Backed out changeset 4bedbc45e231 (bug 1505412) for failures in test_bug1505412.html CLOSED TREE

2019-08-22 19:52:49 +03:00 · 2019-08-22 19:52:49 +03:00 · 2d0fff3267
--- a/dom/security/nsCSPUtils.cpp
+++ b/dom/security/nsCSPUtils.cpp
@ -877,25 +877,6 @@ bool nsCSPNonceSrc::permits(nsIURI* aUri, const nsAString& aNonce,
                 NS_ConvertUTF16toUTF8(aNonce).get()));
  }
  if (aReportOnly && aWasRedirected && aNonce.IsEmpty()) {
    /* Fix for Bug 1505412
     *  If we land here, we're currently handling a script-preload which got
     *  redirected. Preloads do not have any info about the nonce assiociated.
     *  Because of Report-Only the preload passes the 1st CSP-check so the
     *  preload does not get retried with a nonce attached.
     *  Currently we're relying on the script-manager to
     *  provide a fake loadinfo to check the preloads against csp.
     *  So during HTTPChannel->OnRedirect we cant check csp for this case.
     *  But as the script-manager already checked the csp,
     *  a report would already have been send,
     *  if the nonce didnt match.
     *  So we can pass the check here for Report-Only Cases.
     */
    MOZ_ASSERT(aParserCreated == false,
               "Skipping nonce-check is only allowed for Preloads");
    return true;
  }
  // nonces can not be invalidated by strict-dynamic
  return mNonce.Equals(aNonce);
 }
--- a/dom/security/test/csp/file_bug1505412.sjs
+++ b/dom/security/test/csp/file_bug1505412.sjs
@ -1,36 +0,0 @@
 // https://bugzilla.mozilla.org/show_bug.cgi?id=650386
 // This SJS file serves file_redirect_content.html
 // with a CSP that will trigger a violation and that will report it
 // to file_redirect_report.sjs
 //
 // This handles 301, 302, 303 and 307 redirects. The HTTP status code
 // returned/type of redirect to do comes from the query string
 // parameter passed in from the test_bug650386_* files and then also
 // uses that value in the report-uri parameter of the CSP
 function handleRequest(request, response) {
  response.setHeader("Cache-Control", "no-cache", false);
  // this gets used in the CSP as part of the report URI.
  var redirect = request.queryString;
  if (!redirect) {
    // if we somehow got some bogus redirect code here,
    // do a 302 redirect to the same URL as the report URI
    // redirects to - this will fail the test.
    var loc =
      "http://sub1.test1.example.org/tests/dom/security/test/csp/file_bug1505412.sjs?redirected";
    response.setStatusLine("1.1", 302, "Found");
    response.setHeader("Location", loc, false);
    return;
  }
  // response.setHeader("content-type", "text/application", false);
  // the actual file content.
  // this image load will (intentionally) fail due to the CSP policy of default-src: 'self'
  // specified by the CSP string above.
