Bug 1337543 P1 ServiceWorker should not inherit CSP from registration principal. r=baku

dom/workers/ServiceWorkerPrivate.cpp

@@ -1743,23 +1743,23 @@ ServiceWorkerPrivate::SpawnWorkerIfNeeded(WakeUpReason aWhy,
   info.mStorageAllowed = access > nsContentUtils::StorageAccess::ePrivateBrowsing;
   info.mOriginAttributes = mInfo->GetOriginAttributes();
 
+  // The ServiceWorkerRegistration principal should never have any CSP
+  // set.  The CSP from the page that registered the SW should not be
+  // inherited.  Verify this is the case in non-release builds
+#if defined(DEBUG) || !defined(RELEASE_OR_BETA)
   nsCOMPtr<nsIContentSecurityPolicy> csp;
   rv = info.mPrincipal->GetCsp(getter_AddRefs(csp));
   if (NS_WARN_IF(NS_FAILED(rv))) {
     return rv;
   }
 
-  info.mCSP = csp;
+  MOZ_DIAGNOSTIC_ASSERT(!csp);
-  if (info.mCSP) {
+#endif
-    rv = info.mCSP->GetAllowsEval(&info.mReportCSPViolations,
+
-                                  &info.mEvalAllowed);
+  // Default CSP permissions for now.  These will be overrided if necessary
-    if (NS_WARN_IF(NS_FAILED(rv))) {
+  // based on the script CSP headers during load in ScriptLoader.
-      return rv;
-    }
-  } else {
   info.mEvalAllowed = true;
   info.mReportCSPViolations = false;
-  }
 
   WorkerPrivate::OverrideLoadInfoLoadGroup(info);