Closed Bug 1583076 Opened 6 years ago Closed 6 years ago

Handle CSP 'navigate-to' redirection checks for DocumentChannel.

Categories

(Core :: Security, defect)

Product:
Core
Component:
Security
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla71
Project Flags:
Fission Milestone M4
Tracking Flags:
Tracking Status
firefox71 --- fixed

People

(Reporter: mattwoodrow, Assigned: mattwoodrow)

References

Details

Attachments

(4 files)

Bug 1583076 - Initialize cspToInherit with the loading context when deserializing. r?ckerschb
47 bytes, text/x-phabricator-request
Details | Review
Bug 1583076 - Make nsCSPService::ConsultCSPForRedirect return both the AsyncOnChannelRedirect result, as well as an optional result to cancel the old channel with. r?ckerschb
47 bytes, text/x-phabricator-request
Details | Review
Bug 1583076 - Pass LoadInfo back for the current channel when confirming redirects. r?ckerschb
47 bytes, text/x-phabricator-request
Details | Review
Bug 1583076 - Check navigate-to in ConsultCSPForRedirect since this runs for DocumentChannel. r?ckerschb
47 bytes, text/x-phabricator-request
Details | Review

Similar to bug 1581470, DocumentChannel doesn't fire AsyncOnChannelRedirect in the content process, so we're not getting the 'navigate-to' check.

We need to move the code into CSPService::ConsultCSPForRedirect, so that we can run it without the nsIChannel instance.

We previously used the initial LoadInfo from when the DocumentChannel was created, but need the one from the most recent channel in the parent.

Depends on D46740

Pushed by mwoodrow@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/56c3918b5c21 Initialize cspToInherit with the loading context when deserializing. r=ckerschb https://hg.mozilla.org/integration/autoland/rev/1baaf14e2451 Make nsCSPService::ConsultCSPForRedirect return both the AsyncOnChannelRedirect result, as well as an optional result to cancel the old channel with. r=ckerschb https://hg.mozilla.org/integration/autoland/rev/084b244a33c0 Pass LoadInfo back for the current channel when confirming redirects. r=ckerschb https://hg.mozilla.org/integration/autoland/rev/97bc75b1cfe1 Check navigate-to in ConsultCSPForRedirect since this runs for DocumentChannel. r=ckerschb
Pushed by malexandru@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/dd4117098844 Fix bustages in nsCSPService.cpp:317:12 a=bustage-fix CLOSED TREE

Backed out 5 changesets (Bug 1583076) for href-location-redirected-blocked.sub.html failures

Push with failures: https://treeherder.mozilla.org/#/jobs?repo=autoland&searchStr=os%2Cx%2C10.14%2Cshippable%2Copt%2Cweb%2Cplatform%2Ctests%2Ctest-macosx1014-64-shippable%2Fopt-web-platform-tests-e10s&fromchange=5eca1b56929069654b5851c9dd054e821570fd78&tochange=1868efc4e885f660f7cdc23c123d96b91805b52d&selectedJob=268233938

Backout link: https://hg.mozilla.org/integration/autoland/rev/1868efc4e885f660f7cdc23c123d96b91805b52d

Failure log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=268233938&repo=autoland&lineNumber=1012

[task 2019-09-24T20:47:12.123Z] 20:47:12 INFO - TEST-START | /content-security-policy/navigate-to/href-location-redirected-blocked.sub.html
[task 2019-09-24T20:47:12.127Z] 20:47:12 INFO - Closing window 50
[task 2019-09-24T20:47:12.200Z] 20:47:12 INFO - Closing window 34359738371
[task 2019-09-24T20:47:22.505Z] 20:47:22 INFO -
[task 2019-09-24T20:47:22.505Z] 20:47:22 INFO - TEST-UNEXPECTED-NOTRUN | /content-security-policy/navigate-to/href-location-redirected-blocked.sub.html | Test that the child iframe navigation is not allowed - expected PASS
[task 2019-09-24T20:47:22.505Z] 20:47:22 INFO - TEST-UNEXPECTED-TIMEOUT | /content-security-policy/navigate-to/href-location-redirected-blocked.sub.html | expected OK
[task 2019-09-24T20:47:22.505Z] 20:47:22 INFO - TEST-INFO took 10385ms

Flags: needinfo?(matt.woodrow)
Pushed by mwoodrow@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/b4140efc183d Initialize cspToInherit with the loading context when deserializing. r=ckerschb https://hg.mozilla.org/integration/autoland/rev/6ccf5880c324 Make nsCSPService::ConsultCSPForRedirect return both the AsyncOnChannelRedirect result, as well as an optional result to cancel the old channel with. r=ckerschb https://hg.mozilla.org/integration/autoland/rev/97e4bfbc5578 Pass LoadInfo back for the current channel when confirming redirects. r=ckerschb https://hg.mozilla.org/integration/autoland/rev/e3e31e1dfc13 Check navigate-to in ConsultCSPForRedirect since this runs for DocumentChannel. r=ckerschb
Backout by csabou@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/abe671277b51 Backed out 4 changesets for causing build bustages on nsCSPService.cpp. CLOSED TREE
Pushed by mwoodrow@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/43c7cdf5c1e6 Initialize cspToInherit with the loading context when deserializing. r=ckerschb https://hg.mozilla.org/integration/autoland/rev/f62dc9ae3caf Make nsCSPService::ConsultCSPForRedirect return both the AsyncOnChannelRedirect result, as well as an optional result to cancel the old channel with. r=ckerschb https://hg.mozilla.org/integration/autoland/rev/7ee838678e6f Pass LoadInfo back for the current channel when confirming redirects. r=ckerschb https://hg.mozilla.org/integration/autoland/rev/3f8fb4a68d7f Check navigate-to in ConsultCSPForRedirect since this runs for DocumentChannel. r=ckerschb
Flags: needinfo?(matt.woodrow)

Retroactively moving fixed bugs whose summaries mention "Fission" (or other Fission-related keywords) but are not assigned to a Fission Milestone to an appropriate Fission Milestone.

This will generate a lot of bugmail, so you can filter your bugmail for the following UUID and delete them en masse:

0ee3c76a-bc79-4eb2-8d12-05dc0b68e732

Fission Milestone: --- → M4
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: