Bug 820196 - CSP slows down app startup by ~12% [r=geekboy]

2024-09-13 09:24:08 -07:00 · 2012-12-14 14:53:29 -08:00 · 2012-12-14 14:53:29 -08:00 · 41cc562d1d
commit 41cc562d1d
parent ca0e8000e0
5 changed files with 48 additions and 10 deletions
--- a/b2g/components/ProcessGlobal.js
+++ b/b2g/components/ProcessGlobal.js
@ -22,6 +22,9 @@ const Cu = Components.utils;
 Cu.import('resource://gre/modules/Services.jsm');
 Cu.import('resource://gre/modules/XPCOMUtils.jsm');

+// Preloading the CSP jsm in this process early on.
+Cu.import("resource://gre/modules/CSPUtils.jsm");
+
 function debug(msg) {
  log(msg);
 }
--- a/content/base/src/CSPUtils.jsm
+++ b/content/base/src/CSPUtils.jsm
@ -1243,7 +1243,7 @@ CSPSource.prototype = {
    if (!aSource) return false;

    if (!(aSource instanceof CSPSource))
-      return this.permits(CSPSource.create(aSource, this._CSPRep));
+      aSource = CSPSource.create(aSource, this._CSPRep);

    // verify scheme
    if (this.scheme != aSource.scheme)
@ -1469,7 +1469,7 @@ CSPHost.prototype = {

    if (!(aHost instanceof CSPHost)) {
      // -- compare CSPHost to String
-      return this.permits(CSPHost.fromString(aHost));
+      aHost =  CSPHost.fromString(aHost);
    }
    var thislen = this._segments.length;
    var thatlen = aHost._segments.length;
--- a/content/base/src/Makefile.in
+++ b/content/base/src/Makefile.in
@ -161,7 +161,6 @@ FORCE_STATIC_LIB = 1
 EXTRA_COMPONENTS = \
 		$(srcdir)/nsBadCertHandler.js \
 		nsBadCertHandler.manifest \
-		contentSecurityPolicy.js \
 		contentSecurityPolicy.manifest \
 		contentAreaDropListener.js \
 		contentAreaDropListener.manifest \
@ -169,6 +168,10 @@ EXTRA_COMPONENTS = \
 		messageWakeupService.manifest \
 		$(NULL)

+EXTRA_PP_COMPONENTS = \
+		contentSecurityPolicy.js \
+		$(NULL)
+
 EXTRA_JS_MODULES = \
 		CSPUtils.jsm \
 		$(NULL)
--- a/content/base/src/contentSecurityPolicy.js
+++ b/content/base/src/contentSecurityPolicy.js
@ -42,6 +42,8 @@ function ContentSecurityPolicy() {
  this._referrer = "";
  this._docRequest = null;
  CSPdebug("CSP POLICY INITED TO 'default-src *'");
+
+  this._cache = { };
 }

 /*
@ -224,6 +226,7 @@ ContentSecurityPolicy.prototype = {
    // (3) Save the result
    this._policy = intersect;
    this._isInitialized = true;
+    this._cache = {};
  },

  /**
@ -422,16 +425,17 @@ ContentSecurityPolicy.prototype = {
                          aContext,
                          aMimeTypeGuess,
                          aOriginalUri) {
-
-    // don't filter chrome stuff
-    if (aContentLocation.scheme === 'chrome' ||
-        aContentLocation.scheme === 'resource') {
-      return Ci.nsIContentPolicy.ACCEPT;
+    let key = aContentLocation.spec + "!" + aContentType;
+    if (this._cache[key]) {
+      return this._cache[key];
    }

-    // interpret the context, and then pass off to the decision structure
+#ifndef MOZ_B2G
+    // Try to remove as much as possible from the hot path on b2g.
    CSPdebug("shouldLoad location = " + aContentLocation.asciiSpec);
    CSPdebug("shouldLoad content type = " + aContentType);
+#endif
+    // interpret the context, and then pass off to the decision structure
    var cspContext = ContentSecurityPolicy._MAPPINGS[aContentType];

    // if the mapping is null, there's no policy, let it through.
@ -461,7 +465,9 @@ ContentSecurityPolicy.prototype = {
      }
    }

-    return (this._reportOnlyMode ? Ci.nsIContentPolicy.ACCEPT : res);
+    let ret = this._cache[key] =
+      (this._reportOnlyMode ? Ci.nsIContentPolicy.ACCEPT : res);
+    return ret;
  },

  shouldProcess:
--- a/content/base/src/nsCSPService.cpp
+++ b/content/base/src/nsCSPService.cpp
@ -78,6 +78,32 @@ CSPService::ShouldLoad(uint32_t aContentType,
    if (!sCSPEnabled)
        return NS_OK;

+    // shortcut for about: chrome: and resource: and javascript: uris since
+    // they're not subject to CSP content policy checks.
+    bool schemeMatch = false;
+    NS_ENSURE_SUCCESS(aContentLocation->SchemeIs("about", &schemeMatch), NS_OK);
+    if (schemeMatch)
+        return NS_OK;
+    NS_ENSURE_SUCCESS(aContentLocation->SchemeIs("chrome", &schemeMatch), NS_OK);
+    if (schemeMatch)
+        return NS_OK;
+    NS_ENSURE_SUCCESS(aContentLocation->SchemeIs("resource", &schemeMatch), NS_OK);
+    if (schemeMatch)
+        return NS_OK;
+    NS_ENSURE_SUCCESS(aContentLocation->SchemeIs("javascript", &schemeMatch), NS_OK);
+    if (schemeMatch)
+        return NS_OK;
+
+
+    // These content types are not subject to CSP content policy checks:
+    // TYPE_CSP_REPORT, TYPE_REFRESH, TYPE_DOCUMENT
+    // (their mappings are null in contentSecurityPolicy.js)
+    if (aContentType == nsIContentPolicy::TYPE_CSP_REPORT ||
+        aContentType == nsIContentPolicy::TYPE_REFRESH ||
+        aContentType == nsIContentPolicy::TYPE_DOCUMENT) {
+        return NS_OK;
+    }
+
    // find the principal of the document that initiated this request and see
    // if it has a CSP policy object
    nsCOMPtr<nsINode> node(do_QueryInterface(aRequestContext));