зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1793560 - Remove navigate-to CSP directive r=tschuster
It has never shipped after being implemented years ago, and was removed from spec in September 2022: https://github.com/w3c/webappsec-csp/pull/564 Now skipping navigate-to WPT tests. Filed issue for their future removal: https://github.com/w3c/webappsec-csp/issues/608 Also removed our own tests to ensure it is unimplemented. Differential Revision: https://phabricator.services.mozilla.com/D181630
This commit is contained in:
CanadaHonk
Родитель
159520c26a
Коммит
2f7c1c1024
|
|
@ -1492,8 +1492,6 @@ module.exports = {
|
|||
"dom/security/test/csp/file_bug941404.html",
|
||||
"dom/security/test/csp/file_frameancestors_main.js",
|
||||
"dom/security/test/csp/file_main.js",
|
||||
"dom/security/test/csp/file_navigate_to.html",
|
||||
"dom/security/test/csp/file_navigate_to_request.html",
|
||||
"dom/security/test/csp/file_null_baseuri.html",
|
||||
"dom/security/test/csp/file_path_matching_redirect_server.sjs",
|
||||
"dom/security/test/csp/file_punycode_host_src.sjs",
|
||||
|
|
@ -1516,7 +1514,6 @@ module.exports = {
|
|||
"dom/security/test/csp/test_blocked_uri_in_reports.html",
|
||||
"dom/security/test/csp/test_blocked_uri_in_violation_event_after_redirects.html",
|
||||
"dom/security/test/csp/test_blocked_uri_redirect_frame_src.html",
|
||||
"dom/security/test/csp/test_navigate_to.html",
|
||||
"dom/security/test/csp/test_null_baseuri.html",
|
||||
"dom/security/test/csp/test_path_matching.html",
|
||||
"dom/security/test/csp/test_report_for_import.html",
|
||||
|
|
|
|||
|
|
@ -134,7 +134,6 @@ support-files =
|
|||
test-message-categories-workers.html
|
||||
test-message-categories-workers.js
|
||||
test-mixedcontent-securityerrors.html
|
||||
test-navigate-to-parse-error.html
|
||||
test-network-exceptions.html
|
||||
test-network-request.html
|
||||
test-network.html
|
||||
|
|
@ -373,7 +372,6 @@ fail-if = a11y_checks # bug 1687728 frame-link-filename is not accessible
|
|||
[browser_webconsole_multiple_windows_and_tabs.js]
|
||||
skip-if =
|
||||
win11_2009 # Bug 1798331
|
||||
[browser_webconsole_navigate_to_parse_error.js]
|
||||
[browser_webconsole_network_attach.js]
|
||||
[browser_webconsole_network_exceptions.js]
|
||||
[browser_webconsole_network_message_close_on_escape.js]
|
||||
|
|
|
|||
|
|
@ -1,30 +0,0 @@
|
|||
/* Any copyright is dedicated to the Public Domain.
|
||||
* http://creativecommons.org/publicdomain/zero/1.0/ */
|
||||
|
||||
// Tests that ensure CSP 'navigate-to' does not parse.
|
||||
// Bug 1566149
|
||||
|
||||
"use strict";
|
||||
|
||||
const TEST_URI =
|
||||
"data:text/html;charset=utf8,<!DOCTYPE html>Web Console navigate-to parse error test";
|
||||
const TEST_VIOLATION =
|
||||
"https://example.com/browser/devtools/client/webconsole/" +
|
||||
"test/browser/test-navigate-to-parse-error.html";
|
||||
|
||||
const CSP_VIOLATION_MSG =
|
||||
"Content-Security-Policy: Couldn\u2019t process unknown directive \u2018navigate-to\u2019";
|
||||
|
||||
add_task(async function () {
|
||||
const hud = await openNewTabAndConsole(TEST_URI);
|
||||
await clearOutput(hud);
|
||||
|
||||
const onCSPViolationMessage = waitForMessageByType(
|
||||
hud,
|
||||
CSP_VIOLATION_MSG,
|
||||
".warn"
|
||||
);
|
||||
await navigateTo(TEST_VIOLATION);
|
||||
await onCSPViolationMessage;
|
||||
ok(true, "Received expected violation message");
|
||||
});
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<meta http-equiv="Content-Security-Policy" content="navigate-to https://example.com"></meta>
|
||||
<meta charset="UTF-8">
|
||||
<title>Test for Bug 1566149 - Write test to ensure CSP 'navigate-to' does not parse</title>
|
||||
<!-- Any copyright is dedicated to the Public Domain.
|
||||
http://creativecommons.org/publicdomain/zero/1.0/ -->
|
||||
</head>
|
||||
<body>
|
||||
<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1566149">Mozilla Bug 1566149</a>
|
||||
</body>
|
||||
</html>
|
||||
|
|
@ -3544,8 +3544,7 @@ nsDocShell::DisplayLoadError(nsresult aError, nsIURI* aURI,
|
|||
CopyUTF8toUTF16(host, *formatStrs.AppendElement());
|
||||
error = "netTimeout";
|
||||
} else if (NS_ERROR_CSP_FRAME_ANCESTOR_VIOLATION == aError ||
|
||||
NS_ERROR_CSP_FORM_ACTION_VIOLATION == aError ||
|
||||
NS_ERROR_CSP_NAVIGATE_TO_VIOLATION == aError) {
|
||||
NS_ERROR_CSP_FORM_ACTION_VIOLATION == aError) {
|
||||
// CSP error
|
||||
cssClass.AssignLiteral("neterror");
|
||||
error = "cspBlocked";
|
||||
|
|
@ -10573,22 +10572,6 @@ nsresult nsDocShell::DoURILoad(nsDocShellLoadState* aLoadState,
|
|||
NS_ADDREF(*aRequest = channel);
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIContentSecurityPolicy> csp = aLoadState->Csp();
|
||||
if (csp) {
|
||||
// Check CSP navigate-to
|
||||
bool allowsNavigateTo = false;
|
||||
rv = csp->GetAllowsNavigateTo(aLoadState->URI(),
|
||||
aLoadState->IsFormSubmission(),
|
||||
false, /* aWasRedirected */
|
||||
false, /* aEnforceWhitelist */
|
||||
&allowsNavigateTo);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
if (!allowsNavigateTo) {
|
||||
return NS_ERROR_CSP_NAVIGATE_TO_VIOLATION;
|
||||
}
|
||||
}
|
||||
|
||||
const nsACString& typeHint = aLoadState->TypeHint();
|
||||
if (!typeHint.IsVoid()) {
|
||||
mContentTypeHint = typeHint;
|
||||
|
|
|
|||
|
|
@ -469,8 +469,7 @@ class nsDocShellLoadState final {
|
|||
bool mOriginalFrameSrc;
|
||||
|
||||
// If this attribute is true, then the load was initiated by a
|
||||
// form submission. This is important to know for the CSP directive
|
||||
// navigate-to.
|
||||
// form submission.
|
||||
bool mIsFormSubmission;
|
||||
|
||||
// Contains a load type as specified by the nsDocShellLoadTypes::load*
|
||||
|
|
|
|||
|
|
@ -58,10 +58,6 @@ static const LoadErrorTelemetryResult sResult[] = {
|
|||
NS_ERROR_CSP_FORM_ACTION_VIOLATION,
|
||||
ErrorLabel::CSP_FORM_ACTION,
|
||||
},
|
||||
{
|
||||
NS_ERROR_CSP_NAVIGATE_TO_VIOLATION,
|
||||
ErrorLabel::CSP_NAVIGATE_TO,
|
||||
},
|
||||
{
|
||||
NS_ERROR_XFO_VIOLATION,
|
||||
ErrorLabel::XFO_VIOLATION,
|
||||
|
|
|
|||
|
|
@ -3569,25 +3569,6 @@ nsresult Document::StartDocumentLoad(const char* aCommand, nsIChannel* aChannel,
|
|||
rv = InitCOEP(aChannel);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
// Check CSP navigate-to
|
||||
// We need to enforce the CSP of the document that initiated the load,
|
||||
// which is the CSP to inherit.
|
||||
nsCOMPtr<nsIContentSecurityPolicy> cspToInherit = loadInfo->GetCspToInherit();
|
||||
if (cspToInherit) {
|
||||
bool allowsNavigateTo = false;
|
||||
rv = cspToInherit->GetAllowsNavigateTo(
|
||||
mDocumentURI, loadInfo->GetIsFormSubmission(),
|
||||
!loadInfo->RedirectChain().IsEmpty(), /* aWasRedirected */
|
||||
true, /* aEnforceWhitelist */
|
||||
&allowsNavigateTo);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
if (!allowsNavigateTo) {
|
||||
aChannel->Cancel(NS_ERROR_CSP_NAVIGATE_TO_VIOLATION);
|
||||
return NS_OK;
|
||||
}
|
||||
}
|
||||
|
||||
rv = InitCSP(aChannel);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
|
|
|
|||
|
|
@ -61,11 +61,10 @@ interface nsIContentSecurityPolicy : nsISerializable
|
|||
BLOCK_ALL_MIXED_CONTENT = 18,
|
||||
SANDBOX_DIRECTIVE = 19,
|
||||
WORKER_SRC_DIRECTIVE = 20,
|
||||
NAVIGATE_TO_DIRECTIVE = 21,
|
||||
SCRIPT_SRC_ELEM_DIRECTIVE = 22,
|
||||
SCRIPT_SRC_ATTR_DIRECTIVE = 23,
|
||||
STYLE_SRC_ELEM_DIRECTIVE = 24,
|
||||
STYLE_SRC_ATTR_DIRECTIVE = 25,
|
||||
SCRIPT_SRC_ELEM_DIRECTIVE = 21,
|
||||
SCRIPT_SRC_ATTR_DIRECTIVE = 22,
|
||||
STYLE_SRC_ELEM_DIRECTIVE = 23,
|
||||
STYLE_SRC_ATTR_DIRECTIVE = 24,
|
||||
};
|
||||
|
||||
/**
|
||||
|
|
@ -154,24 +153,6 @@ interface nsIContentSecurityPolicy : nsISerializable
|
|||
in unsigned long aLineNumber,
|
||||
in unsigned long aColumnNumber);
|
||||
|
||||
/*
|
||||
* Whether this policy allows a navigation subject to the navigate-to
|
||||
* policy.
|
||||
* @param aURI The target URI
|
||||
* @param aIsFormSubmission True if the navigation was initiated by a form submission. This
|
||||
* is important since the form-action directive overrides navigate-to in that case.
|
||||
* @param aWasRedirect True if a redirect has happened. Important for path-sensitivity.
|
||||
* @param aEnforceAllowlist True if the allowlist of allowed targets must be enforced. If
|
||||
* this is true, the allowlist must be enforced even if 'unsafe-allow-redirects' is
|
||||
* used. If 'unsafe-allow-redirects' is not used then the allowlist is always enforced
|
||||
* @return
|
||||
* Whether or not the effects of the navigation is allowed
|
||||
*/
|
||||
boolean getAllowsNavigateTo(in nsIURI aURI,
|
||||
in boolean aIsFormSubmission,
|
||||
in boolean aWasRedirected,
|
||||
in boolean aEnforceAllowlist);
|
||||
|
||||
/**
|
||||
* Whether this policy allows eval and eval-like functions
|
||||
* such as setTimeout("code string", time).
|
||||
|
|
|
|||
|
|
@ -671,93 +671,6 @@ nsCSPContext::GetAllowsInline(CSPDirective aDirective, bool aHasUnsafeHash,
|
|||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCSPContext::GetAllowsNavigateTo(nsIURI* aURI, bool aIsFormSubmission,
|
||||
bool aWasRedirected, bool aEnforceAllowlist,
|
||||
bool* outAllowsNavigateTo) {
|
||||
/*
|
||||
* The matrix below shows the different values of (aWasRedirect,
|
||||
* aEnforceAllowlist) for the three different checks we do.
|
||||
*
|
||||
* Navigation | Start Loading | Initiate Redirect | Document
|
||||
* | (nsDocShell) | (nsCSPService) |
|
||||
* -----------------------------------------------------------------
|
||||
* A -> B (false,false) - (false,true)
|
||||
* A -> ... -> B (false,false) (true,false) (true,true)
|
||||
*/
|
||||
*outAllowsNavigateTo = false;
|
||||
|
||||
EnsureIPCPoliciesRead();
|
||||
// The 'form-action' directive overrules 'navigate-to' for form submissions.
|
||||
// So in case this is a form submission and the directive 'form-action' is
|
||||
// present then there is nothing for us to do here, see: 6.3.3.1.2
|
||||
// https://www.w3.org/TR/CSP3/#navigate-to-pre-navigate
|
||||
if (aIsFormSubmission) {
|
||||
for (unsigned long i = 0; i < mPolicies.Length(); i++) {
|
||||
if (mPolicies[i]->hasDirective(
|
||||
nsIContentSecurityPolicy::FORM_ACTION_DIRECTIVE)) {
|
||||
*outAllowsNavigateTo = true;
|
||||
return NS_OK;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
bool atLeastOneBlock = false;
|
||||
for (unsigned long i = 0; i < mPolicies.Length(); i++) {
|
||||
if (!mPolicies[i]->allowsNavigateTo(aURI, aWasRedirected,
|
||||
aEnforceAllowlist)) {
|
||||
if (!mPolicies[i]->getReportOnlyFlag()) {
|
||||
atLeastOneBlock = true;
|
||||
}
|
||||
|
||||
// If the load encountered a server side redirect, the spec suggests to
|
||||
// remove the path component from the URI, see:
|
||||
// https://www.w3.org/TR/CSP3/#source-list-paths-and-redirects
|
||||
nsCOMPtr<nsIURI> blockedURIForReporting = aURI;
|
||||
if (aWasRedirected) {
|
||||
nsAutoCString prePathStr;
|
||||
nsCOMPtr<nsIURI> prePathURI;
|
||||
nsresult rv = aURI->GetPrePath(prePathStr);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
rv = NS_NewURI(getter_AddRefs(blockedURIForReporting), prePathStr);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
}
|
||||
|
||||
// Lines numbers and source file for the violation report
|
||||
uint32_t lineNumber = 0;
|
||||
uint32_t columnNumber = 0;
|
||||
nsAutoCString spec;
|
||||
JSContext* cx = nsContentUtils::GetCurrentJSContext();
|
||||
if (cx) {
|
||||
nsJSUtils::GetCallingLocation(cx, spec, &lineNumber, &columnNumber);
|
||||
// If GetCallingLocation fails linenumber & columnNumber are set to 0
|
||||
// anyway so we can skip checking if that is the case.
|
||||
}
|
||||
|
||||
// Report the violation
|
||||
nsresult rv = AsyncReportViolation(
|
||||
nullptr, // aTriggeringElement
|
||||
nullptr, // aCSPEventListener
|
||||
blockedURIForReporting, // aBlockedURI
|
||||
nsCSPContext::BlockedContentSource::eSelf, // aBlockedSource
|
||||
nullptr, // aOriginalURI
|
||||
u"navigate-to"_ns, // aViolatedDirective
|
||||
u"navigate-to"_ns, // aEffectiveDirective
|
||||
i, // aViolatedPolicyIndex
|
||||
u""_ns, // aObserverSubject
|
||||
NS_ConvertUTF8toUTF16(spec), // aSourceFile
|
||||
false, // aReportSample
|
||||
u""_ns, // aScriptSample
|
||||
lineNumber, // aLineNum
|
||||
columnNumber); // aColumnNum
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
}
|
||||
}
|
||||
|
||||
*outAllowsNavigateTo = !atLeastOneBlock;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
/**
|
||||
* For each policy, log any violation on the Error Console and send a report
|
||||
* if a report-uri is present in the policy
|
||||
|
|
|
|||
|
|
@ -467,20 +467,6 @@ nsCSPBaseSrc* nsCSPParser::keywordSource() {
|
|||
return new nsCSPKeywordSrc(CSP_UTF16KeywordToEnum(mCurToken));
|
||||
}
|
||||
|
||||
if (CSP_IsKeyword(mCurToken, CSP_UNSAFE_ALLOW_REDIRECTS)) {
|
||||
if (!CSP_IsDirective(mCurDir[0],
|
||||
nsIContentSecurityPolicy::NAVIGATE_TO_DIRECTIVE)) {
|
||||
// Only allow 'unsafe-allow-redirects' within navigate-to.
|
||||
AutoTArray<nsString, 2> params = {u"unsafe-allow-redirects"_ns,
|
||||
u"navigate-to"_ns};
|
||||
logWarningErrorToConsole(nsIScriptError::warningFlag,
|
||||
"IgnoringSourceWithinDirective", params);
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
return new nsCSPKeywordSrc(CSP_UTF16KeywordToEnum(mCurToken));
|
||||
}
|
||||
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
|
|
@ -886,18 +872,6 @@ nsCSPDirective* nsCSPParser::directiveName() {
|
|||
return nullptr;
|
||||
}
|
||||
|
||||
// Bug 1529068: Implement navigate-to directive.
|
||||
// Once all corner cases are resolved we can remove that special
|
||||
// if-handling here and let the parser just fall through to
|
||||
// return new nsCSPDirective.
|
||||
if (directive == nsIContentSecurityPolicy::NAVIGATE_TO_DIRECTIVE &&
|
||||
!StaticPrefs::security_csp_enableNavigateTo()) {
|
||||
AutoTArray<nsString, 1> params = {mCurToken};
|
||||
logWarningErrorToConsole(nsIScriptError::warningFlag,
|
||||
"couldNotProcessUnknownDirective", params);
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
// Make sure the directive does not already exist
|
||||
// (see http://www.w3.org/TR/CSP11/#parsing)
|
||||
if (mPolicy->hasDirective(directive)) {
|
||||
|
|
|
|||
|
|
@ -310,25 +310,6 @@ nsresult CSPService::ConsultCSPForRedirect(nsIURI* aOriginalURI,
|
|||
nsIURI* aNewURI,
|
||||
nsILoadInfo* aLoadInfo,
|
||||
Maybe<nsresult>& aCancelCode) {
|
||||
// Check CSP navigate-to
|
||||
// We need to enforce the CSP of the document that initiated the load,
|
||||
// which is the CSP to inherit.