  var content = "info('Script Loaded')";
  response.write(content);
  return;
 }
--- a/dom/security/test/csp/file_bug1505412_chrome.js
+++ b/dom/security/test/csp/file_bug1505412_chrome.js
@ -1,30 +0,0 @@
 const { Services } = ChromeUtils.import("resource://gre/modules/Services.jsm");
 const { NetUtil } = ChromeUtils.import("resource://gre/modules/NetUtil.jsm");
 Cu.importGlobalProperties(["TextDecoder"]);
 var openingObserver = {
  observe: function(subject, topic, data) {
    sendAsyncMessage("request-found", { subject, topic, data });
    // subject should be an nsURI
    if (subject.QueryInterface == undefined) {
      return;
    }
    if (topic == "http-on-opening-request") {
      var asciiSpec = subject.QueryInterface(Ci.nsIHttpChannel).URI.asciiSpec;
      sendAsyncMessage("request-found", asciiSpec);
      if (!asciiSpec.includes("report")) {
        return;
      }
      sendAsyncMessage("report-found");
    }
  },
 };
 Services.obs.addObserver(openingObserver, "http-on-opening-request");
 addMessageListener("finish", function() {
  Services.obs.removeObserver(openingObserver, "http-on-opening-request");
 });
 sendAsyncMessage("proxy-ready");
--- a/dom/security/test/csp/file_bug1505412_frame.html
+++ b/dom/security/test/csp/file_bug1505412_frame.html
@ -1,14 +0,0 @@
 <!DOCTYPE HTML>
 <html>
 <head>
    <title> Bug 1505412 CSP-RO reports violations in inline-scripts with nonce</title>
    <script src="/tests/SimpleTest/SimpleTest.js" nonce="foobar"></script>
    <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
 <body>
    <script src="file_bug1505412.sjs" nonce="foobar"></script>
 </body>
 </html>
--- a/dom/security/test/csp/file_bug1505412_frame.html^headers^
+++ b/dom/security/test/csp/file_bug1505412_frame.html^headers^
@ -1 +0,0 @@
 Content-Security-Policy-Report-Only: script-src 'nonce-foobar'; report-uri /report/
--- a/dom/security/test/csp/mochitest.ini
+++ b/dom/security/test/csp/mochitest.ini
@ -87,10 +87,6 @@ support-files =
  file_bug1312272.js
  file_bug1312272.html^headers^
  file_bug1452037.html
  file_bug1505412.sjs
  file_bug1505412_chrome.js
  file_bug1505412_frame.html
  file_bug1505412_frame.html^headers^
  file_policyuri_regression_from_multipolicy.html
  file_policyuri_regression_from_multipolicy.html^headers^
  file_policyuri_regression_from_multipolicy_policy
@ -250,8 +246,6 @@ prefs =
 [test_bug802872.html]
 [test_bug885433.html]
 [test_bug888172.html]
 [test_bug1505412.html]
 skip-if = !debug
 [test_evalscript.html]
 [test_evalscript_blocked_by_strict_dynamic.html]
 [test_evalscript_allowed_by_strict_dynamic.html]
--- a/dom/security/test/csp/test_bug1505412.html
+++ b/dom/security/test/csp/test_bug1505412.html
@ -1,64 +0,0 @@
 <!DOCTYPE HTML>
 <html>
 <head>
    <title> Bug 1505412 CSP-RO reports violations in inline-scripts with nonce</title>
    <script src="/tests/SimpleTest/SimpleTest.js" nonce="foobar"></script>
    <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
 <body>
    <p id="display"></p>
    <div id="content" style="display: none">
    </div>
    <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1505412">Test for 1505412 </a>
    <script class="testbody" type="text/javascript" nonce="foobar">
        /* Description of the test:
            1:  We setup a Proxy that will cause the Test to Fail
                if Firefox sends a CSP-Report to /report
            2:  We Load an iframe with has a Script pointing to
                file_bug1505412.sjs 
            3:  The Preloader will fetch the file and Gets redirected
            4:  If correct, the File should be loaded and no CSP-Report 
                should be send.  
        */
        SimpleTest.waitForExplicitFinish();
        SimpleTest.requestCompleteLog();
        var script;
        try {
            var chromeScriptUrl = SimpleTest.getTestFileURL("file_bug1505412_chrome.js");
            script = SpecialPowers.loadChromeScript(chromeScriptUrl);
            SimpleTest.registerCleanupFunction(() => {
                script.sendAsyncMessage("finish");
            });
        } catch (error) {
        }
        script.addMessageListener('proxy-ready', function pr() {
            let t = document.querySelector("#target");
            t.src = "file_bug1505412_frame.html";
            t.addEventListener("load", () => {
                ok(true, "Script Loaded without CSP beeing triggered");
                SimpleTest.finish();
            });
        }, { once: true });
        script.addMessageListener('report-found', function ml(msg) {
            ok(false, "A report was triggered");
            SimpleTest.finish();
        }, { once: true });
    </script>
    <iframe id="target" frameborder="0"></iframe>
 </body>
 </html>
		`@ -1 +0,0 @@`
			`Content-Security-Policy-Report-Only: script-src 'nonce-foobar'; report-uri /report/`