Closed Bug 1337543 Opened 7 years ago Closed 7 years ago

does ServiceWorker respect CSP headers set on the service worker script?

Categories

(Core :: DOM: Service Workers, defect)

defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla54
Tracking Status
firefox54 --- fixed

People

(Reporter: bkelly, Assigned: bkelly)

References

(Blocks 1 open bug)

Details

Attachments

(8 files, 11 obsolete files)

3.38 KB, patch
baku
: review+
Details | Diff | Splinter Review
1.84 KB, patch
baku
: review+
Details | Diff | Splinter Review
2.44 KB, patch
baku
: review+
Details | Diff | Splinter Review
6.47 KB, patch
baku
: review+
Details | Diff | Splinter Review
4.43 KB, patch
baku
: review+
Details | Diff | Splinter Review
4.65 KB, patch
baku
: review+
Details | Diff | Splinter Review
5.87 KB, patch
bkelly
: review+
Details | Diff | Splinter Review
1.34 KB, patch
bkelly
: review+
Details | Diff | Splinter Review
Currently we set CSP for a ServiceWorker in a few places.  First, we use the initial registration principal:

https://dxr.mozilla.org/mozilla-central/source/dom/workers/ServiceWorkerPrivate.cpp#1798

I believe this may be incorrectly inheriting the CSP from the document that registered the service worker though.  Bug 1223647 suggests we should not do this.

We then override the CSP later using the principal loaded from CacheStorage:

https://dxr.mozilla.org/mozilla-central/source/dom/workers/ScriptLoader.cpp#1311

This will never have any CSP attached to it because its deserialized from PrincipalInfo which does not include CSP.

So it seems ServiceWorker workers will never have any CSP set.  This lets us pass:

https://dxr.mozilla.org/mozilla-central/source/dom/workers/test/serviceworkers/test_eval_allowed.html

But it perhaps is not applying CSP headers on the service worker script itself.

Other workers get CSP set by the headers on the nsIChannel here:

https://dxr.mozilla.org/mozilla-central/source/dom/workers/ScriptLoader.cpp#1060

We probably need to do the same work in DataReceivedFromCache() in order to apply the CSP header values to the ServiceWorker.

Christoph, what do you think?
Flags: needinfo?(ckerschb)
Its possible I misunderstand our CSP inheritence, btw.  However, if I try to move the SetPrincipal() code that sets the CSP from DataReceivedFromCache() to using the principal in SpawnWorkerIfNeeded() we start failing test_eval_allowed.html.
See Also: → 1337522
I'm going to take this to make sure I understand what is going on before changing the principal code further.
Assignee: nobody → bkelly
Status: NEW → ASSIGNED
Flags: needinfo?(ckerschb)
There are still a few issues with the WPT tests I need sort out tomorrow.  I think we should pass all the SW csp tests after this, but some are failing.  It looks like the test is not using the correctly configured origins.
James, there are some tests trying to use this wpt .py as a service worker script:

https://dxr.mozilla.org/mozilla-central/source/testing/web-platform/tests/service-workers/service-worker/resources/service-worker-csp-worker.py

The goal here is to apply the CSP headers to the script.

It seems, though, that get-host-info.sub.js is not getting variables substituted correctly.  Is substitution supported in the output of server .py scripts?  If not, what is the best way to do this?

Thanks.
Flags: needinfo?(james)
FTR you can use request.server.config to get at the server configuration variables in a .py script, and request.url_parts to inspect the current host, port, etc. I can try to move the .sub. handling to later in the pipeline so that it works for more than just plain files, if you think that would be useful.
Flags: needinfo?(james)
The issue is actually that we are trying to use get_host_info() from get-host-info.sub.js in the service worker script which does:

  try {
    // In W3C test, we can get the hostname and port number in config.json
    // using wptserve's built-in pipe.
    // http://wptserve.readthedocs.org/en/latest/pipes.html#built-in-pipes
    HTTP_PORT = eval('{{ports[http][0]}}');
    HTTPS_PORT = eval('{{ports[https][0]}}');
    ORIGINAL_HOST = eval('\'{{host}}\'');
    REMOTE_HOST = 'www1.' + ORIGINAL_HOST;
  } catch (e) {
  }

These evals won't work with the CSP applied.
Depends on: 1338173
Bug 1338173 will switch SW tests to use the /common/get-host-info.sub.js which does not use eval.  That should solve comment 12 issue.
Depends on: 1338304
This updates the WPT test expectations.  We have one CSP-related failure still due to bug 1322111.
Attachment #8835742 - Attachment description: bug1337543_p7_wpt.patch → P7 Update WPT test expectations now that CSP is applied in service workers. r=baku
See Also: → 1322111
See Also: → 965637
Comment on attachment 8836096 [details] [diff] [review]
P0 Sanitize the nsIPrincipal used to register a service worker to ensure CSP is not persisted. r=baku

Some of the confusion here is that the ServiceWorkerRegistration will share the nsIPrincipal of the page that called `navigator.serviceWorker.register()`.  If that page has CSP applied the principal on the registration will also have the CSP.

In contrast, when a ServiceWorkerRegistration is created at startup from the registrar it does not have any CSP.  The CSP value is not sent over IPC and its not saved on disk.

For everyone's sanity I'd like to make the principal on the ServiceWorkerRegistration never have any CSP.  This patch does this by sanitizing the principal used to create the ServiceWorkerRegistration.
Attachment #8836096 - Flags: review?(amarchesini)
Comment on attachment 8836108 [details] [diff] [review]
P1 ServiceWorker should not inherit CSP from registration principal. r=baku

Now that we don't have any CSP in the principal there is no need to initially set the CSP on ServiceWorker spawn.  Instead we assert that there is no CSP to inherit and set our policy attributes to the default.

Note, inheriting here was always wrong.  Any value here was effectively overwritten later by the changed introduced in bug 1223647.

