1578231 - Hardcode whitelist of about: pages where we can not apply a CSP

Status: RESOLVED FIXED

(Core :: DOM: Security, task)

Description

[Christoph Kerschbaumer [:ckerschb]]

There are some about: pages, like about:blank or about:sync-log where we can't apply a CSP. We should hardcode that whitelist inside the assertion code and remove the pref.

Comment 1

[Christoph Kerschbaumer [:ckerschb]]

Attachment: Bug 1578231: Hardcode whitelist of about: pages where we can not apply a CSP. r=jkt

Comment 2

[Pulsebot]

Pushed by mozilla@christophkerschbaumer.com:
https://hg.mozilla.org/integration/autoland/rev/e2927c8227d9
Hardcode whitelist of about: pages where we can not apply a CSP. r=jkt

Comment 3

[Dorel Luca [:dluca]]

Backed out changeset e2927c8227d9 (bug 1578231) for Browser-chrome failures browser/base/content/test/performance/browser_preferences_usage.js

Log:
https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=265119104&repo=autoland&lineNumber=1091

Push with failures:
https://treeherder.mozilla.org/#/jobs?repo=autoland&revision=e2927c8227d979c75b7dd6621beb89a81c9b3ee7

Backout:
https://hg.mozilla.org/integration/autoland/rev/5eaae974bec9e71783b6ff026308928aaaffd565

Comment 4

[Christoph Kerschbaumer [:ckerschb]]

(In reply to Dorel Luca [:dluca] from comment #3)

Backed out changeset e2927c8227d9 (bug 1578231) for Browser-chrome failures browser/base/content/test/performance/browser_preferences_usage.js

Dluca and/or Aryx, looking at the logs I think it's rather unlikely that my patch caused the problem. What's your take? I am missing something?

Comment 5

[Dorel Luca [:dluca]]

I posted the wrong log link, sorry for that.

Here is the correct one:
https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=265119104&repo=autoland&lineNumber=1091

Comment 6

[Sebastian Hengst [:aryx] (needinfo me if it's about an intermittent or backout)]

An actual failure: https://treeherder.mozilla.org/#/jobs?repo=autoland&resultStatus=testfailed%2Cbusted%2Cexception%2Cretry%2Cusercancel%2Crunning%2Cpending%2Crunnable&revision=e2927c8227d979c75b7dd6621beb89a81c9b3ee7&selectedJob=265119104

browser/base/content/test/performance/browser_preferences_usage.js | csp.skip_about_page_has_csp_assert should not be accessed more than 40 times. - 42 <= 40 - JS frame :: chrome://mochitests/content/browser/browser/base/content/test/performance/browser_preferences_usage.js :: checkPrefGetters :: line 42

Hope this makes the connection more obvious.

Comment 7

[Christoph Kerschbaumer [:ckerschb]]

(In reply to Sebastian Hengst [:aryx] (needinfo on intermittent or backout) from comment #6)

browser/base/content/test/performance/browser_preferences_usage.js | csp.skip_about_page_has_csp_assert should not be accessed more than 40 times. - 42 <= 40 - JS frame :: chrome://mochitests/content/browser/browser/base/content/test/performance/browser_preferences_usage.js :: checkPrefGetters :: line 42

Hope this makes the connection more obvious.

Thanks - that makes more sense. This pref is only accessed in debug builds, hence I whitelisted it for the test.

Comment 8

[Pulsebot]

Pushed by mozilla@christophkerschbaumer.com:
https://hg.mozilla.org/integration/autoland/rev/eb773bc46182
Hardcode whitelist of about: pages where we can not apply a CSP. r=jkt

Comment 9

[Andreea Pavel [:apavel]]

https://hg.mozilla.org/mozilla-central/rev/eb773bc46182