|
||||
nsCOMPtr<nsIContentSecurityPolicy> cspToInherit =
|
||||
aLoadInfo->GetCspToInherit();
|
||||
if (cspToInherit) {
|
||||
bool allowsNavigateTo = false;
|
||||
nsresult rv = cspToInherit->GetAllowsNavigateTo(
|
||||
aNewURI, aLoadInfo->GetIsFormSubmission(), true, /* aWasRedirected */
|
||||
false, /* aEnforceAllowlist */
|
||||
&allowsNavigateTo);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
if (!allowsNavigateTo) {
|
||||
aCancelCode = Some(NS_ERROR_CSP_NAVIGATE_TO_VIOLATION);
|
||||
return NS_OK;
|
||||
}
|
||||
}
|
||||
|
||||
// No need to continue processing if CSP is disabled or if the protocol
|
||||
// is *not* subject to CSP.
|
||||
// Please note, the correct way to opt-out of CSP using a custom
|
||||
|
|
|
|||
|
|
@ -358,7 +358,6 @@ CSPDirective CSP_ContentTypeToDirective(nsContentPolicyType aType) {
|
|||
return nsIContentSecurityPolicy::NO_DIRECTIVE;
|
||||
|
||||
// Fall through to error for all other directives
|
||||
// Note that we should never end up here for navigate-to
|
||||
case nsIContentPolicy::TYPE_INVALID:
|
||||
case nsIContentPolicy::TYPE_END:
|
||||
MOZ_ASSERT(false, "Can not map nsContentPolicyType to CSPDirective");
|
||||
|
|
@ -1664,31 +1663,6 @@ bool nsCSPPolicy::hasDirective(CSPDirective aDir) const {
|
|||
return false;
|
||||
}
|
||||
|
||||
bool nsCSPPolicy::allowsNavigateTo(nsIURI* aURI, bool aWasRedirected,
|
||||
bool aEnforceAllowlist) const {
|
||||
bool allowsNavigateTo = true;
|
||||
|
||||
for (unsigned long i = 0; i < mDirectives.Length(); i++) {
|
||||
if (mDirectives[i]->equals(
|
||||
nsIContentSecurityPolicy::NAVIGATE_TO_DIRECTIVE)) {
|
||||
// Early return if we can skip the allowlist AND 'unsafe-allow-redirects'
|
||||
// is present.
|
||||
if (!aEnforceAllowlist &&
|
||||
mDirectives[i]->allows(CSP_UNSAFE_ALLOW_REDIRECTS, u""_ns, false)) {
|
||||
return true;
|
||||
}
|
||||
// Otherwise, check against the allowlist.
|
||||
if (!mDirectives[i]->permits(
|
||||
nsIContentSecurityPolicy::NAVIGATE_TO_DIRECTIVE, nullptr, aURI,
|
||||
u""_ns, aWasRedirected, false, false, false)) {
|
||||
allowsNavigateTo = false;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return allowsNavigateTo;
|
||||
}
|
||||
|
||||
/*
|
||||
* Use this function only after ::allows() returned 'false'. Most and
|
||||
* foremost it's used to get the violated directive before sending reports.
|
||||
|
|
|
|||
|
|
@ -89,7 +89,6 @@ static const char* CSPStrDirectives[] = {
|
|||
"block-all-mixed-content", // BLOCK_ALL_MIXED_CONTENT
|
||||
"sandbox", // SANDBOX_DIRECTIVE
|
||||
"worker-src", // WORKER_SRC_DIRECTIVE
|
||||
"navigate-to", // NAVIGATE_TO_DIRECTIVE
|
||||
"script-src-elem", // SCRIPT_SRC_ELEM_DIRECTIVE
|
||||
"script-src-attr", // SCRIPT_SRC_ATTR_DIRECTIVE
|
||||
"style-src-elem", // STYLE_SRC_ELEM_DIRECTIVE
|
||||
|
|
@ -113,16 +112,15 @@ inline CSPDirective CSP_StringToCSPDirective(const nsAString& aDir) {
|
|||
return nsIContentSecurityPolicy::NO_DIRECTIVE;
|
||||
}
|
||||
|
||||
#define FOR_EACH_CSP_KEYWORD(MACRO) \
|
||||
MACRO(CSP_SELF, "'self'") \
|
||||
MACRO(CSP_UNSAFE_INLINE, "'unsafe-inline'") \
|
||||
MACRO(CSP_UNSAFE_EVAL, "'unsafe-eval'") \
|
||||
MACRO(CSP_UNSAFE_HASHES, "'unsafe-hashes'") \
|
||||
MACRO(CSP_NONE, "'none'") \
|
||||
MACRO(CSP_NONCE, "'nonce-") \
|
||||
MACRO(CSP_REPORT_SAMPLE, "'report-sample'") \
|
||||
MACRO(CSP_STRICT_DYNAMIC, "'strict-dynamic'") \
|
||||
MACRO(CSP_UNSAFE_ALLOW_REDIRECTS, "'unsafe-allow-redirects'") \
|
||||
#define FOR_EACH_CSP_KEYWORD(MACRO) \
|
||||
MACRO(CSP_SELF, "'self'") \
|
||||
MACRO(CSP_UNSAFE_INLINE, "'unsafe-inline'") \
|
||||
MACRO(CSP_UNSAFE_EVAL, "'unsafe-eval'") \
|
||||
MACRO(CSP_UNSAFE_HASHES, "'unsafe-hashes'") \
|
||||
MACRO(CSP_NONE, "'none'") \
|
||||
MACRO(CSP_NONCE, "'nonce-") \
|
||||
MACRO(CSP_REPORT_SAMPLE, "'report-sample'") \
|
||||
MACRO(CSP_STRICT_DYNAMIC, "'strict-dynamic'") \
|
||||
MACRO(CSP_WASM_UNSAFE_EVAL, "'wasm-unsafe-eval'")
|
||||
|
||||
enum CSPKeyword {
|
||||
|
|
@ -692,9 +690,6 @@ class nsCSPPolicy {