This patch just tries to make it more clear what is actually happening.
Attachment #8836108 - Flags: review?(amarchesini)
Comment on attachment 8836110 [details] [diff] [review]
P2 Improve ServiceWorker asserts and verify load principal does not inherit CSP. r=baku

This patch verifies that the principal coming out of the Cache API for the service worker does not have any CSP.
Attachment #8836110 - Flags: review?(amarchesini)
Comment on attachment 8836111 [details] [diff] [review]
P3 Factor out code to set WorkerPrivate CSP from headers. r=baku

This is a refactor patch.  It moves the code that sets the CSP based on headers into a separate method.  A later patch in this bug will call this method from an additional location.
Attachment #8836111 - Flags: review?(amarchesini)
Comment on attachment 8836112 [details] [diff] [review]
P4 Apply CSP headers to ServiceWorker when loading offlined script. r=baku

This patch calls the factored out method to set CSP based on headers when we read the service worker script out of the Cache API.

At this point in the patch queue, though, this is a no-op.  We don't store any headers in the Cache API yet so this will never find any CSP values.  The following patches fix this problem.
Attachment #8836112 - Flags: review?(amarchesini)
Comment on attachment 8836174 [details] [diff] [review]
P5 Move code to fill InternalHeaders from an nsIChannel response into utility method. r=baku

Factor out the code that copies nsIChannel response headers into an InternalHeaders object.
Attachment #8836174 - Flags: review?(amarchesini)
Comment on attachment 8836175 [details] [diff] [review]
P6 Persist response headers for offlined service worker scripts. r=baku

Store the response headers for each offlined service worker script in Cache API.  We technically only really need this for the main script, but for completeness we store the headers for importScripts() as well.
Attachment #8836175 - Flags: review?(amarchesini)
Comment on attachment 8836176 [details] [diff] [review]
P7 Update WPT test expectations now that CSP is applied in service workers. r=baku

Finally, update the WPT expectations now that we pass most of the service-worker-csp* tests.  We still fail the script-src test because of bug 1322111.
Attachment #8836176 - Flags: review?(amarchesini)
Blocks: 1337522
Comment on attachment 8836096 [details] [diff] [review]
P0 Sanitize the nsIPrincipal used to register a service worker to ensure CSP is not persisted. r=baku

This is not adequate.  We also need to sanitize the principal passed to ServiceWorkerUpdateJob.
Attachment #8836096 - Flags: review?(amarchesini)
Comment on attachment 8836096 [details] [diff] [review]
P0 Sanitize the nsIPrincipal used to register a service worker to ensure CSP is not persisted. r=baku

Actually, this patch is good.  See comment 24 for the description.

I'll write a new patch to use the registration principal in updates.
Attachment #8836096 - Flags: review?(amarchesini)
This patch ensures we use the sanitized registration principal when triggering update jobs.

https://treeherder.mozilla.org/#/jobs?repo=try&revision=96cb3cb6a6a38f20c200a1c3128373767ebb70f7
Attachment #8836237 - Flags: review?(amarchesini)
This still fails locally.  Lets see what try says over the weekend.
Comment on attachment 8836237 [details] [diff] [review]
P8 Ensure the ServiceWorkerRegistrationInfo principal is used in ServiceWorkerUpdateJob. r=baku

I don't think this patch makes sense at the moment.
Attachment #8836237 - Attachment is obsolete: true
Attachment #8836237 - Flags: review?(amarchesini)
(In reply to Ben Kelly [:bkelly] from comment #35)
> This still fails locally.  Lets see what try says over the weekend.

The patches here work.  The problem is introduced when I add bug 1337522.  I'll fix it over there.  So leaving review flags here.
Attachment #8836108 - Flags: review?(amarchesini) → review+
Attachment #8836110 - Flags: review?(amarchesini) → review+
Attachment #8836111 - Flags: review?(amarchesini) → review+
Attachment #8836112 - Flags: review?(amarchesini) → review+
Comment on attachment 8836174 [details] [diff] [review]
P5 Move code to fill InternalHeaders from an nsIChannel response into utility method. r=baku

Review of attachment 8836174 [details] [diff] [review]:
-----------------------------------------------------------------

::: dom/fetch/InternalHeaders.cpp
@@ +316,5 @@
>  }
>  
> +namespace {
> +
> +class FillHeaders final : public nsIHttpHeaderVisitor {

{ in a new line

@@ +317,5 @@
>  
> +namespace {
> +
> +class FillHeaders final : public nsIHttpHeaderVisitor {
> +  InternalHeaders* mInternalHeaders;

comment why it's OK to have a raw pointer.

@@ +319,5 @@
> +
> +class FillHeaders final : public nsIHttpHeaderVisitor {
> +  InternalHeaders* mInternalHeaders;
> +
> +  ~FillHeaders()

= default;

@@ +331,5 @@
> +  {
> +  }
> +
> +  NS_IMETHOD
> +  VisitHeader(const nsACString & aHeader, const nsACString & aValue) override

no space before &
Attachment #8836174 - Flags: review?(amarchesini) → review+
Attachment #8836175 - Flags: review?(amarchesini) → review+
Attachment #8836176 - Flags: review?(amarchesini) → review+
Attachment #8836096 - Flags: review?(amarchesini) → review+
(In reply to Andrea Marchesini [:baku] from comment #38)
> > +namespace {
> > +
> > +class FillHeaders final : public nsIHttpHeaderVisitor {
> > +  InternalHeaders* mInternalHeaders;
> 
> comment why it's OK to have a raw pointer.

I'm just going to make this a strong RefPtr<>.  I don't think the micro-optimization is worth the unsafe pointer risk.
Updated patch.

