Closed Bug 1529068 Opened 9 months ago Closed 2 months ago

Implement CSP 'navigate-to' directive

Categories

(Core :: DOM: Security, enhancement, P3)

enhancement

Tracking

()

RESOLVED FIXED
mozilla71
Tracking Status
firefox71 --- fixed

People

(Reporter: dveditz, Assigned: beriksson)

References

(Depends on 2 open bugs, Blocks 2 open bugs, Regressed 1 open bug)

Details

(Keywords: dev-doc-needed, Whiteboard: [domsecurity-active])

Attachments

(1 file)

We need to implement the CSP3 'navigate-to' directive, which limits the targets of any navigation (<a>, <form>, window.open(), window.location, etc. (Note that if there is also a 'form-action' directive then that regulates <form>)

https://w3c.github.io/webappsec-csp/#directive-navigate-to

Priority: -- → P3
Whiteboard: [domsecurity-backlog3]
Assignee: nobody → beriksson
Status: NEW → ASSIGNED
Whiteboard: [domsecurity-backlog3] → [domsecurity-active]

Implementation of the navigate-to CSP directive as defined in CSP Level 3, https://www.w3.org/TR/CSP3/#directive-navigate-to

Hey snorp, is Android doing anything special for form-submissions? I mean other than desktop firefox? Within this patch we are setting a new flag on the loadinfo in case it's a form submission so we can discard the navigate-to directive in that case within CSP.

Any pointers for us would be helpful - we can't reason why that test would be failing on Android.

Flags: needinfo?(beriksson) → needinfo?(snorp)

(In reply to Christoph Kerschbaumer [:ckerschb] from comment #4)

Hey snorp, is Android doing anything special for form-submissions? I mean other than desktop firefox? Within this patch we are setting a new flag on the loadinfo in case it's a form submission so we can discard the navigate-to directive in that case within CSP.

Any pointers for us would be helpful - we can't reason why that test would be failing on Android.

AFAIK we don't do anything special for form submission.

Flags: needinfo?(snorp)
Keywords: checkin-needed
Attachment #9076321 - Attachment description: navigate-to → Bug 1529068 - Implementation of the navigate-to CSP directive as defined in CSP Level 3.

Pushed by ncsoregi@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/99b313550fb8
Implementation of the navigate-to CSP directive as defined in CSP Level 3. r=ckerschb,mccr8

Keywords: checkin-needed

Backed out for eslint failure on test_navigate_to.html

backout: https://hg.mozilla.org/integration/autoland/rev/79806b618b39671202fac8c9f9817f2aa4252034

push: https://treeherder.mozilla.org/#/jobs?repo=autoland&revision=99b313550fb897d605a96e597d4767cbdee73efc&searchStr=linting%2Copt%2Cjavascript%2Cchecks%2Csource-test-mozlint-eslint%2Cjs%28es%29&group_state=expanded&selectedJob=264985352

failure log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=264985352&repo=autoland&lineNumber=224

[task 2019-09-04T17:55:24.451Z] copying build/lib.linux-x86_64-2.7/psutil/_psutil_posix.so -> psutil
[task 2019-09-04T17:55:24.451Z]
[task 2019-09-04T17:55:24.451Z] Error processing command. Ignoring because optional. (optional:packages.txt:comm/build/virtualenv_packages.txt)
[task 2019-09-04T18:08:03.320Z] TEST-UNEXPECTED-ERROR | /builds/worker/checkouts/gecko/dom/security/test/csp/test_navigate_to.html:125:3 | Expected method shorthand. (object-shorthand)
[task 2019-09-04T18:08:03.320Z] TEST-UNEXPECTED-ERROR | /builds/worker/checkouts/gecko/dom/security/test/csp/test_navigate_to.html:134:3 | Expected method shorthand. (object-shorthand)
[taskcluster 2019-09-04 18:08:03.633Z] === Task Finished ===
[taskcluster 2019-09-04 18:08:04.845Z] Unsuccessful task run with exit code: 1 completed in 1002.744 seconds

failure log bustage: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=264988158&repo=autoland&lineNumber=69985

