Closed Bug 1529068 Opened 6 years ago Closed 5 years ago

Implement CSP 'navigate-to' directive

Categories

(Core :: DOM: Security, enhancement, P3)

Product:
Core
Component:
DOM: Security
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla71
Tracking Flags:
Tracking Status
firefox71 --- fixed

People

(Reporter: dveditz, Assigned: beriksson)

References

(Depends on 2 open bugs, Blocks 2 open bugs)

Details

(Keywords: dev-doc-needed, Whiteboard: [domsecurity-active])

Attachments

(1 file)

Bug 1529068 - Implementation of the navigate-to CSP directive as defined in CSP Level 3.
47 bytes, text/x-phabricator-request
Details | Review

We need to implement the CSP3 'navigate-to' directive, which limits the targets of any navigation (<a>, <form>, window.open(), window.location, etc. (Note that if there is also a 'form-action' directive then that regulates <form>)

https://w3c.github.io/webappsec-csp/#directive-navigate-to

Priority: -- → P3
Whiteboard: [domsecurity-backlog3]
Assignee: nobody → beriksson
Status: NEW → ASSIGNED
Whiteboard: [domsecurity-backlog3] → [domsecurity-active]

Implementation of the navigate-to CSP directive as defined in CSP Level 3, https://www.w3.org/TR/CSP3/#directive-navigate-to

Keywords: dev-doc-neededcheckin-needed

Hey snorp, is Android doing anything special for form-submissions? I mean other than desktop firefox? Within this patch we are setting a new flag on the loadinfo in case it's a form submission so we can discard the navigate-to directive in that case within CSP.

Any pointers for us would be helpful - we can't reason why that test would be failing on Android.

Flags: needinfo?(beriksson) → needinfo?(snorp)

(In reply to Christoph Kerschbaumer [:ckerschb] from comment #4)

Hey snorp, is Android doing anything special for form-submissions? I mean other than desktop firefox? Within this patch we are setting a new flag on the loadinfo in case it's a form submission so we can discard the navigate-to directive in that case within CSP.

Any pointers for us would be helpful - we can't reason why that test would be failing on Android.

AFAIK we don't do anything special for form submission.

Flags: needinfo?(snorp)
Keywords: checkin-needed
Attachment #9076321 - Attachment description: navigate-to → Bug 1529068 - Implementation of the navigate-to CSP directive as defined in CSP Level 3.

Pushed by ncsoregi@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/99b313550fb8
Implementation of the navigate-to CSP directive as defined in CSP Level 3. r=ckerschb,mccr8

Keywords: checkin-needed

Backed out for eslint failure on test_navigate_to.html

backout: https://hg.mozilla.org/integration/autoland/rev/79806b618b39671202fac8c9f9817f2aa4252034

push: https://treeherder.mozilla.org/#/jobs?repo=autoland&revision=99b313550fb897d605a96e597d4767cbdee73efc&searchStr=linting%2Copt%2Cjavascript%2Cchecks%2Csource-test-mozlint-eslint%2Cjs%28es%29&group_state=expanded&selectedJob=264985352

failure log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=264985352&repo=autoland&lineNumber=224

[task 2019-09-04T17:55:24.451Z] copying build/lib.linux-x86_64-2.7/psutil/_psutil_posix.so -> psutil
[task 2019-09-04T17:55:24.451Z]
[task 2019-09-04T17:55:24.451Z] Error processing command. Ignoring because optional. (optional:packages.txt:comm/build/virtualenv_packages.txt)
[task 2019-09-04T18:08:03.320Z] TEST-UNEXPECTED-ERROR | /builds/worker/checkouts/gecko/dom/security/test/csp/test_navigate_to.html:125:3 | Expected method shorthand. (object-shorthand)
[task 2019-09-04T18:08:03.320Z] TEST-UNEXPECTED-ERROR | /builds/worker/checkouts/gecko/dom/security/test/csp/test_navigate_to.html:134:3 | Expected method shorthand. (object-shorthand)
[taskcluster 2019-09-04 18:08:03.633Z] === Task Finished ===
[taskcluster 2019-09-04 18:08:04.845Z] Unsuccessful task run with exit code: 1 completed in 1002.744 seconds

failure log bustage: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=264988158&repo=autoland&lineNumber=69985

