зеркало из https://github.com/mozilla/gecko-dev.git
Bug 548193 - Make CSP send reports as JSON, r=sicking
This commit is contained in:
Brandon Sterne
Родитель
171302860f
Коммит
3afed3d802
|
|
@ -246,34 +246,31 @@ ContentSecurityPolicy.prototype = {
|
||||||
var uriString = this._policy.getReportURIs();
|
var uriString = this._policy.getReportURIs();
|
||||||
var uris = uriString.split(/\s+/);
|
var uris = uriString.split(/\s+/);
|
||||||
if (uris.length > 0) {
|
if (uris.length > 0) {
|
||||||
// Generate report to send composed of:
|
// Generate report to send composed of
|
||||||
// <csp-report>
|
// {
|
||||||
// <request>GET /index.html HTTP/1.1</request>
|
// csp-report: {
|
||||||
// <request-headers>Host: example.com
|
// request: "GET /index.html HTTP/1.1",
|
||||||
// User-Agent: ...
|
// request-headers: "Host: example.com
|
||||||
// ...
|
// User-Agent: ...
|
||||||
// </request-headers>
|
// ...",
|
||||||
// <blocked-uri>...</blocked-uri>
|
// blocked-uri: "...",
|
||||||
// <violated-directive>...</violated-directive>
|
// violated-directive: "..."
|
||||||
// </csp-report>
|
// }
|
||||||
//
|
// }
|
||||||
var strHeaders = "";
|
var strHeaders = "";
|
||||||
for (let i in this._requestHeaders) {
|
for (let i in this._requestHeaders) {
|
||||||
strHeaders += this._requestHeaders[i] + "\n";
|
strHeaders += this._requestHeaders[i] + "\n";
|
||||||
}
|
}
|
||||||
|
var report = {
|
||||||
var report = "<csp-report>\n" +
|
'csp-report': {
|
||||||
" <request>" + this._request + "</request>\n" +
|
'request': this._request,
|
||||||
" <request-headers><![CDATA[\n" +
|
'request-headers': strHeaders,
|
||||||
strHeaders +
|
'blocked-uri': (blockedUri instanceof Ci.nsIURI ?
|
||||||
" ]]></request-headers>\n" +
|
blockedUri.asciiSpec : blockedUri),
|
||||||
" <blocked-uri>" +
|
'violated-directive': violatedDirective
|
||||||
(blockedUri instanceof Ci.nsIURI ? blockedUri.asciiSpec : blockedUri) +
|
}
|
||||||
"</blocked-uri>\n" +
|
}
|
||||||
" <violated-directive>" + violatedDirective + "</violated-directive>\n" +
|
CSPdebug("Constructed violation report:\n" + JSON.stringify(report));
|
||||||
"</csp-report>\n";
|
|
||||||
|
|
||||||
CSPdebug("Constructed violation report:\n" + report);
|
|
||||||
|
|
||||||
// For each URI in the report list, send out a report.
|
// For each URI in the report list, send out a report.
|
||||||
for (let i in uris) {
|
for (let i in uris) {
|
||||||
|
|
@ -301,7 +298,7 @@ ContentSecurityPolicy.prototype = {
|
||||||
// abused for CSRF.
|
// abused for CSRF.
|
||||||
req.channel.loadFlags |= Ci.nsIChannel.LOAD_ANONYMOUS;
|
req.channel.loadFlags |= Ci.nsIChannel.LOAD_ANONYMOUS;
|
||||||
|
|
||||||
req.send(report);
|
req.send(JSON.stringify(report));
|
||||||
CSPdebug("Sent violation report to " + uris[i]);
|
CSPdebug("Sent violation report to " + uris[i]);
|
||||||
} catch(e) {
|
} catch(e) {
|
||||||
// it's possible that the URI was invalid, just log a
|
// it's possible that the URI was invalid, just log a
|
||||||
|
|
|
||||||
Загрузка…
Ссылка в новой задаче