From 375d1a074a73d86abb8d8321246bedc87cb8230d Mon Sep 17 00:00:00 2001
From: Brindusan Cristian <cbrindusan@mozilla.com>
Date: Tue, 29 Jan 2019 22:12:47 +0200
Subject: [PATCH] Backed out changeset d085f7afb20a (bug 1514680) for mochitest
 failures at test_importScripts_3rdparty.html.

--HG--
extra : rebase_source : ee47ae03f428320fe1dbf848f1b42f0aa11eee90
---
 .../webconsole/test/mochitest/browser.ini     |  2 -
 ...onsole_non_javascript_mime_worker_error.js | 21 ------
 .../test-non-javascript-mime-worker.html      | 20 -----
 .../en-US/chrome/security/security.properties |  2 -
 modules/libpref/init/all.js                   |  3 -
 netwerk/protocol/http/nsHttpChannel.cpp       | 74 +++++++++----------
 6 files changed, 34 insertions(+), 88 deletions(-)
 delete mode 100644 devtools/client/webconsole/test/mochitest/browser_webconsole_non_javascript_mime_worker_error.js
 delete mode 100644 devtools/client/webconsole/test/mochitest/test-non-javascript-mime-worker.html

diff --git a/devtools/client/webconsole/test/mochitest/browser.ini b/devtools/client/webconsole/test/mochitest/browser.ini
index ec645f29e74e..99890d914269 100644
--- a/devtools/client/webconsole/test/mochitest/browser.ini
+++ b/devtools/client/webconsole/test/mochitest/browser.ini
@@ -137,7 +137,6 @@ support-files =
   test-non-javascript-mime.html
   test-non-javascript-mime.js
   test-non-javascript-mime.js^headers^
-  test-non-javascript-mime-worker.html
   test-observe-http-ajax.html
   test-own-console.html
   test-property-provider.html
@@ -357,7 +356,6 @@ skip-if = true  # Bug 1438979
 [browser_webconsole_nodes_highlight.js]
 [browser_webconsole_nodes_select.js]
 [browser_webconsole_non_javascript_mime_warning.js]
-[browser_webconsole_non_javascript_mime_worker_error.js]
 [browser_webconsole_object_ctrl_click.js]
 [browser_webconsole_object_in_sidebar_keyboard_nav.js]
 [browser_webconsole_object_inspector.js]
diff --git a/devtools/client/webconsole/test/mochitest/browser_webconsole_non_javascript_mime_worker_error.js b/devtools/client/webconsole/test/mochitest/browser_webconsole_non_javascript_mime_worker_error.js
deleted file mode 100644
index ed63af2f943c..000000000000
--- a/devtools/client/webconsole/test/mochitest/browser_webconsole_non_javascript_mime_worker_error.js
+++ /dev/null
@@ -1,21 +0,0 @@
-/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
-/* vim: set ft=javascript ts=2 et sw=2 tw=80: */
-/* Any copyright is dedicated to the Public Domain.
- * http://creativecommons.org/publicdomain/zero/1.0/ */
-
-// Tests that importScripts loads inside a worker with a non-JavaScript
-// MIME types produce an error and fail.
-// See Bug 1514680.
-
-"use strict";
-
-const TEST_URI = "http://example.com/browser/devtools/client/webconsole/" +
-                 "test/mochitest/" +
-                 "test-non-javascript-mime-worker.html";
-const MIME_ERROR_MSG = "Loading script from “http://example.com/browser/devtools/client/webconsole/test/mochitest/test-non-javascript-mime.js” with importScripts() was blocked because of a disallowed MIME type (“text/plain”).";
-
-add_task(async function() {
-  const hud = await openNewTabAndConsole(TEST_URI);
-  await waitFor(()=> findMessage(hud, MIME_ERROR_MSG, ".message.error"), "", 100);
-  ok(true, "MIME type error displayed");
-});
diff --git a/devtools/client/webconsole/test/mochitest/test-non-javascript-mime-worker.html b/devtools/client/webconsole/test/mochitest/test-non-javascript-mime-worker.html
deleted file mode 100644
index 437a8885d0fb..000000000000
--- a/devtools/client/webconsole/test/mochitest/test-non-javascript-mime-worker.html
+++ /dev/null
@@ -1,20 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-  <head>
-    <meta charset="utf-8">
-    <title>Web Console test for script with non-JavaScript MIME type</title>
-<!-- Any copyright is dedicated to the Public Domain.
-     http://creativecommons.org/publicdomain/zero/1.0/ -->
-    <script>
-        "use strict";
-        const source = `importScripts("http://example.com/browser/devtools/client/webconsole/" +
-                                      "test/mochitest/" +
-                                      "test-non-javascript-mime.js");`;
-        const url = URL.createObjectURL(new Blob([source], {type: "application/javascript"}));
-        new Worker(url);
-    </script>
-  </head>
-  <body>
-    <p>Web Console test for importScripts() inside Worker with non-JavaScript MIME type.</p>
-  </body>
-</html>
diff --git a/dom/locales/en-US/chrome/security/security.properties b/dom/locales/en-US/chrome/security/security.properties
index a3853aecd871..d13ae9e7d937 100644
--- a/dom/locales/en-US/chrome/security/security.properties
+++ b/dom/locales/en-US/chrome/security/security.properties
@@ -86,8 +86,6 @@ XCTOHeaderValueMissing=X-Content-Type-Options header warning: value was “%1$S
 
 BlockScriptWithWrongMimeType2=Script from “%1$S” was blocked because of a disallowed MIME type (“%2$S”).
 WarnScriptWithWrongMimeType=The script from “%1$S” was loaded even though its MIME type (“%2$S”) is not a valid JavaScript MIME type.
-# LOCALIZATION NOTE: Do not translate "importScripts()"
-BlockImportScriptsWithWrongMimeType=Loading script from “%1$S” with importScripts() was blocked because of a disallowed MIME type (“%2$S”).
 
 # LOCALIZATION NOTE: Do not translate "data: URI".
 BlockTopLevelDataURINavigation=Navigation to toplevel data: URI not allowed (Blocked loading of: “%1$S”)
diff --git a/modules/libpref/init/all.js b/modules/libpref/init/all.js
index 9b386d1bd37c..f145112e5d1f 100644
--- a/modules/libpref/init/all.js
+++ b/modules/libpref/init/all.js
@@ -2705,9 +2705,6 @@ pref("security.sri.enable", true);
 // Block scripts with wrong MIME type such as image/ or video/.
 pref("security.block_script_with_wrong_mime", true);
 
-// Block scripts with wrong MIME type when loading via importScripts() in workers.
-pref("security.block_importScripts_with_wrong_mime", true);
-
 // OCSP must-staple
 pref("security.ssl.enable_ocsp_must_staple", true);
 
diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp
index b13397158959..19bd0b046187 100644
--- a/netwerk/protocol/http/nsHttpChannel.cpp
+++ b/netwerk/protocol/http/nsHttpChannel.cpp
@@ -1471,8 +1471,7 @@ nsresult EnsureMIMEOfScript(nsHttpChannel *aChannel, nsIURI *aURI,
     if (!sIsInited) {
       sIsInited = true;
       Preferences::AddBoolVarCache(&sCachedBlockScriptWithWrongMime,
-                                   "security.block_script_with_wrong_mime",
-                                   true);
+                                   "security.block_script_with_wrong_mime");
     }
 
     // Do not block the load if the feature is not enabled.
@@ -1489,67 +1488,62 @@ nsresult EnsureMIMEOfScript(nsHttpChannel *aChannel, nsIURI *aURI,
     // script load has type text/plain
     AccumulateCategorical(
         Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_3::text_plain);
-  } else if (StringBeginsWith(contentType, NS_LITERAL_CSTRING("text/xml"))) {
+    return NS_OK;
+  }
+
+  if (StringBeginsWith(contentType, NS_LITERAL_CSTRING("text/xml"))) {
     // script load has type text/xml
     AccumulateCategorical(
         Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_3::text_xml);
-  } else if (StringBeginsWith(contentType,
-                              NS_LITERAL_CSTRING("application/octet-stream"))) {
+    return NS_OK;
+  }
+
+  if (StringBeginsWith(contentType,
+                       NS_LITERAL_CSTRING("application/octet-stream"))) {
     // script load has type application/octet-stream
     AccumulateCategorical(
         Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_3::app_octet_stream);
-  } else if (StringBeginsWith(contentType,
-                              NS_LITERAL_CSTRING("application/xml"))) {
+    return NS_OK;
+  }
+
+  if (StringBeginsWith(contentType, NS_LITERAL_CSTRING("application/xml"))) {
     // script load has type application/xml
     AccumulateCategorical(
         Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_3::app_xml);
-  } else if (StringBeginsWith(contentType,
-                              NS_LITERAL_CSTRING("application/json"))) {
+    return NS_OK;
+  }
+
+  if (StringBeginsWith(contentType, NS_LITERAL_CSTRING("application/json"))) {
     // script load has type application/json
     AccumulateCategorical(
         Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_3::app_json);
-  } else if (StringBeginsWith(contentType, NS_LITERAL_CSTRING("text/json"))) {
+    return NS_OK;
+  }
+
+  if (StringBeginsWith(contentType, NS_LITERAL_CSTRING("text/json"))) {
     // script load has type text/json
     AccumulateCategorical(
         Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_3::text_json);
-  } else if (StringBeginsWith(contentType, NS_LITERAL_CSTRING("text/html"))) {
+    return NS_OK;
+  }
+
+  if (StringBeginsWith(contentType, NS_LITERAL_CSTRING("text/html"))) {
     // script load has type text/html
     AccumulateCategorical(
         Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_3::text_html);
-  } else if (contentType.IsEmpty()) {
+    return NS_OK;
+  }
+
+  if (contentType.IsEmpty()) {
     // script load has no type
     AccumulateCategorical(
         Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_3::empty);
-  } else {
-    // script load has unknown type
-    AccumulateCategorical(
-        Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_3::unknown);
-  }
-
-  // We restrict importScripts() in worker code to JavaScript MIME types.
-  if (aLoadInfo->InternalContentPolicyType() ==
-      nsIContentPolicy::TYPE_INTERNAL_WORKER_IMPORT_SCRIPTS) {
-    // Instead of consulting Preferences::GetBool() all the time we
-    // can cache the result to speed things up.
-    static bool sCachedBlockImportScriptsWithWrongMime = false;
-    static bool sIsInited = false;
-    if (!sIsInited) {
-      sIsInited = true;
-      Preferences::AddBoolVarCache(
-          &sCachedBlockImportScriptsWithWrongMime,
-          "security.block_importScripts_with_wrong_mime", true);
-    }
-
-    // Do not block the load if the feature is not enabled.
-    if (!sCachedBlockImportScriptsWithWrongMime) {
-      return NS_OK;
-    }
-
-    ReportMimeTypeMismatch(aChannel, "BlockImportScriptsWithWrongMimeType",
-                           aURI, contentType, Report::Error);
-    return NS_ERROR_CORRUPTED_CONTENT;
+    return NS_OK;
   }
 
+  // script load has unknown type
+  AccumulateCategorical(
+      Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_3::unknown);
   return NS_OK;
 }