Closed Bug 1331838 Opened 3 years ago Closed 3 years ago

Remove support for app URIs in CSP directives

Categories

(Core :: DOM: Security, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
mozilla53
Tracking Status
firefox53 --- fixed

People

(Reporter: ehsan, Assigned: ehsan)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

No description provided.
Attachment #8827719 - Flags: review?(ckerschb)
Assignee: nobody → ehsan
Blocks: nukeb2g
Comment on attachment 8827719 [details] [diff] [review]
Remove support for app URIs in CSP directives

Review of attachment 8827719 [details] [diff] [review]:
-----------------------------------------------------------------

I thought I had already written a patch like this a while ago but now I can't find it anymore. Either way, this code should go away - thanks for fixing Ehsan. r=me
Attachment #8827719 - Flags: review?(ckerschb) → review+
Pushed by eakhgari@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/8acb67f2e136
Remove support for app URIs in CSP directives; r=ckerschb
Backed out for failing GTest CSPParser.SimplePolicies:

https://hg.mozilla.org/integration/mozilla-inbound/rev/7715d62057e50fdafddeca167ecf2d1dbd79b35b

Push with failures: https://treeherder.mozilla.org/#/jobs?repo=mozilla-inbound&revision=2f86db66e8e44f993004c4f4853d0f51a94a381b
Failure log: https://treeherder.mozilla.org/logviewer.html#?job_id=69955534&repo=mozilla-inbound

[task 2017-01-18T14:55:39.728954Z] 14:55:39     INFO -  TEST-START | CSPParser.SimplePolicies
[task 2017-01-18T14:55:39.729272Z] 14:55:39  WARNING -  TEST-UNEXPECTED-FAIL | CSPParser.SimplePolicies | Value of: false
[task 2017-01-18T14:55:39.729761Z] 14:55:39     INFO -    Actual: false
[task 2017-01-18T14:55:39.730064Z] 14:55:39     INFO -  Expected: true
[task 2017-01-18T14:55:39.730424Z] 14:55:39     INFO -  Actual policy does not match expected policy (default-src 'none' != default-src app://{app-host-is-uid}) @ /home/worker/workspace/build/src/dom/security/test/gtest/TestCSPParser.cpp:160
[task 2017-01-18T14:55:39.730752Z] 14:55:39  WARNING -  TEST-UNEXPECTED-FAIL | CSPParser.SimplePolicies | Value of: NS_SUCCEEDED(runTestSuite(policies, policyCount, 1))
[task 2017-01-18T14:55:39.731128Z] 14:55:39     INFO -    Actual: false
[task 2017-01-18T14:55:39.731456Z] 14:55:39     INFO -  Expected: true @ /home/worker/workspace/build/src/dom/security/test/gtest/TestCSPParser.cpp:494
[task 2017-01-18T14:55:39.731821Z] 14:55:39  WARNING -  TEST-UNEXPECTED-FAIL | CSPParser.SimplePolicies | test completed (time: 1ms)
[task 2017-01-18T14:55:39.732227Z] 14:55:39     INFO -  TEST-START | CSPParser.PoliciesWithInvalidSrc
[task 2017-01-18T14:55:39.732534Z] 14:55:39     INFO -  TEST-PASS | CSPParser.PoliciesWithInvalidSrc | test completed (time: 1ms)
[task 2017-01-18T14:55:39.732867Z] 14:55:39     INFO -  TEST-START | CSPParser.BadPolicies
[task 2017-01-18T14:55:39.733199Z] 14:55:39     INFO -  TEST-PASS | CSPParser.BadPolicies | test completed (time: 0ms)
[task 2017-01-18T14:55:39.733534Z] 14:55:39     INFO -  TEST-START | CSPParser.GoodGeneratedPolicies
[task 2017-01-18T14:55:39.733849Z] 14:55:39  WARNING -  TEST-UNEXPECTED-FAIL | CSPParser.GoodGeneratedPolicies | Value of: false
[task 2017-01-18T14:55:39.734273Z] 14:55:39     INFO -    Actual: false
[task 2017-01-18T14:55:39.734571Z] 14:55:39     INFO -  Expected: true
[task 2017-01-18T14:55:39.735001Z] 14:55:39     INFO -  Actual policy does not match expected policy (default-src 'none' != default-src http://{app-url-is-uid}) @ /home/worker/workspace/build/src/dom/security/test/gtest/TestCSPParser.cpp:160
[task 2017-01-18T14:55:39.735355Z] 14:55:39  WARNING -  TEST-UNEXPECTED-FAIL | CSPParser.GoodGeneratedPolicies | Value of: NS_SUCCEEDED(runTestSuite(policies, policyCount, 1))
[task 2017-01-18T14:55:39.735725Z] 14:55:39     INFO -    Actual: false
[task 2017-01-18T14:55:39.736062Z] 14:55:39     INFO -  Expected: true @ /home/worker/workspace/build/src/dom/security/test/gtest/TestCSPParser.cpp:847
[task 2017-01-18T14:55:39.736388Z] 14:55:39  WARNING -  TEST-UNEXPECTED-FAIL | CSPParser.GoodGeneratedPolicies | test completed (time: 1ms)
Flags: needinfo?(ehsan)
Right...  I also need to remove the corresponding tests.
Flags: needinfo?(ehsan)
(In reply to :Ehsan Akhgari from comment #5)
> Right...  I also need to remove the corresponding tests.

Yeah, there are a few |{app-...| tests within TestCSPParser. I am still around for review.
Pushed by eakhgari@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/7040329487e9
Remove support for app URIs in CSP directives; r=ckerschb
Pushed by eakhgari@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/1f5a359e77c4
Backout changeset 7040329487e9 because it was the wrong patch
https://hg.mozilla.org/integration/mozilla-inbound/rev/fe7a8f94d0ad
Remove support for app URIs in CSP directives; r=ckerschb
https://hg.mozilla.org/mozilla-central/rev/fe7a8f94d0ad
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla53
You need to log in before you can comment on or make changes to this bug.