gecko-dev/dom/ipc/manifestMessages.js

123 строки
3.7 KiB
JavaScript
Исходник Обычный вид История

/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.*/
/*
* Manifest obtainer frame script implementation of:
* http://www.w3.org/TR/appmanifest/#obtaining
*
* It searches a top-level browsing context for
* a <link rel=manifest> element. Then fetches
* and processes the linked manifest.
*
* BUG: https://bugzilla.mozilla.org/show_bug.cgi?id=1083410
*/
/*globals content, sendAsyncMessage, addMessageListener, Components*/
'use strict';
const {
Bug 1089255 - Implement and test manifest-src CSP directive. r=bholley, r=dveditz, r=ckerschb --- dom/base/nsContentPolicyUtils.h | 1 + dom/base/nsDataDocumentContentPolicy.cpp | 3 +- dom/base/nsIContentPolicy.idl | 2 +- dom/base/nsIContentPolicyBase.idl | 7 +- dom/base/nsISimpleContentPolicy.idl | 2 +- dom/base/test/csp/browser.ini | 4 + dom/base/test/csp/browser_test_web_manifest.js | 265 +++++++++++++++++++++ .../csp/browser_test_web_manifest_mixed_content.js | 55 +++++ dom/base/test/csp/file_CSP_web_manifest.html | 6 + dom/base/test/csp/file_CSP_web_manifest.json | 1 + .../test/csp/file_CSP_web_manifest.json^headers^ | 1 + dom/base/test/csp/file_CSP_web_manifest_https.html | 4 + dom/base/test/csp/file_CSP_web_manifest_https.json | 1 + .../csp/file_CSP_web_manifest_mixed_content.html | 9 + .../test/csp/file_CSP_web_manifest_remote.html | 8 + dom/base/test/csp/file_csp_testserver.sjs | 14 +- dom/base/test/csp/mochitest.ini | 7 + dom/base/test/moz.build | 5 +- dom/fetch/InternalRequest.cpp | 3 + dom/fetch/InternalRequest.h | 2 +- .../security/nsIContentSecurityPolicy.idl | 3 +- dom/ipc/manifestMessages.js | 25 +- dom/security/nsCSPUtils.cpp | 7 + dom/security/nsCSPUtils.h | 10 +- dom/security/nsMixedContentBlocker.cpp | 1 + dom/webidl/CSPDictionaries.webidl | 1 + extensions/permissions/nsContentBlocker.cpp | 6 +- netwerk/mime/nsMimeTypes.h | 1 + 28 files changed, 439 insertions(+), 15 deletions(-) create mode 100644 dom/base/test/csp/browser.ini create mode 100644 dom/base/test/csp/browser_test_web_manifest.js create mode 100644 dom/base/test/csp/browser_test_web_manifest_mixed_content.js create mode 100644 dom/base/test/csp/file_CSP_web_manifest.html create mode 100644 dom/base/test/csp/file_CSP_web_manifest.json create mode 100644 dom/base/test/csp/file_CSP_web_manifest.json^headers^ create mode 100644 dom/base/test/csp/file_CSP_web_manifest_https.html create mode 100644 dom/base/test/csp/file_CSP_web_manifest_https.json create mode 100644 dom/base/test/csp/file_CSP_web_manifest_mixed_content.html create mode 100644 dom/base/test/csp/file_CSP_web_manifest_remote.html
2015-06-02 22:42:19 +03:00
utils: Cu,
classes: Cc,
interfaces: Ci
} = Components;
const {
ManifestProcessor
} = Cu.import('resource://gre/modules/WebManifest.jsm', {});
const {
Task: {
spawn, async
}
} = Components.utils.import('resource://gre/modules/Task.jsm', {});
addMessageListener('DOM:ManifestObtainer:Obtain', async(function* (aMsg) {
const response = {
msgId: aMsg.data.msgId,
success: true,
result: undefined
};
try {
response.result = yield fetchManifest();
} catch (err) {
response.success = false;
response.result = cloneError(err);
}
sendAsyncMessage('DOM:ManifestObtainer:Obtain', response);
}));
function cloneError(aError) {
const clone = {
'fileName': String(aError.fileName),
'lineNumber': String(aError.lineNumber),
'columnNumber': String(aError.columnNumber),
'stack': String(aError.stack),
'message': String(aError.message),
'name': String(aError.name)
};
return clone;
}
