|
|
|---|
|
Lines 2615-2657
nsDocument::SendToConsole(nsCOMArray<nsISecurityConsoleMessage>& aMessages)
|
Link Here
|
|---|
|
|---|
| 2615 |
|
2615 |
|
| 2616 |
nsContentUtils::ReportToConsole(nsIScriptError::warningFlag, |
2616 |
nsContentUtils::ReportToConsole(nsIScriptError::warningFlag, |
| 2617 |
NS_ConvertUTF16toUTF8(category), |
2617 |
NS_ConvertUTF16toUTF8(category), |
| 2618 |
this, nsContentUtils::eSECURITY_PROPERTIES, |
2618 |
this, nsContentUtils::eSECURITY_PROPERTIES, |
| 2619 |
NS_ConvertUTF16toUTF8(messageTag).get()); |
2619 |
NS_ConvertUTF16toUTF8(messageTag).get()); |
| 2620 |
} |
2620 |
} |
| 2621 |
} |
2621 |
} |
| 2622 |
|
2622 |
|
| 2623 |
bool |
|
|
| 2624 |
nsDocument::IsLoopDocument(nsIChannel *aChannel) |
| 2625 |
{ |
| 2626 |
nsCOMPtr<nsIURI> chanURI; |
| 2627 |
nsresult rv = aChannel->GetOriginalURI(getter_AddRefs(chanURI)); |
| 2628 |
NS_ENSURE_SUCCESS(rv, false); |
| 2629 |
|
| 2630 |
bool isAbout = false; |
| 2631 |
bool isLoop = false; |
| 2632 |
rv = chanURI->SchemeIs("about", &isAbout); |
| 2633 |
NS_ENSURE_SUCCESS(rv, false); |
| 2634 |
if (isAbout) { |
| 2635 |
nsCOMPtr<nsIURI> loopURI; |
| 2636 |
rv = NS_NewURI(getter_AddRefs(loopURI), "about:loopconversation"); |
| 2637 |
NS_ENSURE_SUCCESS(rv, false); |
| 2638 |
rv = chanURI->EqualsExceptRef(loopURI, &isLoop); |
| 2639 |
NS_ENSURE_SUCCESS(rv, false); |
| 2640 |
if (!isLoop) { |
| 2641 |
rv = NS_NewURI(getter_AddRefs(loopURI), "about:looppanel"); |
| 2642 |
NS_ENSURE_SUCCESS(rv, false); |
| 2643 |
rv = chanURI->EqualsExceptRef(loopURI, &isLoop); |
| 2644 |
NS_ENSURE_SUCCESS(rv, false); |
| 2645 |
} |
| 2646 |
} |
| 2647 |
return isLoop; |
| 2648 |
} |
| 2649 |
|
| 2650 |
void |
2623 |
void |
| 2651 |
nsDocument::ApplySettingsFromCSP(bool aSpeculative) |
2624 |
nsDocument::ApplySettingsFromCSP(bool aSpeculative) |
| 2652 |
{ |
2625 |
{ |
| 2653 |
nsresult rv = NS_OK; |
2626 |
nsresult rv = NS_OK; |
| 2654 |
if (!aSpeculative) { |
2627 |
if (!aSpeculative) { |
| 2655 |
// 1) apply settings from regular CSP |
2628 |
// 1) apply settings from regular CSP |
| 2656 |
nsCOMPtr<nsIContentSecurityPolicy> csp; |
2629 |
nsCOMPtr<nsIContentSecurityPolicy> csp; |
| 2657 |
rv = NodePrincipal()->GetCsp(getter_AddRefs(csp)); |
2630 |
rv = NodePrincipal()->GetCsp(getter_AddRefs(csp)); |
|
Lines 2766-2796
nsDocument::InitCSP(nsIChannel* aChannel)
|
Link Here
|
|---|
|
|---|
| 2766 |
} |
2739 |
} |
| 2767 |
} |
2740 |
} |
| 2768 |
|
2741 |
|
| 2769 |
// Check if this is a document from a WebExtension. |
2742 |
// Check if this is a document from a WebExtension. |
| 2770 |
nsString addonId; |
2743 |
nsString addonId; |
| 2771 |
principal->GetAddonId(addonId); |
2744 |
principal->GetAddonId(addonId); |
| 2772 |
bool applyAddonCSP = !addonId.IsEmpty(); |
2745 |
bool applyAddonCSP = !addonId.IsEmpty(); |
| 2773 |
|
2746 |
|
| 2774 |
// Check if this is part of the Loop/Hello service |
|
|
| 2775 |
bool applyLoopCSP = IsLoopDocument(aChannel); |
| 2776 |
|
| 2777 |
// Check if this is a signed content to apply default CSP. |
2747 |
// Check if this is a signed content to apply default CSP. |
| 2778 |
bool applySignedContentCSP = false; |
2748 |
bool applySignedContentCSP = false; |
| 2779 |
nsCOMPtr<nsILoadInfo> loadInfo = aChannel->GetLoadInfo(); |
2749 |
nsCOMPtr<nsILoadInfo> loadInfo = aChannel->GetLoadInfo(); |
| 2780 |
if (loadInfo && loadInfo->GetVerifySignedContent()) { |
2750 |
if (loadInfo && loadInfo->GetVerifySignedContent()) { |
| 2781 |
applySignedContentCSP = true; |
2751 |
applySignedContentCSP = true; |
| 2782 |
} |
2752 |
} |
| 2783 |
|
2753 |
|
| 2784 |
// If there's no CSP to apply, go ahead and return early |
2754 |
// If there's no CSP to apply, go ahead and return early |
| 2785 |
if (!applyAppDefaultCSP && |
2755 |
if (!applyAppDefaultCSP && |
| 2786 |
!applyAppManifestCSP && |
2756 |
!applyAppManifestCSP && |
| 2787 |
!applyAddonCSP && |
2757 |
!applyAddonCSP && |
| 2788 |
!applyLoopCSP && |
|
|
| 2789 |
!applySignedContentCSP && |
2758 |
!applySignedContentCSP && |
| 2790 |
cspHeaderValue.IsEmpty() && |
2759 |
cspHeaderValue.IsEmpty() && |
| 2791 |
cspROHeaderValue.IsEmpty()) { |
2760 |
cspROHeaderValue.IsEmpty()) { |
| 2792 |
if (MOZ_LOG_TEST(gCspPRLog, LogLevel::Debug)) { |
2761 |
if (MOZ_LOG_TEST(gCspPRLog, LogLevel::Debug)) { |
| 2793 |
nsCOMPtr<nsIURI> chanURI; |
2762 |
nsCOMPtr<nsIURI> chanURI; |
| 2794 |
aChannel->GetURI(getter_AddRefs(chanURI)); |
2763 |
aChannel->GetURI(getter_AddRefs(chanURI)); |
| 2795 |
nsAutoCString aspec; |
2764 |
nsAutoCString aspec; |
| 2796 |
chanURI->GetAsciiSpec(aspec); |
2765 |
chanURI->GetAsciiSpec(aspec); |
|
Lines 2864-2890
nsDocument::InitCSP(nsIChannel* aChannel)
|
Link Here
|
|---|
|
|---|
| 2864 |
// Note that when the content signing becomes a standard, we might have |
2833 |
// Note that when the content signing becomes a standard, we might have |
| 2865 |
// to restrict this enforcement to "remote content" only. |
2834 |
// to restrict this enforcement to "remote content" only. |
| 2866 |
if (applySignedContentCSP) { |
2835 |
if (applySignedContentCSP) { |
| 2867 |
nsAdoptingString signedContentCSP = |
2836 |
nsAdoptingString signedContentCSP = |
| 2868 |
Preferences::GetString("security.signed_content.CSP.default"); |
2837 |
Preferences::GetString("security.signed_content.CSP.default"); |
| 2869 |
csp->AppendPolicy(signedContentCSP, false, false); |
2838 |
csp->AppendPolicy(signedContentCSP, false, false); |
| 2870 |
} |
2839 |
} |
| 2871 |
|
2840 |
|
| 2872 |
// ----- if the doc is part of Loop, apply the loop CSP |
|
|
| 2873 |
if (applyLoopCSP) { |
| 2874 |
nsAdoptingString loopCSP; |
| 2875 |
loopCSP = Preferences::GetString("loop.CSP"); |
| 2876 |
NS_ASSERTION(loopCSP, "Missing loop.CSP preference"); |
| 2877 |
// If the pref has been removed, we continue without setting a CSP |
| 2878 |
if (loopCSP) { |
| 2879 |
csp->AppendPolicy(loopCSP, false, false); |
| 2880 |
} |
| 2881 |
} |
| 2882 |
|
| 2883 |
// ----- if there's a full-strength CSP header, apply it. |
2841 |
// ----- if there's a full-strength CSP header, apply it. |
| 2884 |
if (!cspHeaderValue.IsEmpty()) { |
2842 |
if (!cspHeaderValue.IsEmpty()) { |
| 2885 |
rv = CSP_AppendCSPFromHeader(csp, cspHeaderValue, false); |
2843 |
rv = CSP_AppendCSPFromHeader(csp, cspHeaderValue, false); |
| 2886 |
NS_ENSURE_SUCCESS(rv, rv); |
2844 |
NS_ENSURE_SUCCESS(rv, rv); |
| 2887 |
} |
2845 |
} |
| 2888 |
|
2846 |
|
| 2889 |
// ----- if there's a report-only CSP header, apply it. |
2847 |
// ----- if there's a report-only CSP header, apply it. |
| 2890 |
if (!cspROHeaderValue.IsEmpty()) { |
2848 |
if (!cspROHeaderValue.IsEmpty()) { |