Bug 1547957: Only assert explicit CSP and CSP within Principal is equal when dealing with a CodebasePrincipal. r=jkt

Differential Revision: https://phabricator.services.mozilla.com/D29380 --HG-- extra : moz-landing-system : lando
2019-05-03 09:16:40 +00:00 · 2019-05-03 09:16:40 +00:00 · 0395d0d481
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@ -9955,8 +9955,10 @@ nsresult nsDocShell::DoURILoad(nsDocShellLoadState* aLoadState,
  nsCOMPtr<nsIContentSecurityPolicy> csp;
  aLoadState->TriggeringPrincipal()->GetCsp(getter_AddRefs(csp));
 #ifdef DEBUG
-  if (!aLoadState->TriggeringPrincipal()->GetIsNullPrincipal()) {
+  // We only serialize the CSP within CodebasePrincipals hence
+  // lets only assert if the load is triggered by a CodebesPrincipal.
  // After Bug 965637 we can remove that assertion anyway.
+  if (aLoadState->TriggeringPrincipal()->GetIsCodebasePrincipal()) {
    nsCOMPtr<nsIContentSecurityPolicy> argsCSP = aLoadState->Csp();
    MOZ_ASSERT(nsCSPContext::Equals(csp, argsCSP));
  }