Unfortunately I need to wait to land this until bug 1338304 is fixed.  (Or I could change around the test expectations again.)
Attachment #8836174 - Attachment is obsolete: true
Attachment #8836742 - Flags: review+
I'm going to update the test expectations so I can land this separately from bug 1338304.
No longer depends on: 1338304
Attachment #8836742 - Attachment description: bug1337543_p5_internalresponseheader.patch → P5 Move code to fill InternalHeaders from an nsIChannel response into utility method. r=baku
Pushed by bkelly@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/f4f59e7c1be7
P1 ServiceWorker should not inherit CSP from registration principal. r=baku
https://hg.mozilla.org/integration/mozilla-inbound/rev/2f2511d69d2e
P2 Improve ServiceWorker asserts and verify load principal does not inherit CSP. r=baku
https://hg.mozilla.org/integration/mozilla-inbound/rev/c0157164852c
P3 Factor out code to set WorkerPrivate CSP from headers. r=baku
https://hg.mozilla.org/integration/mozilla-inbound/rev/9e09a36b7c0c
P4 Apply CSP headers to ServiceWorker when loading offlined script. r=baku
https://hg.mozilla.org/integration/mozilla-inbound/rev/a8b7ae2ed577
P5 Move code to fill InternalHeaders from an nsIChannel response into utility method. r=baku
https://hg.mozilla.org/integration/mozilla-inbound/rev/901f0df29f8f
P6 Persist response headers for offlined service worker scripts. r=baku
https://hg.mozilla.org/integration/mozilla-inbound/rev/7508565a3a0d
P7 Update WPT test expectations now that CSP is applied in service workers. r=baku
Backed out for crashing in various mochitest and web-platform-tests, e.g. dom/security/test/csp/test_child-src_worker.html:

https://hg.mozilla.org/integration/mozilla-inbound/rev/b7e8623021571bb3ad198c77a1ca88df7a2de46e
https://hg.mozilla.org/integration/mozilla-inbound/rev/f1dbf0447becd4026c2372322056bda6faf5eef6
https://hg.mozilla.org/integration/mozilla-inbound/rev/7223c6e6425f77423d9ab13281fd4d7c7827567e
https://hg.mozilla.org/integration/mozilla-inbound/rev/34a69397de640dad159f81df1162331d3ed7b579
https://hg.mozilla.org/integration/mozilla-inbound/rev/d013f110b38b722c813e2341a4a31e3b1dfc06c6
https://hg.mozilla.org/integration/mozilla-inbound/rev/4c1d8f705b895067e21ccbcc642b6a25b78fa58a
https://hg.mozilla.org/integration/mozilla-inbound/rev/42281502db161db857e623a98490392ee9ee184d


Push with failures (ignore the stylo M(s)): https://treeherder.mozilla.org/#/jobs?repo=mozilla-inbound&revision=7508565a3a0d68847635408d7e6efc81b85446eb&filter-resultStatus=testfailed&filter-resultStatus=busted&filter-resultStatus=exception&filter-resultStatus=retry&filter-resultStatus=usercancel&filter-resultStatus=runnable

They all seem to crash at [@ mozilla::dom::workers::ServiceWorkerPrivate::SpawnWorkerIfNeeded]

Failure log: https://treeherder.mozilla.org/logviewer.html#?job_id=76887145&repo=mozilla-inbound