|
|||
|
||||
bool visitDirectiveSrcs(CSPDirective aDir, nsCSPSrcVisitor* aVisitor) const;
|
||||
|
||||
bool allowsNavigateTo(nsIURI* aURI, bool aWasRedirected,
|
||||
bool aEnforceAllowlist) const;
|
||||
|
||||
private:
|
||||
nsUpgradeInsecureDirective* mUpgradeInsecDir;
|
||||
nsTArray<nsCSPDirective*> mDirectives;
|
||||
|
|
|
|||
|
|
@ -1,11 +0,0 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>Bug 1529068 Implement CSP 'navigate-to' directive</title>
|
||||
</head>
|
||||
<body>
|
||||
<script type="text/javascript">
|
||||
window.location = "http://www.example.com/";
|
||||
</script>
|
||||
</body>
|
||||
</html>
|
||||
|
|
@ -1,58 +0,0 @@
|
|||
// Custom *.sjs file specifically for the needs of
|
||||
// https://bugzilla.mozilla.org/show_bug.cgi?id=1529068
|
||||
|
||||
"use strict";
|
||||
Components.utils.importGlobalProperties(["URLSearchParams"]);
|
||||
|
||||
const TEST_NAVIGATION_HEAD = `
|
||||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>Bug 1529068 Implement CSP 'navigate-to' directive</title>`;
|
||||
|
||||
const TEST_NAVIGATION_AFTER_META = `
|
||||
</head>
|
||||
<body>
|
||||
<script type="text/javascript">
|
||||
window.location = "`;
|
||||
|
||||
const TEST_NAVIGATION_FOOT = `";
|
||||
</script>
|
||||
</body>
|
||||
</html>
|
||||
`;
|
||||
|
||||
function handleRequest(request, response) {
|
||||
const query = new URLSearchParams(request.queryString);
|
||||
|
||||
response.setHeader("Cache-Control", "no-cache", false);
|
||||
response.setHeader("Content-Type", "text/html", false);
|
||||
|
||||
if (query.get("redir")) {
|
||||
response.setStatusLine(request.httpVersion, "302", "Found");
|
||||
response.setHeader("Location", query.get("redir"), false);
|
||||
return;
|
||||
}
|
||||
|
||||
response.write(TEST_NAVIGATION_HEAD);
|
||||
|
||||
// We need meta to set multiple CSP headers.
|
||||
if (query.get("csp")) {
|
||||
response.write(
|
||||
'<meta http-equiv="Content-Security-Policy" content="' +
|
||||
query.get("csp") +
|
||||
'">'
|
||||
);
|
||||
}
|
||||
if (query.get("csp2")) {
|
||||
response.write(
|
||||
'<meta http-equiv="Content-Security-Policy" content="' +
|
||||
query.get("csp2") +
|
||||
'">'
|
||||
);
|
||||
}
|
||||
|
||||
response.write(
|
||||
TEST_NAVIGATION_AFTER_META + query.get("target") + TEST_NAVIGATION_FOOT
|
||||
);
|
||||
}
|
||||
|
|
@ -1,17 +0,0 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
</head>
|
||||
<script type="text/javascript">
|
||||
// The idea with this file is to convert responses into requests.
|
||||
// This is needed because we don't have
|
||||
// specialpowers-http-notify-response
|
||||
|
||||
// Response from this file => request to www.example.com => Allowed
|
||||
// CSP error => Blocked
|
||||
fetch('http://www.example.com/');
|
||||
</script>
|
||||
<body>
|
||||
</body>
|
||||
</html>
|
||||
|
|
@ -723,14 +723,6 @@ support-files =
|
|||
file_iframe_parent_location_js.html
|
||||
skip-if =
|
||||
fission && os == "android" # Bug 1827756
|
||||
[test_navigate_to.html]
|
||||
support-files =
|
||||
file_navigate_to.sjs
|
||||
file_navigate_to_request.html
|
||||
skip-if =
|
||||
http3
|
||||
http2
|
||||
fission && os == "android" # Bug 1827756
|
||||
[test_independent_iframe_csp.html]
|
||||
skip-if =
|
||||
fission && os == "android" # Bug 1827756
|
||||
|
|
|
|||
|
|
@ -1,158 +0,0 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>Bug 1529068 Implement CSP 'navigate-to' directive</title>
|
||||
<!-- Including SimpleTest.js so we can use waitForExplicitFinish !-->
|
||||
<script src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||
</head>
|
||||
<body>
|
||||
<p id="display"></p>
|
||||
<div id="content">
|
||||
<iframe style="width:100%;" id="testframe"></iframe>
|
||||
</div>
|
||||
|
||||
<script class="testbody" type="text/javascript">
|
||||
|
||||
/*
|
||||
* Description of the test:
|
||||
* We load a page with a given CSP and verify that navigations are correctly
|
||||
* evaluated through the "navigate-to" directive.
|
||||
*/
|
||||
SpecialPowers.pushPrefEnv({"set": [["security.csp.enableNavigateTo", true]]});
|
||||
SimpleTest.waitForExplicitFinish();
|
||||
|
||||
// Note: The final website for the navigation chain must always be: www.example.com
|
||||
var tests = [
|
||||
{
|
||||
result : "blocked",
|
||||
policy : "navigate-to www.mozilla.com",
|
||||
target : "http://www.example.com/"
|
||||
},
|
||||
{
|
||||
result : "allowed",
|
||||
policy : "navigate-to www.example.com",
|
||||
target : "http://www.example.com/"
|
||||
},
|
||||
{
|
||||
// Test path-sensitivity
|
||||
result : "blocked",
|
||||
policy : "navigate-to http://www.example.com/full/path/to/file",
|
||||
target : "http://www.example.com/"
|
||||
},
|
||||
{
|
||||
// Test scheme
|
||||
result : "blocked",
|
||||
policy : "navigate-to https://www.example.com/",
|
||||
target : "http://www.example.com/"
|
||||
},
|
||||
{
|
||||
// Redirect from tracking.example.com to www.example.com
|
||||
result : "blocked",
|
||||
policy : "navigate-to www.example.com",
|
||||
target : "http://tracking.example.com/tests/dom/security/test/csp/file_navigate_to.sjs?redir=http://www.example.com/"
|
||||
},
|
||||
{
|
||||
// Redirect from tracking.example.com to www.example.com (Explicitly allowed)
|
||||
result : "allowed",
|
||||
policy : "navigate-to tracking.example.com www.example.com",
|
||||
target : "http://tracking.example.com/tests/dom/security/test/csp/file_navigate_to.sjs?redir=http://www.example.com/"
|
||||
},
|
||||
{
|
||||
// Redirect from tracking.example.com to www.example.com ('unsafe-allow-redirects')
|
||||
result : "allowed",
|
||||
policy : "navigate-to 'unsafe-allow-redirects' www.example.com",
|
||||
target : "http://tracking.example.com/tests/dom/security/test/csp/file_navigate_to.sjs?redir=http://www.example.com/"
|
||||
},
|
||||
// No path-sensitivity after redirect
|
||||
{
|
||||
result : "allowed",
|
||||
policy : "navigate-to tracking.example.com http://www.example.com/full/path/to/file",
|
||||
target : "http://tracking.example.com/tests/dom/security/test/csp/file_navigate_to.sjs?redir=http://www.example.com/"
|
||||
},
|
||||
// Multiple CSP directives, first block (origin) second allow
|
||||
{
|
||||
result : "allowed",
|
||||
policy : "img-src 'none'; navigate-to www.example.com",
|
||||
target : "http://www.example.com/"
|
||||
},
|
||||
// Multiple CSP directives, first allow (origin) second block
|
||||
{
|
||||
result : "blocked",
|
||||
policy : "img-src www.example.com mochi.test:8888; navigate-to www.mozilla.com",
|
||||
target : "http://www.example.com/"
|
||||
},
|
||||
// Multiple CSPs, first allow second block
|
||||
{
|
||||
result : "blocked",
|
||||
policy : "navigate-to www.example.com",
|
||||
policy2 : "navigate-to www.mozilla.com",
|
||||
target : "http://www.example.com/"
|
||||
},
|
||||
// Multiple CSPs, first block second allow
|
||||
{
|
||||
result : "blocked",
|
||||
policy : "navigate-to www.mozilla.com",
|
||||
policy2 : "navigate-to www.example.com",
|
||||
target : "http://www.example.com/"
|
||||
},
|
||||
];
|
||||
|
||||
// initializing to -1 so we start at index 0 when we start the test
|
||||
var counter = -1;
|
||||
|
||||
function checkResult(aResult) {
|
||||
is(aResult, tests[counter].result, "should be " + tests[counter].result + " in test " + counter +
|
||||
"(" + tests[counter].policy + ", " + tests[counter].target + ")!");
|
||||
loadNextTest();
|
||||
}
|
||||
|
||||
// We use the examiner to identify requests that hit the wire and requests
|
||||
// that are blocked by CSP and bubble up the result to the including iframe
|
||||
// document (parent).
|
||||
function examiner() {
|
||||
SpecialPowers.addObserver(this, "csp-on-violate-policy");
|
||||
}
|
||||
examiner.prototype = {
|
||||
observe(subject, topic, data) {
|
||||
if (topic === "csp-on-violate-policy" && data === "navigate-to") {
|
||||
checkResult("blocked");
|
||||
}
|
||||
|
||||
},
|
||||
remove() {
|
||||
SpecialPowers.removeObserver(this, "csp-on-violate-policy");
|
||||
}
|
||||
}
|
||||
window.NavigationActionExaminer = new examiner();
|
||||
// We use iframe onload to check if requests are not blocked by CSP
|
||||
var iframe = document.getElementById("testframe");
|
||||
iframe.onload = function() {
|
||||
checkResult("allowed");
|
||||
}
|
||||
|
||||
function loadNextTest() {
|
||||
counter++;
|
||||
if (counter == tests.length) {
|
||||
window.NavigationActionExaminer.remove();
|
||||
SimpleTest.finish();
|
||||
return;
|
||||
}
|
||||
|
||||
var src = "file_navigate_to.sjs";
|
||||
// append the CSP that should be used to serve the file
|
||||
src += "?csp=" + escape(tests[counter].policy);
|
||||
if( tests[counter].policy2 ) {
|
||||
src += "&csp2=" + escape(tests[counter].policy2);
|
||||
}
|
||||
src += "&target=" + escape(tests[counter].target);
|
||||
|
||||
iframe.src = src;
|
||||
}
|
||||
|
||||
// start running the tests
|
||||
loadNextTest();
|
||||
|
||||
</script>
|
||||
</body>
|
||||
</html>
|
||||
|
|
@ -150,11 +150,8 @@ nsresult runTestSuite(const PolicyTest* aPolicies, uint32_t aPolicyCount,
|
|||
uint32_t aExpectedPolicyCount) {
|
||||
nsresult rv;
|
||||
nsCOMPtr<nsIPrefBranch> prefs = do_GetService(NS_PREFSERVICE_CONTRACTID);
|
||||
bool navigateTo = false;
|
||||
bool wasmUnsafeEval = false;
|
||||
if (prefs) {
|
||||
prefs->GetBoolPref("security.csp.enableNavigateTo", &navigateTo);
|
||||
prefs->SetBoolPref("security.csp.enableNavigateTo", true);
|
||||
prefs->GetBoolPref("security.csp.wasm-unsafe-eval.enabled",
|
||||
&wasmUnsafeEval);
|
||||
prefs->SetBoolPref("security.csp.wasm-unsafe-eval.enabled", true);
|
||||
|
|
@ -167,7 +164,6 @@ nsresult runTestSuite(const PolicyTest* aPolicies, uint32_t aPolicyCount,
|
|||
}
|
||||
|
||||
if (prefs) {
|
||||
prefs->SetBoolPref("security.csp.enableNavigateTo", navigateTo);
|
||||
prefs->SetBoolPref("security.csp.wasm-unsafe-eval.enabled", wasmUnsafeEval);
|
||||
}
|
||||
|
||||
|
|
@ -222,10 +218,6 @@ TEST(CSPParser, Directives)
|
|||
"worker-src https://example.com" },
|
||||
{ "worker-src http://worker.com; frame-src http://frame.com; child-src http://child.com",
|
||||
"worker-src http://worker.com; frame-src http://frame.com; child-src http://child.com" },
|
||||
{ "navigate-to http://example.com",
|
||||
"navigate-to http://example.com"},
|
||||
{ "navigate-to 'unsafe-allow-redirects' http://example.com",
|
||||
"navigate-to 'unsafe-allow-redirects' http://example.com"},
|
||||
{ "script-src 'unsafe-allow-redirects' http://example.com",
|
||||
"script-src http://example.com"},
|
||||
// clang-format on
|
||||
|
|
|
|||
|
|
@ -13799,12 +13799,6 @@
|
|||
value: true
|
||||
mirror: always
|
||||
|
||||
# Navigate-to CSP 3 directive
|
||||
- name: security.csp.enableNavigateTo
|
||||
type: bool
|
||||
value: false
|
||||
mirror: always
|
||||
|
||||
# wasm-unsafe-eval source keyword
|
||||
- name: security.csp.wasm-unsafe-eval.enabled
|
||||
type: bool
|
||||
|
|
|
|||
|
|
@ -673,7 +673,6 @@ interface nsILoadInfo : nsISupports
|
|||
|
||||
/**
|
||||
* True if the load was initiated by a form request.