[task 2019-09-04T18:15:16.396Z] 18:15:16 INFO - In file included from /builds/worker/workspace/build/src/obj-firefox/docshell/base/Unified_cpp_docshell_base0.cpp:83:
[task 2019-09-04T18:15:16.396Z] 18:15:16 ERROR - /builds/worker/workspace/build/src/docshell/base/nsDocShell.cpp:9873:5: error: use of undeclared identifier 'rv'
[task 2019-09-04T18:15:16.396Z] 18:15:16 INFO - rv = csp->GetAllowsNavigateTo(aLoadState->URI(), loadInfo,
[task 2019-09-04T18:15:16.396Z] 18:15:16 INFO - ^
[task 2019-09-04T18:15:16.396Z] 18:15:16 ERROR - /builds/worker/workspace/build/src/docshell/base/nsDocShell.cpp:9873:54: error: use of undeclared identifier 'loadInfo'; did you mean 'aLoadInfo'?
[task 2019-09-04T18:15:16.396Z] 18:15:16 INFO - rv = csp->GetAllowsNavigateTo(aLoadState->URI(), loadInfo,
[task 2019-09-04T18:15:16.396Z] 18:15:16 INFO - ^~~~~~~~
[task 2019-09-04T18:15:16.396Z] 18:15:16 INFO - aLoadInfo
[task 2019-09-04T18:15:16.396Z] 18:15:16 INFO - /builds/worker/workspace/build/src/docshell/base/nsDocShell.cpp:9792:48: note: 'aLoadInfo' declared here
[task 2019-09-04T18:15:16.396Z] 18:15:16 INFO - nsDocShellLoadState* aLoadState, LoadInfo* aLoadInfo,
[task 2019-09-04T18:15:16.396Z] 18:15:16 INFO - ^
[task 2019-09-04T18:15:16.396Z] 18:15:16 ERROR - /builds/worker/workspace/build/src/docshell/base/nsDocShell.cpp:9877:23: error: use of undeclared identifier 'rv'
[task 2019-09-04T18:15:16.397Z] 18:15:16 INFO - NS_ENSURE_SUCCESS(rv, rv);
[task 2019-09-04T18:15:16.397Z] 18:15:16 INFO - ^
[task 2019-09-04T18:15:16.397Z] 18:15:16 ERROR - /builds/worker/workspace/build/src/docshell/base/nsDocShell.cpp:9877:27: error: use of undeclared identifier 'rv'
[task 2019-09-04T18:15:16.397Z] 18:15:16 INFO - NS_ENSURE_SUCCESS(rv, rv);
[task 2019-09-04T18:15:16.397Z] 18:15:16 INFO - ^
[task 2019-09-04T18:15:16.397Z] 18:15:16 ERROR - /builds/worker/workspace/build/src/docshell/base/nsDocShell.cpp:9880:14: error: cannot initialize return object of type 'bool' with an lvalue of type 'const nsresult'
[task 2019-09-04T18:15:16.397Z] 18:15:16 INFO - return NS_ERROR_CSP_NAVIGATE_TO_VIOLATION;
[task 2019-09-04T18:15:16.397Z] 18:15:16 INFO - ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[task 2019-09-04T18:15:16.397Z] 18:15:16 INFO - 5 errors generated.

Flags: needinfo?(beriksson)
Flags: needinfo?(beriksson)
Keywords: checkin-needed

Pushed by ncsoregi@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/890bcaee9b7d
Implementation of the navigate-to CSP directive as defined in CSP Level 3. r=ckerschb,mccr8

Keywords: checkin-needed

https://hg.mozilla.org/mozilla-central/rev/890bcaee9b7d

Status: ASSIGNED → RESOLVED
Closed: 5 years ago
status-firefox71: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla71

Backed out changeset 890bcaee9b7d (bug 1529068) for causing tier2 failures on multiple platforms on central in dom/security/test/csp/test_navigate_to.html. CLOSED TREE

Log:
https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=265074413&repo=mozilla-central&lineNumber=6626

Push with failures:
https://treeherder.mozilla.org/#/jobs?repo=autoland&revision=890bcaee9b7db0922f4bdf55e39646da0dafdc1a

Backout:
https://hg.mozilla.org/integration/autoland/rev/d1181cbf7840362b625c2f26203a1e52d761f41b

Flags: needinfo?(beriksson)
Status: RESOLVED → REOPENED
status-firefox71: fixed → ---
Resolution: FIXED → ---
Target Milestone: mozilla71 → ---

Navigate-to is defined in the Content Security Policy Level 3 draft, https://w3c.github.io/webappsec-csp/#directive-navigate-to
The patch is behind pref since the specification is still not finalized.

Flags: needinfo?(beriksson)
Keywords: checkin-needed

Pushed by csabou@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/90b53eda6606
Implementation of the navigate-to CSP directive as defined in CSP Level 3. r=ckerschb,mccr8

Keywords: checkin-needed
Pushed by aiakab@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/4831efa59335 Implementation of the navigate-to CSP directive as defined in CSP Level 3.
Backout by aiakab@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/134dc37565f5 Backed out changeset 4831efa59335 because it was landed in autoland to.

https://hg.mozilla.org/mozilla-central/rev/90b53eda6606

Status: REOPENED → RESOLVED
Closed: 5 years ago5 years ago
status-firefox71: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla71
Regressions: 1578939
Regressions: 1581470

For the docs, it looks like this is implemented behind the "security.csp.enableNavigateTo" preference.
i.e. not shipping in Firefox 71. Is that correct, :ckerschb?

Page to update would be https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/navigate-to

Flags: needinfo?(ckerschb)

(In reply to Florian Scholz [:fscholz] (MDN) from comment #18)

For the docs, it looks like this is implemented behind the "security.csp.enableNavigateTo" preference.
i.e. not shipping in Firefox 71. Is that correct, :ckerschb?

Correct, we are not shipping in 71 and as of now don't have a date/Firefox version when we will pref that security mechanism on.

Thanks for adding/updating the docs.

Flags: needinfo?(ckerschb)

Any updates on navigate-to being enabled by default?

Flags: needinfo?(dveditz)
Flags: needinfo?(dveditz) → needinfo?(ckerschb)

(In reply to Eli Grey (:sephr) from comment #20)

Any updates on navigate-to being enabled by default?

The navigate-to is still experimental. As of now, we don't have any concrete plans to ship it.

Flags: needinfo?(ckerschb)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: