Backed out changeset 9c1069e2a42e (bug 1236222) for failing xpcshell test test_csp_reports.js. r=backout

2016-11-09 11:31:38 +01:00 · 2016-11-09 11:31:38 +01:00 · 115286c614
--- a/dom/security/nsCSPContext.cpp
+++ b/dom/security/nsCSPContext.cpp
@ -797,7 +797,7 @@ StripURIForReporting(nsIURI* aURI,
 *        source line number of the violation (if available)
 */
 nsresult
-nsCSPContext::SendReports(nsIURI* aBlockedURI,
+nsCSPContext::SendReports(nsISupports* aBlockedContentSource,
                          nsIURI* aOriginalURI,
                          nsAString& aViolatedDirective,
                          uint32_t aViolatedPolicyIndex,
@ -820,11 +820,26 @@ nsCSPContext::SendReports(nsIURI* aBlockedURI,
  nsresult rv;

  // blocked-uri
-  if (aBlockedURI) {
+  if (aBlockedContentSource) {
    nsAutoCString reportBlockedURI;
-    StripURIForReporting(aBlockedURI, mSelfURI, reportBlockedURI);
+    nsCOMPtr<nsIURI> uri = do_QueryInterface(aBlockedContentSource);
+    // could be a string or URI
+    if (uri) {
+      StripURIForReporting(uri, mSelfURI, reportBlockedURI);
+    } else {
+      nsCOMPtr<nsISupportsCString> cstr = do_QueryInterface(aBlockedContentSource);
+      if (cstr) {
+        cstr->GetData(reportBlockedURI);
+      }
+    }
+    if (reportBlockedURI.IsEmpty()) {
+      // this can happen for frame-ancestors violation where the violating
+      // ancestor is cross-origin.
+      NS_WARNING("No blocked URI (null aBlockedContentSource) for CSP violation report.");
+    }
    report.mCsp_report.mBlocked_uri = NS_ConvertUTF8toUTF16(reportBlockedURI);
  }
+
  // document-uri
  nsAutoCString reportDocumentURI;
  StripURIForReporting(mSelfURI, mSelfURI, reportDocumentURI);
@ -1061,14 +1076,13 @@ class CSPReportSenderRunnable final : public Runnable
      NS_ENSURE_SUCCESS(rv, rv);

      // 2) send reports for the policy that was violated
-      nsCOMPtr<nsIURI> blockedURI = do_QueryInterface(mBlockedContentSource);
-      mCSPContext->SendReports(blockedURI, mOriginalURI,
+      mCSPContext->SendReports(mBlockedContentSource, mOriginalURI,
                               mViolatedDirective, mViolatedPolicyIndex,
                               mSourceFile, mScriptSample, mLineNum);

      // 3) log to console (one per policy violation)
      // mBlockedContentSource could be a URI or a string.
-
+      nsCOMPtr<nsIURI> blockedURI = do_QueryInterface(mBlockedContentSource);
      // if mBlockedContentSource is not a URI, it could be a string
      nsCOMPtr<nsISupportsCString> blockedString = do_QueryInterface(mBlockedContentSource);

--- a/dom/security/nsCSPContext.h
+++ b/dom/security/nsCSPContext.h
@ -57,7 +57,7 @@ class nsCSPContext : public nsIContentSecurityPolicy
                      uint32_t aColumnNumber,
                      uint32_t aSeverityFlag);

-    nsresult SendReports(nsIURI* aBlockedURI,
+    nsresult SendReports(nsISupports* aBlockedContentSource,
                         nsIURI* aOriginalURI,
                         nsAString& aViolatedDirective,
                         uint32_t aViolatedPolicyIndex,
--- a/dom/security/test/csp/test_report.html
+++ b/dom/security/test/csp/test_report.html
@ -48,7 +48,7 @@ window.checkResults = function(reportObj) {
  ok(cspReport["referrer"].startsWith("http://mochi.test:8888/tests/dom/security/test/csp/test_report.html"),
     "Incorrect referrer");

-  is(cspReport["blocked-uri"], "", "Incorrect blocked-uri");
+  is(cspReport["blocked-uri"], "self", "Incorrect blocked-uri");

  is(cspReport["violated-directive"], "default-src 'none'", "Incorrect violated-directive");