|
||||
* This is important to know to handle the CSP directive navigate-to.
|
||||
*/
|
||||
[infallible] attribute boolean isFormSubmission;
|
||||
|
||||
|
|
|
|||
|
|
@ -975,19 +975,6 @@ auto DocumentLoadListener::OpenInParent(nsDocShellLoadState* aLoadState,
|
|||
return nullptr;
|
||||
}
|
||||
|
||||
if (nsCOMPtr<nsIContentSecurityPolicy> csp = aLoadState->Csp()) {
|
||||
// Check CSP navigate-to
|
||||
bool allowsNavigateTo = false;
|
||||
nsresult rv = csp->GetAllowsNavigateTo(aLoadState->URI(),
|
||||
aLoadState->IsFormSubmission(),
|
||||
false, /* aWasRedirected */
|
||||
false, /* aEnforceWhitelist */
|
||||
&allowsNavigateTo);
|
||||
if (NS_FAILED(rv) || !allowsNavigateTo) {
|
||||
return nullptr;
|
||||
}
|
||||
}
|
||||
|
||||
// Clone because this mutates the load flags in the load state, which
|
||||
// breaks nsDocShells expectations of being able to do it.
|
||||
RefPtr<nsDocShellLoadState> loadState = new nsDocShellLoadState(*aLoadState);
|
||||
|
|
|
|||
|
|
@ -1,4 +1 @@
|
|||
prefs: [security.csp.enableNavigateTo:true]
|
||||
disabled:
|
||||
if os == "win": https://bugzilla.mozilla.org/show_bug.cgi?id=1450635
|
||||
lsan-allowed: [Alloc, AllocateProtoAndIfaceCache, CallFromStack, CallJSNative, CallResolveOp, DelazifyCanonicalScriptedFunction, EnterJit, InternalCall, JS::Call, JSFunction::delazifyLazilyInterpretedFunction, MakeLinearStringForAtomization, ProtoAndIfaceCache, addDataProperty, alloc::raw_vec::finish_grow, applyImpl, js::RunScript, js::frontend::CompilationStencil::instantiateStencilsAfterPreparation, js_new, js_pod_arena_malloc, maybeCreateCacheForLookup, mozilla::EventDispatcher::Dispatch, mozilla::EventListenerManager::HandleEventInternal, mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal, mozilla::detail::HashTable, mozilla::detail::RunnableFunction, mozilla::dom::PContentChild::OnMessageReceived, mozilla::dom::Performance::CreateForMainThread, mozilla::dom::PerformanceMainThread::CreateNavigationTimingEntry, mozilla::dom::ProtoAndIfaceCache::PageTableCache::EntrySlotOrCreate, mozilla::dom::ScriptLoader::CreateLoadRequest, mozilla::dom::ScriptLoader::EvaluateScript, mozilla::intl::FluentBundle::Constructor, mozilla::intl::FluentResource::Constructor, mozilla::ipc::MessageChannel::RunMessage, mozilla::net::nsStandardURL::TemplatedMutator, nsDocumentOpenInfo::TryContentListener, nsDynamicAtom::Create, nsPresContext::NotifyContentfulPaint, nsThread::ProcessNextEvent, operator, search, unknown stack]
|
||||
disabled: true
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
[child-navigates-parent-allowed.html]
|
||||
disabled:
|
||||
if os == "linux": https://bugzilla.mozilla.org/show_bug.cgi?id=1450660
|
||||
|
||||
expected: TIMEOUT
|
||||
|
||||
[Test that the child can navigate the parent because the relevant policy belongs to the navigation initiator (in this case the child, which has the policy `navigate-to 'self'`)]
|
||||
expected: NOTRUN
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
[child-navigates-parent-blocked.sub.html]
|
||||
expected: TIMEOUT
|
||||
[Violation report status OK.]
|
||||
expected: FAIL
|
||||
|
||||
[Test that the child can't navigate the parent because the relevant policy belongs to the navigation initiator (in this case the child which has the policy `navigate-to 'none'`)]
|
||||
expected: NOTRUN
|
||||
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
[form-action-blocks-navigate-to-allows.sub.html]
|
||||
[Test that form-action overrides navigate-to when present.]
|
||||
expected: FAIL
|
||||
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
[form-action-blocks-navigate-to-blocks.sub.html]
|
||||
expected:
|
||||
if (os == "android") and fission: [OK, TIMEOUT]
|
||||
[Test that form-action overrides navigate-to when present.]
|
||||
expected: FAIL
|
||||
|
|
@ -1,9 +0,0 @@
|
|||
[form-blocked.sub.html]
|
||||
expected:
|
||||
if (os == "android") and fission: [OK, TIMEOUT]
|
||||
[Test that the child iframe navigation is not allowed]
|
||||
expected: FAIL
|
||||
|
||||
[Violation report status OK.]
|
||||
expected:
|
||||
if (os == "android") and not debug: [PASS, FAIL]
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
[form-cross-origin-blocked.sub.html]
|
||||
expected:
|
||||
if (os == "android") and fission: [OK, TIMEOUT]
|
||||
[Test that the child iframe navigation is not allowed]
|
||||
expected: FAIL
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[form-redirected-blocked.sub.html]
|
||||
expected:
|
||||
if (os == "android") and fission: [OK, TIMEOUT]
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[href-location-allowed.html]
|
||||
expected:
|
||||
if (os == "android") and fission: [OK, TIMEOUT]
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
[href-location-blocked.sub.html]
|
||||
[Violation report status OK.]
|
||||
expected:
|
||||
if (os == "android") and debug and swgl: [PASS, FAIL]
|
||||
if (os == "android") and debug and not swgl: [FAIL, PASS]
|
||||
if (os == "android") and not debug: [PASS, FAIL]
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[href-location-cross-origin-allowed.sub.html]
|
||||
expected:
|
||||
if (os == "android") and fission: [OK, TIMEOUT]
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[href-location-cross-origin-blocked.sub.html]
|
||||
disabled:
|
||||
if os == "android": Passes on debug but fails on optimized
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[href-location-redirected-allowed.html]
|
||||
expected:
|
||||
if (os == "android") and fission: [OK, TIMEOUT]
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[href-location-redirected-blocked.sub.html]
|
||||
expected:
|
||||
if (os == "android") and fission: [OK, TIMEOUT]
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[link-click-allowed.html]
|
||||
expected:
|
||||
if (os == "android") and fission: [TIMEOUT, OK]
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
[link-click-blocked.sub.html]
|
||||
expected:
|
||||
if fission and (os == "linux") and not debug: [OK, TIMEOUT]
|
||||
if fission and (os == "android"): [OK, TIMEOUT]
|
||||
[Test that the child iframe navigation is not allowed]
|
||||
expected:
|
||||
if (os == "linux") and not debug and fission: [PASS, NOTRUN]
|
||||
|
||||
[Violation report status OK.]
|
||||
expected:
|
||||
if (os == "linux") and not debug and fission: [PASS, FAIL]
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[link-click-cross-origin-allowed.sub.html]
|
||||
expected:
|
||||
if (os == "android") and fission: [OK, TIMEOUT]
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[link-click-cross-origin-blocked.sub.html]
|
||||
expected:
|
||||
if (os == "android") and fission: [OK, TIMEOUT]
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
[link-click-redirected-allowed.html]
|
||||
disabled:
|
||||
if os == "win": Bug 1440584
|
||||
expected:
|
||||
if (os == "android") and fission: [OK, TIMEOUT]
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
[link-click-redirected-blocked.sub.html]
|
||||
[Violation report status OK.]
|
||||
expected:
|
||||
if debug and (os == "linux") and not fission and not swgl: [PASS, FAIL]
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[meta-refresh-allowed.html]
|
||||
expected:
|
||||
if (os == "android") and fission: [OK, TIMEOUT]
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[meta-refresh-blocked.sub.html]
|
||||
expected:
|
||||
if (os == "android") and fission: [OK, TIMEOUT]
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[meta-refresh-cross-origin-allowed.sub.html]
|
||||
expected:
|
||||
if (os == "android") and fission: [OK, TIMEOUT]
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[meta-refresh-cross-origin-blocked.sub.html]
|
||||
expected:
|
||||
if (os == "android") and fission: [OK, TIMEOUT]
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[meta-refresh-redirected-allowed.html]
|
||||
expected:
|
||||
if (os == "android") and fission: [OK, TIMEOUT]
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[meta-refresh-redirected-blocked.sub.html]
|
||||
expected:
|
||||
if (os == "android") and fission: [OK, TIMEOUT]
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[parent-navigates-child-allowed.html]
|
||||
expected:
|
||||
if (os == "android") and fission: [OK, TIMEOUT]
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[parent-navigates-child-blocked.html]
|
||||
expected:
|
||||
if (os == "android") and fission: [OK, TIMEOUT]
|
||||
|
|
@ -1,17 +0,0 @@
|
|||
[spv-only-sent-to-initiator.sub.html]
|
||||
expected:
|
||||
if fission and (os == "linux") and debug and not swgl: [TIMEOUT, OK]
|
||||
if fission and (os == "linux") and debug and swgl: [TIMEOUT, OK]
|
||||
if fission and (os == "linux") and not debug and (processor == "x86_64"): [TIMEOUT, OK]
|
||||
if fission and (os == "mac") and debug: [TIMEOUT, OK]
|
||||
[OK, TIMEOUT]
|
||||
[Test that no spv event is raised]
|
||||
expected:
|
||||
if fission and (os == "linux") and not debug and (processor == "x86_64"): [NOTRUN, FAIL]
|
||||
if fission and (os == "linux") and debug and not swgl: [NOTRUN, FAIL]
|
||||
if fission and (os == "linux") and debug and swgl: [NOTRUN, FAIL]
|
||||
if fission and (os == "mac") and debug: [NOTRUN, FAIL]
|
||||
[FAIL, NOTRUN]
|
||||
|
||||
[Violation report status OK.]
|
||||
expected: FAIL
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[allowed-end-of-chain-because-of-same-origin.sub.html]
|
||||
disabled:
|
||||
if (os == "android"): https://bugzilla.mozilla.org/show_bug.cgi?id=1511193
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
[blocked-end-of-chain.sub.html]
|
||||
expected: TIMEOUT
|
||||
|
||||
[Test that the child iframe navigation is blocked]
|
||||
expected: NOTRUN
|
||||
|
||||
|
|
@ -894,9 +894,8 @@ with modules["SECURITY"]:
|
|||
errors["NS_ERROR_XFO_VIOLATION"] = FAILURE(96)
|
||||
|
||||
# Error code for CSP
|
||||
errors["NS_ERROR_CSP_NAVIGATE_TO_VIOLATION"] = FAILURE(97)
|
||||
errors["NS_ERROR_CSP_FORM_ACTION_VIOLATION"] = FAILURE(98)
|
||||
errors["NS_ERROR_CSP_FRAME_ANCESTOR_VIOLATION"] = FAILURE(99)
|
||||
errors["NS_ERROR_CSP_FORM_ACTION_VIOLATION"] = FAILURE(97)
|
||||
errors["NS_ERROR_CSP_FRAME_ANCESTOR_VIOLATION"] = FAILURE(98)
|
||||
|
||||
# Error code for Sub-Resource Integrity
|
||||
errors["NS_ERROR_SRI_CORRUPT"] = FAILURE(200)
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче