mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Backed out changeset d085f7afb20a (bug 1514680) for mochitest failures at test_importScripts_3rdparty.html. 

--HG--
extra : rebase_source : ee47ae03f428320fe1dbf848f1b42f0aa11eee90
This commit is contained in:
Brindusan Cristian 2019-01-29 22:12:47 +02:00
Родитель 8b379cf5ab
Коммит 375d1a074a
6 изменённых файлов: 34 добавлений и 88 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

2
devtools/client/webconsole/test/mochitest/browser.ini
Просмотреть файл

@ -137,7 +137,6 @@ support-files =
test-non-javascript-mime.html
test-non-javascript-mime.js
test-non-javascript-mime.js^headers^
test-non-javascript-mime-worker.html
test-observe-http-ajax.html
test-own-console.html
test-property-provider.html
@ -357,7 +356,6 @@ skip-if = true # Bug 1438979
[browser_webconsole_nodes_highlight.js]
[browser_webconsole_nodes_select.js]
[browser_webconsole_non_javascript_mime_warning.js]
[browser_webconsole_non_javascript_mime_worker_error.js]
[browser_webconsole_object_ctrl_click.js]
[browser_webconsole_object_in_sidebar_keyboard_nav.js]
[browser_webconsole_object_inspector.js]

21
devtools/client/webconsole/test/mochitest/browser_webconsole_non_javascript_mime_worker_error.js
Просмотреть файл

@ -1,21 +0,0 @@
/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
/* vim: set ft=javascript ts=2 et sw=2 tw=80: */
/* Any copyright is dedicated to the Public Domain.
* http://creativecommons.org/publicdomain/zero/1.0/ */
// Tests that importScripts loads inside a worker with a non-JavaScript
// MIME types produce an error and fail.
// See Bug 1514680.
"use strict";
const TEST_URI = "http://example.com/browser/devtools/client/webconsole/" +
"test/mochitest/" +
"test-non-javascript-mime-worker.html";
const MIME_ERROR_MSG = "Loading script from “http://example.com/browser/devtools/client/webconsole/test/mochitest/test-non-javascript-mime.js” with importScripts() was blocked because of a disallowed MIME type (“text/plain”).";
add_task(async function() {
const hud = await openNewTabAndConsole(TEST_URI);
await waitFor(()=> findMessage(hud, MIME_ERROR_MSG, ".message.error"), "", 100);
ok(true, "MIME type error displayed");
});

20
devtools/client/webconsole/test/mochitest/test-non-javascript-mime-worker.html
Просмотреть файл

@ -1,20 +0,0 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Web Console test for script with non-JavaScript MIME type</title>
<!-- Any copyright is dedicated to the Public Domain.
http://creativecommons.org/publicdomain/zero/1.0/ -->
<script>
"use strict";
const source = `importScripts("http://example.com/browser/devtools/client/webconsole/" +
"test/mochitest/" +
"test-non-javascript-mime.js");`;
const url = URL.createObjectURL(new Blob([source], {type: "application/javascript"}));
new Worker(url);
</script>
</head>
<body>
<p>Web Console test for importScripts() inside Worker with non-JavaScript MIME type.</p>
</body>
</html>

2
dom/locales/en-US/chrome/security/security.properties
Просмотреть файл

@ -86,8 +86,6 @@ XCTOHeaderValueMissing=X-Content-Type-Options header warning: value was “%1$S
BlockScriptWithWrongMimeType2=Script from “%1$S” was blocked because of a disallowed MIME type (“%2$S”).
WarnScriptWithWrongMimeType=The script from “%1$S” was loaded even though its MIME type (“%2$S”) is not a valid JavaScript MIME type.
# LOCALIZATION NOTE: Do not translate "importScripts()"
BlockImportScriptsWithWrongMimeType=Loading script from “%1$S” with importScripts() was blocked because of a disallowed MIME type (“%2$S”).
# LOCALIZATION NOTE: Do not translate "data: URI".
BlockTopLevelDataURINavigation=Navigation to toplevel data: URI not allowed (Blocked loading of: “%1$S”)

3
modules/libpref/init/all.js
Просмотреть файл

@ -2705,9 +2705,6 @@ pref("security.sri.enable", true);
// Block scripts with wrong MIME type such as image/ or video/.
pref("security.block_script_with_wrong_mime", true);
// Block scripts with wrong MIME type when loading via importScripts() in workers.
pref("security.block_importScripts_with_wrong_mime", true);
// OCSP must-staple
pref("security.ssl.enable_ocsp_must_staple", true);

74
netwerk/protocol/http/nsHttpChannel.cpp
Просмотреть файл

@ -1471,8 +1471,7 @@ nsresult EnsureMIMEOfScript(nsHttpChannel *aChannel, nsIURI *aURI,
if (!sIsInited) {
sIsInited = true;
Preferences::AddBoolVarCache(&sCachedBlockScriptWithWrongMime,
"security.block_script_with_wrong_mime",
true);
"security.block_script_with_wrong_mime");
}
// Do not block the load if the feature is not enabled.
@ -1489,67 +1488,62 @@ nsresult EnsureMIMEOfScript(nsHttpChannel *aChannel, nsIURI *aURI,
// script load has type text/plain
AccumulateCategorical(
Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_3::text_plain);
} else if (StringBeginsWith(contentType, NS_LITERAL_CSTRING("text/xml"))) {
return NS_OK;
}
if (StringBeginsWith(contentType, NS_LITERAL_CSTRING("text/xml"))) {
// script load has type text/xml
AccumulateCategorical(
Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_3::text_xml);
} else if (StringBeginsWith(contentType,
NS_LITERAL_CSTRING("application/octet-stream"))) {
return NS_OK;
}
if (StringBeginsWith(contentType,
NS_LITERAL_CSTRING("application/octet-stream"))) {
// script load has type application/octet-stream
AccumulateCategorical(
Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_3::app_octet_stream);
} else if (StringBeginsWith(contentType,
NS_LITERAL_CSTRING("application/xml"))) {
return NS_OK;
}
if (StringBeginsWith(contentType, NS_LITERAL_CSTRING("application/xml"))) {
// script load has type application/xml
AccumulateCategorical(
Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_3::app_xml);
} else if (StringBeginsWith(contentType,
NS_LITERAL_CSTRING("application/json"))) {
return NS_OK;
}
if (StringBeginsWith(contentType, NS_LITERAL_CSTRING("application/json"))) {
// script load has type application/json
AccumulateCategorical(
Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_3::app_json);
} else if (StringBeginsWith(contentType, NS_LITERAL_CSTRING("text/json"))) {
return NS_OK;
}
if (StringBeginsWith(contentType, NS_LITERAL_CSTRING("text/json"))) {
// script load has type text/json
AccumulateCategorical(
Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_3::text_json);
} else if (StringBeginsWith(contentType, NS_LITERAL_CSTRING("text/html"))) {
return NS_OK;
}
if (StringBeginsWith(contentType, NS_LITERAL_CSTRING("text/html"))) {
// script load has type text/html
AccumulateCategorical(
Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_3::text_html);
} else if (contentType.IsEmpty()) {
return NS_OK;
}
if (contentType.IsEmpty()) {
// script load has no type
AccumulateCategorical(
Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_3::empty);
} else {
// script load has unknown type
AccumulateCategorical(
Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_3::unknown);
}
// We restrict importScripts() in worker code to JavaScript MIME types.
if (aLoadInfo->InternalContentPolicyType() ==
nsIContentPolicy::TYPE_INTERNAL_WORKER_IMPORT_SCRIPTS) {
// Instead of consulting Preferences::GetBool() all the time we
// can cache the result to speed things up.
static bool sCachedBlockImportScriptsWithWrongMime = false;
static bool sIsInited = false;
if (!sIsInited) {
sIsInited = true;
Preferences::AddBoolVarCache(
&sCachedBlockImportScriptsWithWrongMime,
"security.block_importScripts_with_wrong_mime", true);
}
// Do not block the load if the feature is not enabled.
if (!sCachedBlockImportScriptsWithWrongMime) {
return NS_OK;
}
ReportMimeTypeMismatch(aChannel, "BlockImportScriptsWithWrongMimeType",
aURI, contentType, Report::Error);
return NS_ERROR_CORRUPTED_CONTENT;
return NS_OK;
}
// script load has unknown type
AccumulateCategorical(
Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_3::unknown);
return NS_OK;
}