[task 2019-09-04T18:15:16.396Z] 18:15:16 INFO - In file included from /builds/worker/workspace/build/src/obj-firefox/docshell/base/Unified_cpp_docshell_base0.cpp:83:
[task 2019-09-04T18:15:16.396Z] 18:15:16 ERROR - /builds/worker/workspace/build/src/docshell/base/nsDocShell.cpp:9873:5: error: use of undeclared identifier 'rv'
[task 2019-09-04T18:15:16.396Z] 18:15:16 INFO - rv = csp->GetAllowsNavigateTo(aLoadState->URI(), loadInfo,
[task 2019-09-04T18:15:16.396Z] 18:15:16 INFO - ^
[task 2019-09-04T18:15:16.396Z] 18:15:16 ERROR - /builds/worker/workspace/build/src/docshell/base/nsDocShell.cpp:9873:54: error: use of undeclared identifier 'loadInfo'; did you mean 'aLoadInfo'?
[task 2019-09-04T18:15:16.396Z] 18:15:16 INFO - rv = csp->GetAllowsNavigateTo(aLoadState->URI(), loadInfo,
[task 2019-09-04T18:15:16.396Z] 18:15:16 INFO - ^~~~~~~~
[task 2019-09-04T18:15:16.396Z] 18:15:16 INFO - aLoadInfo
[task 2019-09-04T18:15:16.396Z] 18:15:16 INFO - /builds/worker/workspace/build/src/docshell/base/nsDocShell.cpp:9792:48: note: 'aLoadInfo' declared here
[task 2019-09-04T18:15:16.396Z] 18:15:16 INFO - nsDocShellLoadState* aLoadState, LoadInfo* aLoadInfo,
[task 2019-09-04T18:15:16.396Z] 18:15:16 INFO - ^
[task 2019-09-04T18:15:16.396Z] 18:15:16 ERROR - /builds/worker/workspace/build/src/docshell/base/nsDocShell.cpp:9877:23: error: use of undeclared identifier 'rv'
[task 2019-09-04T18:15:16.397Z] 18:15:16 INFO - NS_ENSURE_SUCCESS(rv, rv);
[task 2019-09-04T18:15:16.397Z] 18:15:16 INFO - ^
[task 2019-09-04T18:15:16.397Z] 18:15:16 ERROR - /builds/worker/workspace/build/src/docshell/base/nsDocShell.cpp:9877:27: error: use of undeclared identifier 'rv'
[task 2019-09-04T18:15:16.397Z] 18:15:16 INFO - NS_ENSURE_SUCCESS(rv, rv);
[task 2019-09-04T18:15:16.397Z] 18:15:16 INFO - ^
[task 2019-09-04T18:15:16.397Z] 18:15:16 ERROR - /builds/worker/workspace/build/src/docshell/base/nsDocShell.cpp:9880:14: error: cannot initialize return object of type 'bool' with an lvalue of type 'const nsresult'
[task 2019-09-04T18:15:16.397Z] 18:15:16 INFO - return NS_ERROR_CSP_NAVIGATE_TO_VIOLATION;
[task 2019-09-04T18:15:16.397Z] 18:15:16 INFO - ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[task 2019-09-04T18:15:16.397Z] 18:15:16 INFO - 5 errors generated.

Flags: needinfo?(beriksson)
Flags: needinfo?(beriksson)
Keywords: checkin-needed

Pushed by ncsoregi@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/890bcaee9b7d
Implementation of the navigate-to CSP directive as defined in CSP Level 3. r=ckerschb,mccr8

Keywords: checkin-needed
Status: ASSIGNED → RESOLVED
Closed: 3 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla71
Flags: needinfo?(beriksson)
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Target Milestone: mozilla71 → ---

Navigate-to is defined in the Content Security Policy Level 3 draft, https://w3c.github.io/webappsec-csp/#directive-navigate-to
The patch is behind pref since the specification is still not finalized.

Flags: needinfo?(beriksson)
Keywords: checkin-needed

Pushed by csabou@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/90b53eda6606
Implementation of the navigate-to CSP directive as defined in CSP Level 3. r=ckerschb,mccr8

Keywords: checkin-needed
Pushed by aiakab@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/4831efa59335
Implementation of the navigate-to CSP directive as defined in CSP Level 3.
Backout by aiakab@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/134dc37565f5
Backed out changeset 4831efa59335 because it was landed in autoland to.
Status: REOPENED → RESOLVED
Closed: 3 months ago2 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla71
Regressions: 1578939
Regressions: 1581470

For the docs, it looks like this is implemented behind the "security.csp.enableNavigateTo" preference.
i.e. not shipping in Firefox 71. Is that correct, :ckerschb?

Page to update would be https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/navigate-to

Flags: needinfo?(ckerschb)

(In reply to Florian Scholz [:fscholz] (MDN) from comment #18)

For the docs, it looks like this is implemented behind the "security.csp.enableNavigateTo" preference.
i.e. not shipping in Firefox 71. Is that correct, :ckerschb?

Correct, we are not shipping in 71 and as of now don't have a date/Firefox version when we will pref that security mechanism on.

Thanks for adding/updating the docs.

Flags: needinfo?(ckerschb)
You need to log in before you can comment on or make changes to this bug.