Bug 1053028 - Remove remaining relicts of deprecated X-CSP header (r=sstamm)

2024-09-13 09:24:08 -07:00 · 2014-08-12 21:15:56 -07:00 · 2014-08-12 21:15:56 -07:00 · e25473a9a7
commit e25473a9a7
parent fb1bf07833
6 changed files with 10 additions and 30 deletions
--- a/browser/extensions/pdfjs/content/PdfStreamConverter.jsm
+++ b/browser/extensions/pdfjs/content/PdfStreamConverter.jsm
@ -906,9 +906,6 @@ PdfStreamConverter.prototype = {
      aRequest.setResponseHeader('Content-Security-Policy', '', false);
      aRequest.setResponseHeader('Content-Security-Policy-Report-Only', '',
                                 false);
-      aRequest.setResponseHeader('X-Content-Security-Policy', '', false);
-      aRequest.setResponseHeader('X-Content-Security-Policy-Report-Only', '',
-                                 false);
    }

    PdfJsTelemetry.onViewerIsUsed();
--- a/content/base/src/nsGkAtomList.h
+++ b/content/base/src/nsGkAtomList.h
@ -1214,8 +1214,6 @@ GK_ATOM(withParam, "with-param")
 GK_ATOM(wizard, "wizard")
 GK_ATOM(wrap, "wrap")
 GK_ATOM(headerDNSPrefetchControl,"x-dns-prefetch-control")
-GK_ATOM(headerOldCSP, "x-content-security-policy")
-GK_ATOM(headerOldCSPReportOnly, "x-content-security-policy-report-only")
 GK_ATOM(headerCSP, "content-security-policy")
 GK_ATOM(headerCSPReportOnly, "content-security-policy-report-only")
 GK_ATOM(headerXFO, "x-frame-options")
--- a/content/base/test/csp/file_csp_redirects_main.html
+++ b/content/base/test/csp/file_csp_redirects_main.html
@ -11,15 +11,15 @@ var thisSite = "http://mochi.test:8888";
 var otherSite = "http://example.com";
 var page = "/tests/content/base/test/csp/file_csp_redirects_page.sjs";

-var tests = { "font-src": thisSite+page+"?testid=font-src&csp=1&spec=1",
-              "frame-src": thisSite+page+"?testid=frame-src&csp=1&spec=1",
-              "img-src":  thisSite+page+"?testid=img-src&csp=1&spec=1",
-              "media-src":  thisSite+page+"?testid=media-src&csp=1&spec=1",
-              "object-src":  thisSite+page+"?testid=object-src&csp=1&spec=1",
-              "script-src":  thisSite+page+"?testid=script-src&csp=1&spec=1",
-              "style-src":  thisSite+page+"?testid=style-src&csp=1&spec=1",
-              "worker":  thisSite+page+"?testid=worker&csp=1&spec=1",
-              "xhr-src":  thisSite+page+"?testid=xhr-src&csp=1&spec=1",
+var tests = { "font-src": thisSite+page+"?testid=font-src&csp=1",
+              "frame-src": thisSite+page+"?testid=frame-src&csp=1",
+              "img-src":  thisSite+page+"?testid=img-src&csp=1",
+              "media-src":  thisSite+page+"?testid=media-src&csp=1",
+              "object-src":  thisSite+page+"?testid=object-src&csp=1",
+              "script-src":  thisSite+page+"?testid=script-src&csp=1",
+              "style-src":  thisSite+page+"?testid=style-src&csp=1",
+              "worker":  thisSite+page+"?testid=worker&csp=1",
+              "xhr-src":  thisSite+page+"?testid=xhr-src&csp=1",
            };

 var container = document.getElementById("container");
--- a/content/base/test/csp/file_csp_redirects_page.sjs
+++ b/content/base/test/csp/file_csp_redirects_page.sjs
@ -15,11 +15,7 @@ function handleRequest(request, response)

  // CSP header value
  if (query["csp"] == 1) {
-    if (query["spec"] == 1) {
-      response.setHeader("Content-Security-Policy", "default-src 'self' ; style-src 'self' 'unsafe-inline'", false);
-    } else {
-      response.setHeader("X-Content-Security-Policy", "allow 'self'", false);
-    }
+    response.setHeader("Content-Security-Policy", "default-src 'self' ; style-src 'self' 'unsafe-inline'", false);
  }

  // downloadable font that redirects to another site
--- a/dom/locales/en-US/chrome/security/security.properties
+++ b/dom/locales/en-US/chrome/security/security.properties
@ -3,13 +3,6 @@
 BlockMixedDisplayContent = Blocked loading mixed display content "%1$S"
 BlockMixedActiveContent = Blocked loading mixed active content "%1$S"

-# CSP
-ReportOnlyCSPIgnored=Report-only CSP policy will be ignored because there are other non-report-only CSP policies applied.
-# LOCALIZATION NOTE: Do not translate "X-Content-Security-Policy", "X-Content-Security-Policy-Report-Only",  "Content-Security-Policy" or "Content-Security-Policy-Report-Only"
-OldCSPHeaderDeprecated=The X-Content-Security-Policy and X-Content-Security-Report-Only headers will be deprecated in the future. Please use the Content-Security-Policy and Content-Security-Report-Only headers with CSP spec compliant syntax instead.
-# LOCALIZATION NOTE: Do not translate "X-Content-Security-Policy/Report-Only" or "Content-Security-Policy/Report-Only"
-BothCSPHeadersPresent=This site specified both an X-Content-Security-Policy/Report-Only header and a Content-Security-Policy/Report-Only header. The X-Content-Security-Policy/Report-Only header(s) will be ignored.
-
 # CORS
 CrossSiteRequestBlocked=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. This can be fixed by moving the resource to the same domain or enabling CORS.

--- a/netwerk/protocol/viewsource/nsViewSourceChannel.cpp
+++ b/netwerk/protocol/viewsource/nsViewSourceChannel.cpp
@ -722,10 +722,6 @@ nsViewSourceChannel::GetResponseHeader(const nsACString & aHeader,

    if (!aHeader.Equals(NS_LITERAL_CSTRING("Content-Type"),
                        nsCaseInsensitiveCStringComparator()) &&
-        !aHeader.Equals(NS_LITERAL_CSTRING("X-Content-Security-Policy"),
-                        nsCaseInsensitiveCStringComparator()) &&
-        !aHeader.Equals(NS_LITERAL_CSTRING("X-Content-Security-Policy-Report-Only"),
-                        nsCaseInsensitiveCStringComparator()) &&
        !aHeader.Equals(NS_LITERAL_CSTRING("Content-Security-Policy"),
                        nsCaseInsensitiveCStringComparator()) &&
        !aHeader.Equals(NS_LITERAL_CSTRING("Content-Security-Policy-Report-Only"),