From 078474c979c0bb89437e6baf10fc49d86af09bde Mon Sep 17 00:00:00 2001
From: Christoph Kerschbaumer <ckerschb@christophkerschbaumer.com>
Date: Fri, 3 Nov 2017 13:26:28 +0100
Subject: [PATCH] Bug 1403870: Allow toplevel data URI navigation
 data:application/json. r=smaug

---
 dom/security/nsContentSecurityManager.cpp | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/dom/security/nsContentSecurityManager.cpp b/dom/security/nsContentSecurityManager.cpp
index 00163b7df0e1..5876db2aeaef 100644
--- a/dom/security/nsContentSecurityManager.cpp
+++ b/dom/security/nsContentSecurityManager.cpp
@@ -63,8 +63,9 @@ nsContentSecurityManager::AllowTopLevelNavigationToDataURI(nsIChannel* aChannel)
       !StringBeginsWith(filePath, NS_LITERAL_CSTRING("image/svg+xml"))) {
     return true;
   }
-  // Whitelist data: PDFs
-  if (StringBeginsWith(filePath, NS_LITERAL_CSTRING("application/pdf"))) {
+  // Whitelist data: PDFs and JSON
+  if (StringBeginsWith(filePath, NS_LITERAL_CSTRING("application/pdf")) ||
+      StringBeginsWith(filePath, NS_LITERAL_CSTRING("application/json"))) {
     return true;
   }
   // Redirecting to a toplevel data: URI is not allowed, hence we make