Bug 1609877: Convert prefs for domsecurity to use static prefs. r=tjr

Differential Revision: https://phabricator.services.mozilla.com/D60403

--HG--
extra : moz-landing-system : lando

browser/base/content/test/general/browser_testOpenNewRemoteTabsFromNonRemoteBrowsers.js

@@ -41,7 +41,7 @@ registerCleanupFunction(() => {
  */
 add_task(async function test_new_tab() {
   await SpecialPowers.pushPrefEnv({
-    set: [["domsecurity.skip_html_fragment_assertion", true]],
+    set: [["dom.security.skip_html_fragment_assertion", true]],
   });
 
   let normalWindow = await BrowserTestUtils.openNewBrowserWindow({
@@ -89,7 +89,7 @@ add_task(async function test_new_tab() {
  */
 add_task(async function test_new_window() {
   await SpecialPowers.pushPrefEnv({
-    set: [["domsecurity.skip_html_fragment_assertion", true]],
+    set: [["dom.security.skip_html_fragment_assertion", true]],
   });
 
   let normalWindow = await BrowserTestUtils.openNewBrowserWindow(

browser/base/content/test/performance/browser_preferences_usage.js

@@ -127,9 +127,6 @@ add_task(async function startup() {
       min: 0,
       max: 50,
     },
-    "csp.skip_about_page_has_csp_assert": {
-      // This is accessed in debug only.
-    },
   };
 
   let startupRecorder = Cc["@mozilla.org/test/startuprecorder;1"].getService()

browser/base/content/test/tabs/browser_e10s_about_page_triggeringprincipal.js

@@ -21,7 +21,7 @@ const kAboutPagesRegistered = Promise.all([
 add_task(async function test_principal_click() {
   await kAboutPagesRegistered;
   await SpecialPowers.pushPrefEnv({
-    set: [["csp.skip_about_page_has_csp_assert", true]],
+    set: [["dom.security.skip_about_page_has_csp_assert", true]],
   });
   await BrowserTestUtils.withNewTab(
     "about:test-about-principal-parent",
@@ -74,7 +74,7 @@ add_task(async function test_principal_ctrl_click() {
   await SpecialPowers.pushPrefEnv({
     set: [
       ["security.sandbox.content.level", 1],
-      ["csp.skip_about_page_has_csp_assert", true],
+      ["dom.security.skip_about_page_has_csp_assert", true],
     ],
   });
 
@@ -132,7 +132,7 @@ add_task(async function test_principal_right_click_open_link_in_new_tab() {
   await SpecialPowers.pushPrefEnv({
     set: [
       ["security.sandbox.content.level", 1],
-      ["csp.skip_about_page_has_csp_assert", true],
+      ["dom.security.skip_about_page_has_csp_assert", true],
     ],
   });
 

browser/components/sessionstore/test/browser_parentProcessRestoreHash.js

@@ -59,7 +59,7 @@ let TestAboutPage = {
  */
 add_task(async function() {
   await SpecialPowers.pushPrefEnv({
-    set: [["csp.skip_about_page_has_csp_assert", true]],
+    set: [["dom.security.skip_about_page_has_csp_assert", true]],
   });
 
   TestAboutPage.register();

devtools/client/framework/test/browser_toolbox_show_toolbox_tool_ready.js

@@ -40,7 +40,7 @@ add_task(async function automaticallyBindTexbox() {
   await SpecialPowers.pushPrefEnv({
     set: [
       ["security.csp.enable", false],
-      ["csp.skip_about_page_has_csp_assert", true],
+      ["dom.security.skip_about_page_has_csp_assert", true],
     ],
   });
 

devtools/client/framework/test/browser_toolbox_textbox_context_menu.js

@@ -20,7 +20,7 @@ add_task(async function checkMenuEntryStates() {
   await SpecialPowers.pushPrefEnv({
     set: [
       ["security.csp.enable", false],
-      ["csp.skip_about_page_has_csp_assert", true],
+      ["dom.security.skip_about_page_has_csp_assert", true],
     ],
   });
 
@@ -72,7 +72,7 @@ add_task(async function automaticallyBindTexbox() {
   await SpecialPowers.pushPrefEnv({
     set: [
       ["security.csp.enable", false],
-      ["csp.skip_about_page_has_csp_assert", true],
+      ["dom.security.skip_about_page_has_csp_assert", true],
     ],
   });
 

devtools/docs/frontend/csp.md

@@ -50,7 +50,7 @@ If you absolutely have to use an unsupported scheme, you can turn off CSPs for t
 
 ```
 await pushPref("security.csp.enable", false);
-await pushPref("csp.skip_about_page_has_csp_assert", true);
+await pushPref("dom.security.skip_about_page_has_csp_assert", true);
 ```
 
 The `pushPref` helper will ensure the preferences come back to their initial value at the end of the test.

dom/base/test/browser_bug593387.js

@@ -12,7 +12,7 @@ add_task(async function test() {
   await SpecialPowers.pushPrefEnv({
     set: [
       ["security.csp.enable", false],
-      ["csp.skip_about_page_has_csp_assert", true],
+      ["dom.security.skip_about_page_has_csp_assert", true],
     ],
   });
 

dom/security/DOMSecurityMonitor.cpp

@@ -12,6 +12,8 @@
 #include "nsIPrincipal.h"
 #include "nsIURI.h"
 
+#include "mozilla/StaticPrefs_dom.h"
+
 /* static */
 void DOMSecurityMonitor::AuditParsingOfHTMLXMLFragments(
     nsIPrincipal* aPrincipal, const nsAString& aFragment) {
@@ -39,7 +41,7 @@ void DOMSecurityMonitor::AuditParsingOfHTMLXMLFragments(
 
   // check if we should skip assertion. Please only ever set this pref to
   // true if really needed for testing purposes.
-  if (Preferences::GetBool("domsecurity.skip_html_fragment_assertion")) {
+  if (StaticPrefs::dom_security_skip_html_fragment_assertion()) {
     return;
   }
 

dom/security/nsContentSecurityManager.cpp

@@ -27,6 +27,7 @@
 #include "mozilla/dom/BrowserChild.h"
 #include "mozilla/Components.h"
 #include "mozilla/Logging.h"
+#include "mozilla/StaticPrefs_dom.h"
 #include "mozilla/Telemetry.h"
 #include "mozilla/TelemetryComms.h"
 #include "xpcpublic.h"
@@ -795,8 +796,8 @@ nsresult nsContentSecurityManager::CheckAllowLoadInSystemPrivilegedContext(
   //    privileged contexts but with some exceptions, like e.g. the
   //    discoverURL.
   if (contentPolicyType == nsIContentPolicy::TYPE_SCRIPT) {
-    if (Preferences::GetBool("domsecurity.skip_remote_script_assertion_in_"
-                             "system_priv_context")) {
+    if (StaticPrefs::
+            dom_security_skip_remote_script_assertion_in_system_priv_context()) {
       return NS_OK;
     }
     nsAutoCString scriptSpec;

dom/security/nsContentSecurityUtils.cpp

@@ -22,6 +22,7 @@
 #include "mozilla/Logging.h"
 #include "mozilla/dom/Document.h"
 #include "mozilla/StaticPrefs_extensions.h"
+#include "mozilla/StaticPrefs_dom.h"
 
 /*
  * Performs a Regular Expression match, optionally returning the results.
@@ -574,7 +575,7 @@ void nsContentSecurityUtils::AssertAboutPageHasCSP(Document* aDocument) {
   // object-src 'none'"/>
 
   // Check if we should skip the assertion
-  if (Preferences::GetBool("csp.skip_about_page_has_csp_assert")) {
+  if (StaticPrefs::dom_security_skip_about_page_has_csp_assert()) {
     return;
   }
 
@@ -612,7 +613,7 @@ void nsContentSecurityUtils::AssertAboutPageHasCSP(Document* aDocument) {
 
   // Check if we should skip the allowlist and assert right away. Please note
   // that this pref can and should only be set for automated testing.
-  if (Preferences::GetBool("csp.skip_about_page_csp_allowlist_and_assert")) {
+  if (StaticPrefs::dom_security_skip_about_page_csp_allowlist_and_assert()) {
     NS_ASSERTION(foundDefaultSrc, "about: page must have a CSP");
     return;
   }

dom/security/test/general/test_assert_about_page_no_csp.html

@@ -12,7 +12,7 @@
   // Test Setup: The test overrules the allowlist of about: pages that are allowed to load
   // without a CSP and makes sure to hit the assertion within AssertAboutPageHasCSP().
 
-  SpecialPowers.setBoolPref("csp.skip_about_page_csp_allowlist_and_assert", true);
+  SpecialPowers.setBoolPref("dom.security.skip_about_page_csp_allowlist_and_assert", true);
 
   SimpleTest.waitForExplicitFinish();
   SimpleTest.expectAssertions(0, 1);
@@ -22,7 +22,7 @@
   myFrame.src = "about:blank";
   // booom :-)
 
-  SpecialPowers.setBoolPref("csp.skip_about_page_csp_allowlist_and_assert", false);
+  SpecialPowers.setBoolPref("dom.security.skip_about_page_csp_allowlist_and_assert", false);
   SimpleTest.finish();
 </script>
 </pre>

dom/tests/mochitest/keyhandling/chrome.ini

@@ -2,7 +2,7 @@
 # test_input.html and test_textarea.html are also used as mochitests, hence
 # we have to flip the skip assertion flag for the chrome tests here.
 prefs =
-  domsecurity.skip_remote_script_assertion_in_system_priv_context=true
+  dom.security.skip_remote_script_assertion_in_system_priv_context=true
 
 # nsIWidget::SynthesizeNativeKeyEvent() required (Bug 1410525 for headless)
 skip-if = os == 'linux' || os == 'android' || headless

modules/libpref/init/StaticPrefList.yaml

@@ -2261,6 +2261,37 @@
   value: @IS_NIGHTLY_BUILD@
   mirror: always
 
+# For testing purposes only: Flipping this pref to true allows
+# to skip the allowlist for about: pages and do not ship with a
+# CSP and NS_ASSERT right away.
+- name: dom.security.skip_about_page_csp_allowlist_and_assert
+  type: RelaxedAtomicBool
+  value: false
+  mirror: always
+
+# For testing purposes only: Flipping this pref to true allows
+# to skip the assertion that every about page ships with a CSP.
+- name: dom.security.skip_about_page_has_csp_assert
+  type: RelaxedAtomicBool
+  value: false
+  mirror: always
+
+# For testing purposes only: Flipping this pref to true allows
+# to skip the assertion that HTML fragments (e.g. innerHTML) can
+# not be used within chrome code or about: pages.
+- name: dom.security.skip_html_fragment_assertion
+  type: RelaxedAtomicBool
+  value: false
+  mirror: always
+
+# For testing purposes only; Flipping this pref to true allows
+# to skip the assertion that remote scripts can not be loaded
+# in system privileged contexts.
+- name: dom.security.skip_remote_script_assertion_in_system_priv_context
+  type: RelaxedAtomicBool
+  value: false
+  mirror: always
+
 # Is support for selection event APIs enabled?
 - name: dom.select_events.enabled
   type: bool

modules/libpref/init/all.js

@@ -2275,24 +2275,6 @@ pref("security.directory",              "");
 pref("security.dialog_enable_delay", 1000);
 pref("security.notification_enable_delay", 500);
 
-#if defined(DEBUG)
-  // For testing purposes only: Flipping this pref to true allows
-  // to skip the assertion that every about page ships with a CSP.
-  pref("csp.skip_about_page_has_csp_assert", false);
-  // For testing purposes only: Flipping this pref to true allows
-  // to skip the allowlist for about: pages and do not ship with a
-  // CSP and NS_ASSERT right away.
-  pref("csp.skip_about_page_csp_allowlist_and_assert", false);
-  // For testing purposes only: Flipping this pref to true allows
-  // to skip the assertion that HTML fragments (e.g. innerHTML) can
-  // not be used within chrome code or about: pages.
-  pref("domsecurity.skip_html_fragment_assertion", false);
-  // For testing purposes only; Flipping this pref to true allows
-  // to skip the assertion that remote scripts can not be loaded
-  // in system privileged contexts.
-  pref("domsecurity.skip_remote_script_assertion_in_system_priv_context", false);
-#endif
-
 #ifdef EARLY_BETA_OR_EARLIER
   // Disallow web documents loaded with the SystemPrincipal
   pref("security.disallow_non_local_systemprincipal_in_tests", false);

toolkit/components/url-classifier/tests/mochitest/test_allowlisted_annotations.html

@@ -36,7 +36,7 @@ SpecialPowers.pushPrefEnv(
   {"set": [["urlclassifier.trackingTable", "moztest-track-simple"],
            ["privacy.trackingprotection.enabled", true],
            ["channelclassifier.allowlist_example", true],
-           ["domsecurity.skip_remote_script_assertion_in_system_priv_context", true]]},
+           ["dom.security.skip_remote_script_assertion_in_system_priv_context", true]]},
   test);
 
 function test() {