[task 2017-02-13T17:45:36.318361Z] 17:45:36     INFO - TEST-START | /content-security-policy/worker-src/service-list.https.sub.html
[task 2017-02-13T17:45:36.577693Z] 17:45:36     INFO - PROCESS | 876 | ExceptionHandler::GenerateDump cloned child 1299
[task 2017-02-13T17:45:36.578378Z] 17:45:36     INFO - PROCESS | 876 | ExceptionHandler::SendContinueSignalToChild sent continue signal to child
[task 2017-02-13T17:45:36.578493Z] 17:45:36     INFO - PROCESS | 876 | ExceptionHandler::WaitForContinueSignal waiting for continue signal...
[task 2017-02-13T17:45:36.834786Z] 17:45:36     INFO - mozcrash Downloading symbols from: https://queue.taskcluster.net/v1/task/Xvp9DGDcRCuGgqwlrxecRw/artifacts/public/build/target.crashreporter-symbols.zip
[task 2017-02-13T17:45:41.513133Z] 17:45:41     INFO - mozcrash Copy/paste: /usr/local/bin/linux64-minidump_stackwalk /tmp/tmpMwNa9b.mozrunner/minidumps/5bc1340b-2aed-1212-77efc169-4fdbd14c.dmp /tmp/tmpdJfzpq
[task 2017-02-13T17:45:47.542216Z] 17:45:47     INFO - mozcrash Saved minidump as /home/worker/workspace/build/blobber_upload_dir/5bc1340b-2aed-1212-77efc169-4fdbd14c.dmp
[task 2017-02-13T17:45:47.542331Z] 17:45:47     INFO - mozcrash Saved app info as /home/worker/workspace/build/blobber_upload_dir/5bc1340b-2aed-1212-77efc169-4fdbd14c.extra
[task 2017-02-13T17:45:47.987159Z] 17:45:47     INFO - PROCESS-CRASH | /content-security-policy/worker-src/service-list.https.sub.html | application crashed [@ mozilla::dom::workers::ServiceWorkerPrivate::SpawnWorkerIfNeeded]
[task 2017-02-13T17:45:47.987415Z] 17:45:47     INFO - Crash dump filename: /tmp/tmpMwNa9b.mozrunner/minidumps/5bc1340b-2aed-1212-77efc169-4fdbd14c.dmp
[task 2017-02-13T17:45:47.987631Z] 17:45:47     INFO - Operating system: Linux
[task 2017-02-13T17:45:47.987912Z] 17:45:47     INFO -                   0.0.0 Linux 3.13.0-107-generic #154-Ubuntu SMP Tue Dec 20 09:57:27 UTC 2016 x86_64
[task 2017-02-13T17:45:47.988127Z] 17:45:47     INFO - CPU: x86
[task 2017-02-13T17:45:47.988591Z] 17:45:47     INFO -      GenuineIntel family 6 model 62 stepping 4
[task 2017-02-13T17:45:47.988950Z] 17:45:47     INFO -      4 CPUs
[task 2017-02-13T17:45:47.989506Z] 17:45:47     INFO - 
[task 2017-02-13T17:45:47.989893Z] 17:45:47     INFO - GPU: UNKNOWN
[task 2017-02-13T17:45:47.990123Z] 17:45:47     INFO - 
[task 2017-02-13T17:45:47.990427Z] 17:45:47     INFO - Crash reason:  SIGSEGV
[task 2017-02-13T17:45:47.990813Z] 17:45:47     INFO - Crash address: 0x0
[task 2017-02-13T17:45:47.991167Z] 17:45:47     INFO - Process uptime: not available
[task 2017-02-13T17:45:47.991518Z] 17:45:47     INFO - 
[task 2017-02-13T17:45:47.991861Z] 17:45:47     INFO - Thread 0 (crashed)
[task 2017-02-13T17:45:47.992285Z] 17:45:47     INFO -  0  libxul.so!mozilla::dom::workers::ServiceWorkerPrivate::SpawnWorkerIfNeeded [ServiceWorkerPrivate.cpp:7508565a3a0d : 1756 + 0x0]
[task 2017-02-13T17:45:47.992612Z] 17:45:47     INFO -     eip = 0xf2f67f7e   esp = 0xfff8e780   ebp = 0xfff8e938   ebx = 0xf56be484
[task 2017-02-13T17:45:47.992948Z] 17:45:47     INFO -     esi = 0xcf987580   edi = 0xce6e5060   eax = 0x08066c1c   ecx = 0xd16e9b64
[task 2017-02-13T17:45:47.993348Z] 17:45:47     INFO -     edx = 0xf4725adf   efl = 0x00010286
[task 2017-02-13T17:45:47.993690Z] 17:45:47     INFO -     Found by: given as instruction pointer in context
[task 2017-02-13T17:45:47.994029Z] 17:45:47     INFO -  1  libxul.so!mozilla::dom::workers::ServiceWorkerPrivate::CheckScriptEvaluation [ServiceWorkerPrivate.cpp:7508565a3a0d : 186 + 0xc]
[task 2017-02-13T17:45:47.994398Z] 17:45:47     INFO -     eip = 0xf2f6812d   esp = 0xfff8e940   ebp = 0xfff8e988   ebx = 0xf56be484
[task 2017-02-13T17:45:47.994938Z] 17:45:47     INFO -     esi = 0xfff8eb0c   edi = 0xcf987580
[task 2017-02-13T17:45:47.995296Z] 17:45:47     INFO -     Found by: call frame info
[task 2017-02-13T17:45:47.995762Z] 17:45:47     INFO -  2  libxul.so!mozilla::dom::workers::ServiceWorkerUpdateJob::ComparisonResult [ServiceWorkerUpdateJob.cpp:7508565a3a0d : 452 + 0xf]
[task 2017-02-13T17:45:47.996134Z] 17:45:47     INFO -     eip = 0xf2f6bef2   esp = 0xfff8e990   ebp = 0xfff8ebb8   ebx = 0xf56be484
[task 2017-02-13T17:45:47.996666Z] 17:45:47     INFO -     esi = 0xfff8eb0c   edi = 0xcdda8b50
[task 2017-02-13T17:45:47.996909Z] 17:45:47     INFO -     Found by: call frame info
[task 2017-02-13T17:45:47.997381Z] 17:45:47     INFO -  3  libxul.so!CompareManager::ResolvedCallback [ServiceWorkerScriptCache.cpp:7508565a3a0d : 414 + 0x14]
[task 2017-02-13T17:45:47.997920Z] 17:45:47     INFO -     eip = 0xf2f6f5b4   esp = 0xfff8ebc0   ebp = 0xfff8ebf8   ebx = 0xf56be484
