зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1337543 P1 ServiceWorker should not inherit CSP from registration principal. r=baku
This commit is contained in:
Родитель
a196f8f3a1
Коммит
2a1682f2ee
|
@ -1743,23 +1743,23 @@ ServiceWorkerPrivate::SpawnWorkerIfNeeded(WakeUpReason aWhy,
|
||||||
info.mStorageAllowed = access > nsContentUtils::StorageAccess::ePrivateBrowsing;
|
info.mStorageAllowed = access > nsContentUtils::StorageAccess::ePrivateBrowsing;
|
||||||
info.mOriginAttributes = mInfo->GetOriginAttributes();
|
info.mOriginAttributes = mInfo->GetOriginAttributes();
|
||||||
|
|
||||||
|
// The ServiceWorkerRegistration principal should never have any CSP
|
||||||
|
// set. The CSP from the page that registered the SW should not be
|
||||||
|
// inherited. Verify this is the case in non-release builds
|
||||||
|
#if defined(DEBUG) || !defined(RELEASE_OR_BETA)
|
||||||
nsCOMPtr<nsIContentSecurityPolicy> csp;
|
nsCOMPtr<nsIContentSecurityPolicy> csp;
|
||||||
rv = info.mPrincipal->GetCsp(getter_AddRefs(csp));
|
rv = info.mPrincipal->GetCsp(getter_AddRefs(csp));
|
||||||
if (NS_WARN_IF(NS_FAILED(rv))) {
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
||||||
return rv;
|
return rv;
|
||||||
}
|
}
|
||||||
|
|
||||||
info.mCSP = csp;
|
MOZ_DIAGNOSTIC_ASSERT(!csp);
|
||||||
if (info.mCSP) {
|
#endif
|
||||||
rv = info.mCSP->GetAllowsEval(&info.mReportCSPViolations,
|
|
||||||
&info.mEvalAllowed);
|
// Default CSP permissions for now. These will be overrided if necessary
|
||||||
if (NS_WARN_IF(NS_FAILED(rv))) {
|
// based on the script CSP headers during load in ScriptLoader.
|
||||||
return rv;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
info.mEvalAllowed = true;
|
info.mEvalAllowed = true;
|
||||||
info.mReportCSPViolations = false;
|
info.mReportCSPViolations = false;
|
||||||
}
|
|
||||||
|
|
||||||
WorkerPrivate::OverrideLoadInfoLoadGroup(info);
|
WorkerPrivate::OverrideLoadInfoLoadGroup(info);
|
||||||
|
|
||||||
|
|
Загрузка…
Ссылка в новой задаче