Bug 1171200 - Add means of checking if a document links to a manifest. r=billm. --- dom/ipc/manifestMessages.js | 166 +++++++++----------- ...ObjectProcessor.js => ImageObjectProcessor.jsm} | 0 dom/manifest/ManifestFinder.jsm | 58 +++++++ dom/manifest/ManifestObtainer.js | 92 ----------- dom/manifest/ManifestObtainer.jsm | 170 +++++++++++++++++++++ ...{ManifestProcessor.js => ManifestProcessor.jsm} | 18 +-- .../{ValueExtractor.js => ValueExtractor.jsm} | 4 +- dom/manifest/WebManifest.jsm | 19 --- dom/manifest/moz.build | 10 +- dom/manifest/test/browser.ini | 3 +- .../test/browser_ManifestObtainer_obtain.js | 2 +- dom/manifest/test/browser_hasManifestLink.js | 109 +++++++++++++ dom/manifest/test/common.js | 4 +- dom/security/test/csp/browser_test_web_manifest.js | 12 +- .../csp/browser_test_web_manifest_mixed_content.js | 10 +- toolkit/modules/PromiseMessage.jsm | 36 +++++ toolkit/modules/moz.build | 1 + 17 files changed, 467 insertions(+), 247 deletions(-) rename dom/manifest/{ImageObjectProcessor.js => ImageObjectProcessor.jsm} (100%) create mode 100644 dom/manifest/ManifestFinder.jsm delete mode 100644 dom/manifest/ManifestObtainer.js create mode 100644 dom/manifest/ManifestObtainer.jsm rename dom/manifest/{ManifestProcessor.js => ManifestProcessor.jsm} (95%) rename dom/manifest/{ValueExtractor.js => ValueExtractor.jsm} (96%) delete mode 100644 dom/manifest/WebManifest.jsm create mode 100644 dom/manifest/test/browser_hasManifestLink.js create mode 100644 toolkit/modules/PromiseMessage.jsm --HG-- rename : dom/manifest/ImageObjectProcessor.js => dom/manifest/ImageObjectProcessor.jsm rename : dom/manifest/ManifestProcessor.js => dom/manifest/ManifestProcessor.jsm rename : dom/manifest/ValueExtractor.js => dom/manifest/ValueExtractor.jsm
2015-07-08 06:26:32 +03:00
function fetchManifest() {
return spawn(function* () {
if (!content || content.top !== content) {
let msg = 'Content window must be a top-level browsing context.';
throw new Error(msg);
}
const elem = content.document.querySelector('link[rel~="manifest"]');
if (!elem || !elem.getAttribute('href')) {
let msg = 'No manifest to fetch.';
throw new Error(msg);
}
// Throws on malformed URLs
const manifestURL = new content.URL(elem.href, elem.baseURI);
if (!canLoadManifest(elem)) {
let msg = `Content Security Policy: The page's settings blocked the `;
msg += `loading of a resource at ${elem.href}`;
throw new Error(msg);
}
const reqInit = {
mode: 'cors'
Bug 1171200 - Add means of checking if a document links to a manifest. r=billm. --- dom/ipc/manifestMessages.js | 166 +++++++++----------- ...ObjectProcessor.js => ImageObjectProcessor.jsm} | 0 dom/manifest/ManifestFinder.jsm | 58 +++++++ dom/manifest/ManifestObtainer.js | 92 ----------- dom/manifest/ManifestObtainer.jsm | 170 +++++++++++++++++++++ ...{ManifestProcessor.js => ManifestProcessor.jsm} | 18 +-- .../{ValueExtractor.js => ValueExtractor.jsm} | 4 +- dom/manifest/WebManifest.jsm | 19 --- dom/manifest/moz.build | 10 +- dom/manifest/test/browser.ini | 3 +- .../test/browser_ManifestObtainer_obtain.js | 2 +- dom/manifest/test/browser_hasManifestLink.js | 109 +++++++++++++ dom/manifest/test/common.js | 4 +- dom/security/test/csp/browser_test_web_manifest.js | 12 +- .../csp/browser_test_web_manifest_mixed_content.js | 10 +- toolkit/modules/PromiseMessage.jsm | 36 +++++ toolkit/modules/moz.build | 1 + 17 files changed, 467 insertions(+), 247 deletions(-) rename dom/manifest/{ImageObjectProcessor.js => ImageObjectProcessor.jsm} (100%) create mode 100644 dom/manifest/ManifestFinder.jsm delete mode 100644 dom/manifest/ManifestObtainer.js create mode 100644 dom/manifest/ManifestObtainer.jsm rename dom/manifest/{ManifestProcessor.js => ManifestProcessor.jsm} (95%) rename dom/manifest/{ValueExtractor.js => ValueExtractor.jsm} (96%) delete mode 100644 dom/manifest/WebManifest.jsm create mode 100644 dom/manifest/test/browser_hasManifestLink.js create mode 100644 toolkit/modules/PromiseMessage.jsm --HG-- rename : dom/manifest/ImageObjectProcessor.js => dom/manifest/ImageObjectProcessor.jsm rename : dom/manifest/ManifestProcessor.js => dom/manifest/ManifestProcessor.jsm rename : dom/manifest/ValueExtractor.js => dom/manifest/ValueExtractor.jsm
2015-07-08 06:26:32 +03:00
};
if (elem.crossOrigin === 'use-credentials') {
reqInit.credentials = 'include';
}
const req = new content.Request(manifestURL, reqInit);
req.setContentPolicyType(Ci.nsIContentPolicy.TYPE_WEB_MANIFEST);
const response = yield content.fetch(req);
const manifest = yield processResponse(response, content);
return manifest;
});
}
Bug 1089255 - Implement and test manifest-src CSP directive. r=bholley, r=dveditz, r=ckerschb --- dom/base/nsContentPolicyUtils.h | 1 + dom/base/nsDataDocumentContentPolicy.cpp | 3 +- dom/base/nsIContentPolicy.idl | 2 +- dom/base/nsIContentPolicyBase.idl | 7 +- dom/base/nsISimpleContentPolicy.idl | 2 +- dom/base/test/csp/browser.ini | 4 + dom/base/test/csp/browser_test_web_manifest.js | 265 +++++++++++++++++++++ .../csp/browser_test_web_manifest_mixed_content.js | 55 +++++ dom/base/test/csp/file_CSP_web_manifest.html | 6 + dom/base/test/csp/file_CSP_web_manifest.json | 1 + .../test/csp/file_CSP_web_manifest.json^headers^ | 1 + dom/base/test/csp/file_CSP_web_manifest_https.html | 4 + dom/base/test/csp/file_CSP_web_manifest_https.json | 1 + .../csp/file_CSP_web_manifest_mixed_content.html | 9 + .../test/csp/file_CSP_web_manifest_remote.html | 8 + dom/base/test/csp/file_csp_testserver.sjs | 14 +- dom/base/test/csp/mochitest.ini | 7 + dom/base/test/moz.build | 5 +- dom/fetch/InternalRequest.cpp | 3 + dom/fetch/InternalRequest.h | 2 +- .../security/nsIContentSecurityPolicy.idl | 3 +- dom/ipc/manifestMessages.js | 25 +- dom/security/nsCSPUtils.cpp | 7 + dom/security/nsCSPUtils.h | 10 +- dom/security/nsMixedContentBlocker.cpp | 1 + dom/webidl/CSPDictionaries.webidl | 1 + extensions/permissions/nsContentBlocker.cpp | 6 +- netwerk/mime/nsMimeTypes.h | 1 + 28 files changed, 439 insertions(+), 15 deletions(-) create mode 100644 dom/base/test/csp/browser.ini create mode 100644 dom/base/test/csp/browser_test_web_manifest.js create mode 100644 dom/base/test/csp/browser_test_web_manifest_mixed_content.js create mode 100644 dom/base/test/csp/file_CSP_web_manifest.html create mode 100644 dom/base/test/csp/file_CSP_web_manifest.json create mode 100644 dom/base/test/csp/file_CSP_web_manifest.json^headers^ create mode 100644 dom/base/test/csp/file_CSP_web_manifest_https.html create mode 100644 dom/base/test/csp/file_CSP_web_manifest_https.json create mode 100644 dom/base/test/csp/file_CSP_web_manifest_mixed_content.html create mode 100644 dom/base/test/csp/file_CSP_web_manifest_remote.html
2015-06-02 22:42:19 +03:00
function canLoadManifest(aElem) {
const contentPolicy = Cc['@mozilla.org/layout/content-policy;1']
.getService(Ci.nsIContentPolicy);
const mimeType = aElem.type || 'application/manifest+json';
const elemURI = BrowserUtils.makeURI(
aElem.href, aElem.ownerDocument.characterSet
);
const shouldLoad = contentPolicy.shouldLoad(
Ci.nsIContentPolicy.TYPE_WEB_MANIFEST, elemURI,
aElem.ownerDocument.documentURIObject,
aElem, mimeType, null
);
return shouldLoad === Ci.nsIContentPolicy.ACCEPT;
}
function processResponse(aResp, aContentWindow) {
return spawn(function* () {
const badStatus = aResp.status < 200 || aResp.status >= 300;
if (aResp.type === 'error' || badStatus) {
let msg =
`Fetch error: ${aResp.status} - ${aResp.statusText} at ${aResp.url}`;
throw new Error(msg);
}
const text = yield aResp.text();
const args = {
jsonText: text,
manifestURL: aResp.url,
docURL: aContentWindow.location.href
};
const processor = new ManifestProcessor();
const manifest = processor.process(args);
return Cu.cloneInto(manifest, content);
});
}