[task 2017-02-13T17:45:47.998382Z] 17:45:47     INFO -     esi = 0xcf7f26f0   edi = 0xce6545f0
[task 2017-02-13T17:45:47.998692Z] 17:45:47     INFO -     Found by: call frame info
[task 2017-02-13T17:45:47.999215Z] 17:45:47     INFO -  4  libxul.so!PromiseNativeHandlerShim::ResolvedCallback [Promise.cpp:7508565a3a0d : 373 + 0xc]
[task 2017-02-13T17:45:47.999602Z] 17:45:47     INFO -     eip = 0xf2f8c125   esp = 0xfff8ec00   ebp = 0xfff8ec18   ebx = 0xf56be484
[task 2017-02-13T17:45:47.999999Z] 17:45:47     INFO -     esi = 0xcf7f26f0   edi = 0xffffff81
[task 2017-02-13T17:45:48.000346Z] 17:45:48     INFO -     Found by: call frame info
[task 2017-02-13T17:45:48.000937Z] 17:45:48     INFO -  5  libxul.so!mozilla::dom::NativeHandlerCallback [Promise.cpp:7508565a3a0d : 325 + 0x6]
[task 2017-02-13T17:45:48.001045Z] 17:45:48     INFO -     eip = 0xf2f8a3a6   esp = 0xfff8ec20   ebp = 0xfff8ec68   ebx = 0xf56be484
[task 2017-02-13T17:45:48.001267Z] 17:45:48     INFO -     esi = 0xf7169000   edi = 0xffffff81
[task 2017-02-13T17:45:48.001584Z] 17:45:48     INFO -     Found by: call frame info
[task 2017-02-13T17:45:48.001916Z] 17:45:48     INFO -  6  libxul.so!js::InternalCallOrConstruct [jscntxtinlines.h:7508565a3a0d : 281 + 0x10]
[task 2017-02-13T17:45:48.002215Z] 17:45:48     INFO -     eip = 0xf3d19e70   esp = 0xfff8ec70   ebp = 0xfff8ed08   ebx = 0xf56be484
[task 2017-02-13T17:45:48.002499Z] 17:45:48     INFO -     esi = 0xfff8ee28   edi = 0xf7169000
[task 2017-02-13T17:45:48.002768Z] 17:45:48     INFO -     Found by: call frame info
[task 2017-02-13T17:45:48.003053Z] 17:45:48     INFO -  7  libxul.so!InternalCall [Interpreter.cpp:7508565a3a0d : 505 + 0x15]
[task 2017-02-13T17:45:48.003338Z] 17:45:48     INFO -     eip = 0xf3d1a40a   esp = 0xfff8ed10   ebp = 0xfff8ed48   ebx = 0xf56be484
[task 2017-02-13T17:45:48.003608Z] 17:45:48     INFO -     esi = 0xfff8ee08   edi = 0xfff8ee08
[task 2017-02-13T17:45:48.003872Z] 17:45:48     INFO -     Found by: call frame info
[task 2017-02-13T17:45:48.004148Z] 17:45:48     INFO -  8  libxul.so!js::Call [Interpreter.cpp:7508565a3a0d : 524 + 0x8]
[task 2017-02-13T17:45:48.004432Z] 17:45:48     INFO -     eip = 0xf3d1a4d9   esp = 0xfff8ed50   ebp = 0xfff8ed58   ebx = 0xf56be484
[task 2017-02-13T17:45:48.004702Z] 17:45:48     INFO -     esi = 0xfff8ee08   edi = 0xfff8ee08
[task 2017-02-13T17:45:48.004966Z] 17:45:48     INFO -     Found by: call frame info
[task 2017-02-13T17:45:48.005244Z] 17:45:48     INFO -  9  libxul.so!PromiseReactionJob [Promise.cpp:7508565a3a0d : 902 + 0x5]
[task 2017-02-13T17:45:48.005524Z] 17:45:48     INFO -     eip = 0xf3d9333d   esp = 0xfff8ed60   ebp = 0xfff8ee58   ebx = 0xf56be484
[task 2017-02-13T17:45:48.005895Z] 17:45:48     INFO -     esi = 0xf7169000   edi = 0xfff8ee08
[task 2017-02-13T17:45:48.006167Z] 17:45:48     INFO -     Found by: call frame info
[task 2017-02-13T17:45:48.006420Z] 17:45:48     INFO - 10  libxul.so!js::InternalCallOrConstruct [jscntxtinlines.h:7508565a3a0d : 281 + 0x10]
[task 2017-02-13T17:45:48.006877Z] 17:45:48     INFO -     eip = 0xf3d19e70   esp = 0xfff8ee60   ebp = 0xfff8eef8   ebx = 0xf56be484
[task 2017-02-13T17:45:48.007151Z] 17:45:48     INFO -     esi = 0xfff8f000   edi = 0xf7169000
[task 2017-02-13T17:45:48.007454Z] 17:45:48     INFO -     Found by: call frame info
[task 2017-02-13T17:45:48.007786Z] 17:45:48     INFO - 11  libxul.so!InternalCall [Interpreter.cpp:7508565a3a0d : 505 + 0x15]
[task 2017-02-13T17:45:48.007972Z] 17:45:48     INFO -     eip = 0xf3d1a40a   esp = 0xfff8ef00   ebp = 0xfff8ef38   ebx = 0xf56be484
[task 2017-02-13T17:45:48.008289Z] 17:45:48     INFO -     esi = 0xfff8efd0   edi = 0x00000002
[task 2017-02-13T17:45:48.008513Z] 17:45:48     INFO -     Found by: call frame info
[task 2017-02-13T17:45:48.008870Z] 17:45:48     INFO - 12  libxul.so!js::Call [Interpreter.cpp:7508565a3a0d : 524 + 0x8]
[task 2017-02-13T17:45:48.009037Z] 17:45:48     INFO -     eip = 0xf3d1a4d9   esp = 0xfff8ef40   ebp = 0xfff8ef48   ebx = 0xf56be484
[task 2017-02-13T17:45:48.009300Z] 17:45:48     INFO -     esi = 0xfff8efd0   edi = 0x00000002
[task 2017-02-13T17:45:48.009661Z] 17:45:48     INFO -     Found by: call frame info
[task 2017-02-13T17:45:48.009891Z] 17:45:48     INFO - 13  libxul.so!JS::Call [jsapi.cpp:7508565a3a0d : 2866 + 0x2a]
[task 2017-02-13T17:45:48.010300Z] 17:45:48     INFO -     eip = 0xf400dcdb   esp = 0xfff8ef50   ebp = 0xfff8f058   ebx = 0xf56be484
[task 2017-02-13T17:45:48.010494Z] 17:45:48     INFO -     esi = 0xfff8f098   edi = 0x00000002
[task 2017-02-13T17:45:48.010768Z] 17:45:48     INFO -     Found by: call frame info
[task 2017-02-13T17:45:48.011242Z] 17:45:48     INFO - 14  libxul.so!mozilla::dom::PromiseJobCallback::Call [PromiseBinding.cpp:7508565a3a0d : 22 + 0x5]
[task 2017-02-13T17:45:48.011384Z] 17:45:48     INFO -     eip = 0xf27c2e1e   esp = 0xfff8f060   ebp = 0xfff8f0c8   ebx = 0xf56be484
[task 2017-02-13T17:45:48.011701Z] 17:45:48     INFO -     esi = 0xfff8f0b0   edi = 0xfff8f098
[task 2017-02-13T17:45:48.011876Z] 17:45:48     INFO -     Found by: call frame info
[task 2017-02-13T17:45:48.012180Z] 17:45:48     INFO - 15  libxul.so!PromiseJobRunnable::Run [PromiseBinding.h:7508565a3a0d : 89 + 0x14]
[task 2017-02-13T17:45:48.012465Z] 17:45:48     INFO -     eip = 0xf1ce24aa   esp = 0xfff8f0d0   ebp = 0xfff8f1e8   ebx = 0xf56be484
[task 2017-02-13T17:45:48.012798Z] 17:45:48     INFO -     esi = 0xfff8f0f8   edi = 0xfff8f10c
[task 2017-02-13T17:45:48.013019Z] 17:45:48     INFO -     Found by: call frame info
[task 2017-02-13T17:45:48.013480Z] 17:45:48     INFO - 16  libxul.so!mozilla::dom::Promise::PerformMicroTaskCheckpoint [Promise.cpp:7508565a3a0d : 556 + 0x8]
[task 2017-02-13T17:45:48.013664Z] 17:45:48     INFO -     eip = 0xf2f8b919   esp = 0xfff8f1f0   ebp = 0xfff8f258   ebx = 0xf56be484
[task 2017-02-13T17:45:48.013923Z] 17:45:48     INFO -     esi = 0xfff8f218   edi = 0xeb1c0804
[task 2017-02-13T17:45:48.014147Z] 17:45:48     INFO -     Found by: call frame info
[task 2017-02-13T17:45:48.014512Z] 17:45:48     INFO - 17  libxul.so!mozilla::CycleCollectedJSContext::AfterProcessTask [CycleCollectedJSContext.cpp:7508565a3a0d : 1414 + 0x5]
[task 2017-02-13T17:45:48.014685Z] 17:45:48     INFO -     eip = 0xf1ce763a   esp = 0xfff8f260   ebp = 0xfff8f268   ebx = 0xf56be484
[task 2017-02-13T17:45:48.015093Z] 17:45:48     INFO -     esi = 0xeb1c0800   edi = 0x00000001
[task 2017-02-13T17:45:48.015258Z] 17:45:48     INFO -     Found by: call frame info
[task 2017-02-13T17:45:48.015509Z] 17:45:48     INFO - 18  libxul.so!XPCJSContext::AfterProcessTask [XPCJSContext.cpp:7508565a3a0d : 3631 + 0x9]
[task 2017-02-13T17:45:48.015732Z] 17:45:48     INFO -     eip = 0xf2284d06   esp = 0xfff8f270   ebp = 0xfff8f288   ebx = 0xf56be484
[task 2017-02-13T17:45:48.016061Z] 17:45:48     INFO -     esi = 0xeb1c0800   edi = 0x00000001
[task 2017-02-13T17:45:48.016473Z] 17:45:48     INFO -     Found by: call frame info
[task 2017-02-13T17:45:48.016802Z] 17:45:48     INFO - 19  libxul.so!nsThread::ProcessNextEvent [nsThread.cpp:7508565a3a0d : 1277 + 0xb]
[task 2017-02-13T17:45:48.017028Z] 17:45:48     INFO -     eip = 0xf1d3239d   esp = 0xfff8f290   ebp = 0xfff8f308   ebx = 0xf56be484
[task 2017-02-13T17:45:48.017536Z] 17:45:48     INFO -     esi = 0xf71345c0   edi = 0x00000000
[task 2017-02-13T17:45:48.017740Z] 17:45:48     INFO -     Found by: call frame info
[task 2017-02-13T17:45:48.018232Z] 17:45:48     INFO - 20  libxul.so!NS_ProcessNextEvent [nsThreadUtils.cpp:7508565a3a0d : 389 + 0x10]
[task 2017-02-13T17:45:48.018424Z] 17:45:48     INFO -     eip = 0xf1d32d7a   esp = 0xfff8f310   ebp = 0xfff8f348   ebx = 0xf56be484
[task 2017-02-13T17:45:48.018516Z] 17:45:48     INFO -     esi = 0xf71f0070   edi = 0xf71238a0
[task 2017-02-13T17:45:48.018786Z] 17:45:48     INFO -     Found by: call frame info
[task 2017-02-13T17:45:48.019284Z] 17:45:48     INFO - 21  libxul.so!mozilla::ipc::MessagePump::Run [MessagePump.cpp:7508565a3a0d : 124 + 0xc]
[task 2017-02-13T17:45:48.019533Z] 17:45:48     INFO -     eip = 0xf2017cbb   esp = 0xfff8f350   ebp = 0xfff8f398   ebx = 0xf56be484
[task 2017-02-13T17:45:48.019851Z] 17:45:48     INFO -     esi = 0xf71f0070   edi = 0xf71238a0
[task 2017-02-13T17:45:48.020010Z] 17:45:48     INFO -     Found by: call frame info
[task 2017-02-13T17:45:48.020234Z] 17:45:48     INFO - 22  libxul.so!MessageLoop::RunInternal [message_loop.cc:7508565a3a0d : 238 + 0x6]
[task 2017-02-13T17:45:48.020614Z] 17:45:48     INFO -     eip = 0xf20025a8   esp = 0xfff8f3a0   ebp = 0xfff8f3b8   ebx = 0xf56be484
[task 2017-02-13T17:45:48.020862Z] 17:45:48     INFO -     esi = 0xf71238a0   edi = 0xf71345c0
[task 2017-02-13T17:45:48.021155Z] 17:45:48     INFO -     Found by: call frame info
[task 2017-02-13T17:45:48.021464Z] 17:45:48     INFO - 23  libxul.so!MessageLoop::Run [message_loop.cc:7508565a3a0d : 231 + 0x7]
[task 2017-02-13T17:45:48.021768Z] 17:45:48     INFO -     eip = 0xf20026a1   esp = 0xfff8f3c0   ebp = 0xfff8f3e8   ebx = 0xf56be484
[task 2017-02-13T17:45:48.022027Z] 17:45:48     INFO -     esi = 0xf71238a0   edi = 0xf71345c0
[task 2017-02-13T17:45:48.022352Z] 17:45:48     INFO -     Found by: call frame info
[task 2017-02-13T17:45:48.022791Z] 17:45:48     INFO - 24  libxul.so!nsBaseAppShell::Run [nsBaseAppShell.cpp:7508565a3a0d : 156 + 0xe]
[task 2017-02-13T17:45:48.023127Z] 17:45:48     INFO -     eip = 0xf308c846   esp = 0xfff8f3f0   ebp = 0xfff8f408   ebx = 0xf56be484
[task 2017-02-13T17:45:48.023544Z] 17:45:48     INFO -     esi = 0xe5106790   edi = 0xf71345c0
[task 2017-02-13T17:45:48.023840Z] 17:45:48     INFO -     Found by: call frame info
[task 2017-02-13T17:45:48.024468Z] 17:45:48     INFO - 25  libxul.so!nsAppStartup::Run [nsAppStartup.cpp:7508565a3a0d : 283 + 0x6]
[task 2017-02-13T17:45:48.024843Z] 17:45:48     INFO -     eip = 0xf3b95f15   esp = 0xfff8f410   ebp = 0xfff8f428   ebx = 0xf56be484
[task 2017-02-13T17:45:48.025225Z] 17:45:48     INFO -     esi = 0xe5107370   edi = 0x00000077
[task 2017-02-13T17:45:48.025533Z] 17:45:48     INFO -     Found by: call frame info
[task 2017-02-13T17:45:48.025940Z] 17:45:48     INFO - 26  libxul.so!XREMain::XRE_mainRun [nsAppRunner.cpp:7508565a3a0d : 4458 + 0x8]
[task 2017-02-13T17:45:48.026277Z] 17:45:48     INFO -     eip = 0xf3bf144f   esp = 0xfff8f430   ebp = 0xfff8f528   ebx = 0xf56be484
[task 2017-02-13T17:45:48.026678Z] 17:45:48     INFO -     esi = 0xfff8f49c   edi = 0x00000077
[task 2017-02-13T17:45:48.026860Z] 17:45:48     INFO -     Found by: call frame info
[task 2017-02-13T17:45:48.027205Z] 17:45:48     INFO - 27  libxul.so!XREMain::XRE_main [nsAppRunner.cpp:7508565a3a0d : 4635 + 0x9]
[task 2017-02-13T17:45:48.027558Z] 17:45:48     INFO -     eip = 0xf3bf1a1a   esp = 0xfff8f530   ebp = 0xfff8f588   ebx = 0xf56be484
[task 2017-02-13T17:45:48.027860Z] 17:45:48     INFO -     esi = 0xfff8f5c0   edi = 0x00000000
[task 2017-02-13T17:45:48.028061Z] 17:45:48     INFO -     Found by: call frame info
[task 2017-02-13T17:45:48.028317Z] 17:45:48     INFO - 28  libxul.so!XRE_main [nsAppRunner.cpp:7508565a3a0d : 4726 + 0x6]
[task 2017-02-13T17:45:48.028639Z] 17:45:48     INFO -     eip = 0xf3bf1c47   esp = 0xfff8f590   ebp = 0xfff8f6e8   ebx = 0x08066970
[task 2017-02-13T17:45:48.028942Z] 17:45:48     INFO -     esi = 0xfff8f5c0   edi = 0xfff90824
[task 2017-02-13T17:45:48.029250Z] 17:45:48     INFO -     Found by: call frame info
[task 2017-02-13T17:45:48.029485Z] 17:45:48     INFO - 29  firefox!do_main [nsBrowserApp.cpp:7508565a3a0d : 234 + 0xf]
[task 2017-02-13T17:45:48.029764Z] 17:45:48     INFO -     eip = 0x0804cce8   esp = 0xfff8f6f0   ebp = 0xfff90728   ebx = 0x08066970
[task 2017-02-13T17:45:48.030035Z] 17:45:48     INFO -     esi = 0x00000005   edi = 0xfff90824
[task 2017-02-13T17:45:48.030329Z] 17:45:48     INFO -     Found by: call frame info
[task 2017-02-13T17:45:48.030609Z] 17:45:48     INFO - 30  firefox!main [nsBrowserApp.cpp:7508565a3a0d : 305 + 0xd]
[task 2017-02-13T17:45:48.030911Z] 17:45:48     INFO -     eip = 0x0804c4dc   esp = 0xfff90730   ebp = 0xfff90778   ebx = 0x08066970
[task 2017-02-13T17:45:48.031116Z] 17:45:48     INFO -     esi = 0xfff90824   edi = 0x00000005
[task 2017-02-13T17:45:48.031379Z] 17:45:48     INFO -     Found by: call frame info
[task 2017-02-13T17:45:48.031622Z] 17:45:48     INFO - 31  libc-2.23.so + 0x18637
[task 2017-02-13T17:45:48.031828Z] 17:45:48     INFO -     eip = 0xf73d8637   esp = 0xfff90780   ebp = 0x00000000
[task 2017-02-13T17:45:48.032117Z] 17:45:48     INFO -     Found by: previous frame's frame pointer
[task 2017-02-13T17:45:48.032432Z] 17:45:48     INFO - 32  libc-2.23.so + 0x1b2000
[task 2017-02-13T17:45:48.032617Z] 17:45:48     INFO -     eip = 0xf7572000   esp = 0xfff90784   ebp = 0x00000000
[task 2017-02-13T17:45:48.032858Z] 17:45:48     INFO -     Found by: stack scanning
[task 2017-02-13T17:45:48.033099Z] 17:45:48     INFO - 33  libc-2.23.so + 0x1b2000
[task 2017-02-13T17:45:48.033361Z] 17:45:48     INFO -     eip = 0xf7572000   esp = 0xfff90788   ebp = 0x00000000
[task 2017-02-13T17:45:48.033603Z] 17:45:48     INFO -     Found by: stack scanning
[task 2017-02-13T17:45:48.033871Z] 17:45:48     INFO - 34  libc-2.23.so + 0x18637
[task 2017-02-13T17:45:48.034165Z] 17:45:48     INFO -     eip = 0xf73d8637   esp = 0xfff90790   ebp = 0x00000000
[task 2017-02-13T17:45:48.034380Z] 17:45:48     INFO -     Found by: stack scanning
[task 2017-02-13T17:45:48.034612Z] 17:45:48     INFO - 35  libc-2.23.so + 0x1b2000
[task 2017-02-13T17:45:48.034888Z] 17:45:48     INFO -     eip = 0xf7572000   esp = 0xfff907ac   ebp = 0x00000000
[task 2017-02-13T17:45:48.035229Z] 17:45:48     INFO -     Found by: stack scanning
[task 2017-02-13T17:45:48.035422Z] 17:45:48     INFO - 36  libc-2.23.so + 0x1b2000
[task 2017-02-13T17:45:48.035705Z] 17:45:48     INFO -     eip = 0xf7572000   esp = 0xfff907bc   ebp = 0x00000000
[task 2017-02-13T17:45:48.035922Z] 17:45:48     INFO -     Found by: stack scanning
[task 2017-02-13T17:45:48.036176Z] 17:45:48     INFO - 37  libc-2.23.so + 0x1b2000
