зеркало из https://github.com/mozilla/gecko-dev.git
Bug 858836 - CSP inline style blocking doesn't work in the Firefox OS emulator. r=bz, r=imelven
This commit is contained in:
Родитель
a83edc794f
Коммит
109adb2480
|
@ -2500,29 +2500,30 @@ nsDocument::InitCSP(nsIChannel* aChannel)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// ----- Figure out if we need to apply an app default CSP
|
// Figure out if we need to apply an app default CSP or a CSP from an app manifest
|
||||||
bool applyAppDefaultCSP = false;
|
bool applyAppDefaultCSP = false;
|
||||||
|
bool applyAppManifestCSP = false;
|
||||||
|
|
||||||
nsIPrincipal* principal = NodePrincipal();
|
nsIPrincipal* principal = NodePrincipal();
|
||||||
uint16_t appStatus = nsIPrincipal::APP_STATUS_NOT_INSTALLED;
|
|
||||||
bool unknownAppId;
|
bool unknownAppId;
|
||||||
|
uint16_t appStatus = nsIPrincipal::APP_STATUS_NOT_INSTALLED;
|
||||||
|
nsAutoString appManifestCSP;
|
||||||
if (NS_SUCCEEDED(principal->GetUnknownAppId(&unknownAppId)) &&
|
if (NS_SUCCEEDED(principal->GetUnknownAppId(&unknownAppId)) &&
|
||||||
!unknownAppId &&
|
!unknownAppId &&
|
||||||
NS_SUCCEEDED(principal->GetAppStatus(&appStatus))) {
|
NS_SUCCEEDED(principal->GetAppStatus(&appStatus))) {
|
||||||
applyAppDefaultCSP = ( appStatus == nsIPrincipal::APP_STATUS_PRIVILEGED ||
|
applyAppDefaultCSP = ( appStatus == nsIPrincipal::APP_STATUS_PRIVILEGED ||
|
||||||
appStatus == nsIPrincipal::APP_STATUS_CERTIFIED);
|
appStatus == nsIPrincipal::APP_STATUS_CERTIFIED);
|
||||||
|
|
||||||
// Bug 773981. Allow a per-app policy from the manifest.
|
if (appStatus != nsIPrincipal::APP_STATUS_NOT_INSTALLED) {
|
||||||
// Just read the CSP from the manifest into cspHeaderValue.
|
nsCOMPtr<nsIAppsService> appsService = do_GetService(APPS_SERVICE_CONTRACTID);
|
||||||
// That way we don't have to change the rest of the function logic
|
|
||||||
if (applyAppDefaultCSP || appStatus == nsIPrincipal::APP_STATUS_INSTALLED) {
|
|
||||||
nsCOMPtr<nsIAppsService> appsService =
|
|
||||||
do_GetService(APPS_SERVICE_CONTRACTID);
|
|
||||||
|
|
||||||
if (appsService) {
|
if (appsService) {
|
||||||
uint32_t appId;
|
uint32_t appId = 0;
|
||||||
|
|
||||||
if (NS_SUCCEEDED(principal->GetAppId(&appId))) {
|
if (NS_SUCCEEDED(principal->GetAppId(&appId))) {
|
||||||
appsService->GetCSPByLocalId(appId, cspHeaderValue);
|
appsService->GetCSPByLocalId(appId, appManifestCSP);
|
||||||
|
if (!appManifestCSP.IsEmpty()) {
|
||||||
|
applyAppManifestCSP = true;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -2534,6 +2535,7 @@ nsDocument::InitCSP(nsIChannel* aChannel)
|
||||||
|
|
||||||
// If there's no CSP to apply, go ahead and return early
|
// If there's no CSP to apply, go ahead and return early
|
||||||
if (!applyAppDefaultCSP &&
|
if (!applyAppDefaultCSP &&
|
||||||
|
!applyAppManifestCSP &&
|
||||||
cspHeaderValue.IsEmpty() &&
|
cspHeaderValue.IsEmpty() &&
|
||||||
cspROHeaderValue.IsEmpty() &&
|
cspROHeaderValue.IsEmpty() &&
|
||||||
cspOldHeaderValue.IsEmpty() &&
|
cspOldHeaderValue.IsEmpty() &&
|
||||||
|
@ -2572,7 +2574,13 @@ nsDocument::InitCSP(nsIChannel* aChannel)
|
||||||
// Store the request context for violation reports
|
// Store the request context for violation reports
|
||||||
csp->ScanRequestData(httpChannel);
|
csp->ScanRequestData(httpChannel);
|
||||||
|
|
||||||
// ----- process the app default policy, if necessary
|
// The CSP is refined in the following order:
|
||||||
|
// 1. Default app CSP, if applicable
|
||||||
|
// 2. App manifest CSP, if provided
|
||||||
|
// 3. HTTP header CSP, if provided
|
||||||
|
// Note that since each application of refinePolicy is a set intersection,
|
||||||
|
// the order in which multiple CSP's are refined does not matter.
|
||||||
|
|
||||||
if (applyAppDefaultCSP) {
|
if (applyAppDefaultCSP) {
|
||||||
nsAdoptingString appCSP;
|
nsAdoptingString appCSP;
|
||||||
if (appStatus == nsIPrincipal::APP_STATUS_PRIVILEGED) {
|
if (appStatus == nsIPrincipal::APP_STATUS_PRIVILEGED) {
|
||||||
|
@ -2588,6 +2596,11 @@ nsDocument::InitCSP(nsIChannel* aChannel)
|
||||||
csp->RefinePolicy(appCSP, chanURI, specCompliantEnabled);
|
csp->RefinePolicy(appCSP, chanURI, specCompliantEnabled);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (applyAppManifestCSP) {
|
||||||
|
// Use the 1.0 CSP parser for apps if the pref to do so is set.
|
||||||
|
csp->RefinePolicy(appManifestCSP, chanURI, specCompliantEnabled);
|
||||||
|
}
|
||||||
|
|
||||||
// While we are supporting both CSP 1.0 and the x- headers, the 1.0 headers
|
// While we are supporting both CSP 1.0 and the x- headers, the 1.0 headers
|
||||||
// take priority. If any spec-compliant headers are present, the x- headers
|
// take priority. If any spec-compliant headers are present, the x- headers
|
||||||
// are ignored, and the spec compliant parser is used.
|
// are ignored, and the spec compliant parser is used.
|
||||||
|
|
Загрузка…
Ссылка в новой задаче