function cleanup() {
|
||||
SpecialPowers.setAllAppsLaunchable(launchableValue);
|
||||
let req = navigator.mozApps.mgmt.uninstall(app);
|
||||
req.onsuccess = function () {
|
||||
SimpleTest.finish();
|
||||
};
|
||||
}
|
||||
|
||||
setupTest();
|
||||
</script>
|
||||
</pre>
|
||||
</body>
|
||||
</html>
|
Loading…
Reference in New Issue
Block a user