[task 2017-02-13T17:45:48.036431Z] 17:45:48     INFO -     eip = 0xf7572000   esp = 0xfff907c0   ebp = 0x00000000
[task 2017-02-13T17:45:48.036668Z] 17:45:48     INFO -     Found by: stack scanning
[task 2017-02-13T17:45:48.037181Z] 17:45:48     INFO - 38  libxul.so!mozilla::dom::nsSVGOrientType::DOMAnimatedEnum::SetBaseVal [ErrorResult.h:7508565a3a0d : 414 + 0x1]
[task 2017-02-13T17:45:48.037614Z] 17:45:48     INFO -     eip = 0xf2e549ad   esp = 0xfff907cc   ebp = 0x00000000
[task 2017-02-13T17:45:48.037729Z] 17:45:48     INFO -     Found by: stack scanning
[task 2017-02-13T17:45:48.038173Z] 17:45:48     INFO - 39  firefox + 0x4778
[task 2017-02-13T17:45:48.038359Z] 17:45:48     INFO -     eip = 0x0804c778   esp = 0xfff907e0   ebp = 0x00000000
[task 2017-02-13T17:45:48.038444Z] 17:45:48     INFO -     Found by: stack scanning
[task 2017-02-13T17:45:48.038614Z] 17:45:48     INFO - 40  ld-2.23.so + 0x14f10
[task 2017-02-13T17:45:48.038704Z] 17:45:48     INFO -     eip = 0xf77c4f10   esp = 0xfff907e8   ebp = 0x00000000
[task 2017-02-13T17:45:48.038862Z] 17:45:48     INFO -     Found by: stack scanning
[task 2017-02-13T17:45:48.039143Z] 17:45:48     INFO - 41  ld-2.23.so + 0xf780
[task 2017-02-13T17:45:48.039418Z] 17:45:48     INFO -     eip = 0xf77bf780   esp = 0xfff907ec   ebp = 0x00000000
[task 2017-02-13T17:45:48.039684Z] 17:45:48     INFO -     Found by: stack scanning
[task 2017-02-13T17:45:48.039945Z] 17:45:48     INFO - 42  firefox + 0x4778
[task 2017-02-13T17:45:48.040217Z] 17:45:48     INFO -     eip = 0x0804c778   esp = 0xfff907f8   ebp = 0x00000000
[task 2017-02-13T17:45:48.040481Z] 17:45:48     INFO -     Found by: stack scanning
[task 2017-02-13T17:45:48.040742Z] 17:45:48     INFO - 43  firefox!_start + 0x21
[task 2017-02-13T17:45:48.041014Z] 17:45:48     INFO -     eip = 0x0804c799   esp = 0xfff90800   ebp = 0x00000000
[task 2017-02-13T17:45:48.041277Z] 17:45:48     INFO -     Found by: stack scanning
[task 2017-02-13T17:45:48.041552Z] 17:45:48     INFO - 44  firefox!SSE2Check [nsBrowserApp.cpp:7508565a3a0d : 93 + 0x8]
[task 2017-02-13T17:45:48.041865Z] 17:45:48     INFO -     eip = 0x0804c447   esp = 0xfff90804   ebp = 0x00000000
[task 2017-02-13T17:45:48.042132Z] 17:45:48     INFO -     Found by: stack scanning
[task 2017-02-13T17:45:48.042397Z] 17:45:48     INFO - 45  firefox!__libc_csu_fini + 0x10
[task 2017-02-13T17:45:48.042670Z] 17:45:48     INFO -     eip = 0x0805ff80   esp = 0xfff90810   ebp = 0xfff90824
[task 2017-02-13T17:45:48.042934Z] 17:45:48     INFO -     Found by: stack scanning
[task 2017-02-13T17:45:48.043190Z] 17:45:48     INFO - 46  0xfff9281b
[task 2017-02-13T17:45:48.043461Z] 17:45:48     INFO -     eip = 0xfff9281b   esp = 0xfff9082c   ebp = 0xfff927e2
[task 2017-02-13T17:45:48.043729Z] 17:45:48     INFO -     Found by: previous frame's frame pointer
[task 2017-02-13T17:45:48.043986Z] 17:45:48     INFO - 47  0x6f772f65
[task 2017-02-13T17:45:48.044258Z] 17:45:48     INFO -     eip = 0x6f772f65   esp = 0xfff927ea   ebp = 0x6d6f682f
[task 2017-02-13T17:45:48.044526Z] 17:45:48     INFO -     Found by: previous frame's frame pointer
Flags: needinfo?(bkelly)
Sorry.  I guess this needs to land with the fixes in bug 1337522.
Flags: needinfo?(bkelly)
Bug 1338304 is r+'d, so I can land on top of it again.  Putting the P7 patch back to its original.
Depends on: 1338304
Pushed by bkelly@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/f2d6e4198d85
P0 Sanitize the nsIPrincipal used to register a service worker to ensure CSP is not persisted. r=baku
https://hg.mozilla.org/integration/mozilla-inbound/rev/786d2c5cba9c
P1 ServiceWorker should not inherit CSP from registration principal. r=baku
https://hg.mozilla.org/integration/mozilla-inbound/rev/c33d6a0b13dc
P2 Improve ServiceWorker asserts and verify load principal does not inherit CSP. r=baku
https://hg.mozilla.org/integration/mozilla-inbound/rev/09ed4ec4508c
P3 Factor out code to set WorkerPrivate CSP from headers. r=baku
https://hg.mozilla.org/integration/mozilla-inbound/rev/5ecd462326b0
P4 Apply CSP headers to ServiceWorker when loading offlined script. r=baku
https://hg.mozilla.org/integration/mozilla-inbound/rev/2ef8da9d1cfc
P5 Move code to fill InternalHeaders from an nsIChannel response into utility method. r=baku
https://hg.mozilla.org/integration/mozilla-inbound/rev/dcc19d02f21f
P6 Persist response headers for offlined service worker scripts. r=baku
https://hg.mozilla.org/integration/mozilla-inbound/rev/19fc833e0228
P7 Update WPT test expectations now that CSP is applied in service workers. r=baku
Depends on: 1339823
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: