diff --git a/dom/base/WebSocket.cpp b/dom/base/WebSocket.cpp index 28c25497c2c6..09e109c63553 100644 --- a/dom/base/WebSocket.cpp +++ b/dom/base/WebSocket.cpp @@ -1508,6 +1508,8 @@ WebSocketImpl::Init(JSContext* aCx, } } + // Check content policy. + int16_t shouldLoad = nsIContentPolicy::ACCEPT; nsCOMPtr originDoc = mWebSocket->GetDocumentIfCurrent(); if (!originDoc) { nsresult rv = mWebSocket->CheckInnerWindowCorrectness(); @@ -1518,6 +1520,24 @@ WebSocketImpl::Init(JSContext* aCx, } mOriginDocument = do_GetWeakReference(originDoc); + aRv = NS_CheckContentLoadPolicy(nsIContentPolicy::TYPE_WEBSOCKET, + uri, + aPrincipal, + originDoc, + EmptyCString(), + nullptr, + &shouldLoad, + nsContentUtils::GetContentPolicy(), + nsContentUtils::GetSecurityManager()); + if (NS_WARN_IF(aRv.Failed())) { + return; + } + + if (NS_CP_REJECTED(shouldLoad)) { + // Disallowed by content policy. + aRv.Throw(NS_ERROR_CONTENT_BLOCKED); + return; + } // Potentially the page uses the CSP directive 'upgrade-insecure-requests'. // In such a case we have to upgrade ws: to wss: and also update mSecure @@ -1702,7 +1722,6 @@ WebSocketImpl::AsyncOpen(nsIPrincipal* aPrincipal, uint64_t aInnerWindowID, aRv = mChannel->AsyncOpen(uri, asciiOrigin, aInnerWindowID, this, nullptr); if (NS_WARN_IF(aRv.Failed())) { - aRv.Throw(NS_ERROR_CONTENT_BLOCKED); return; } @@ -1773,7 +1792,7 @@ WebSocketImpl::InitializeConnection(nsIPrincipal* aPrincipal) wsChannel->InitLoadInfo(doc ? doc->AsDOMNode() : nullptr, doc ? doc->NodePrincipal() : aPrincipal, aPrincipal, - nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL, + nsILoadInfo::SEC_NORMAL, nsIContentPolicy::TYPE_WEBSOCKET); if (!mRequestedProtocolList.IsEmpty()) { diff --git a/dom/push/PushServiceWebSocket.jsm b/dom/push/PushServiceWebSocket.jsm index 7c0b1ef48f01..2c1815cf4667 100644 --- a/dom/push/PushServiceWebSocket.jsm +++ b/dom/push/PushServiceWebSocket.jsm @@ -483,7 +483,7 @@ this.PushServiceWebSocket = { socket.initLoadInfo(null, // aLoadingNode Services.scriptSecurityManager.getSystemPrincipal(), null, // aTriggeringPrincipal - Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL, + Ci.nsILoadInfo.SEC_NORMAL, Ci.nsIContentPolicy.TYPE_WEBSOCKET); return socket; diff --git a/dom/security/nsContentSecurityManager.cpp b/dom/security/nsContentSecurityManager.cpp index 4d75d4fad6b3..380f4dc37df4 100644 --- a/dom/security/nsContentSecurityManager.cpp +++ b/dom/security/nsContentSecurityManager.cpp @@ -302,8 +302,7 @@ DoContentSecurityChecks(nsIURI* aURI, nsILoadInfo* aLoadInfo) } case nsIContentPolicy::TYPE_WEBSOCKET: { - mimeTypeGuess = EmptyCString(); - requestingContext = aLoadInfo->LoadingNode(); + MOZ_ASSERT(false, "contentPolicyType not supported yet"); break; } diff --git a/dom/simplepush/PushService.jsm b/dom/simplepush/PushService.jsm index 93c5ec6665b9..a72d7c1ccb6f 100644 --- a/dom/simplepush/PushService.jsm +++ b/dom/simplepush/PushService.jsm @@ -828,7 +828,7 @@ this.PushService = { this._ws.initLoadInfo(null, // aLoadingNode Services.scriptSecurityManager.getSystemPrincipal(), null, // aTriggeringPrincipal - Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL, + Ci.nsILoadInfo.SEC_NORMAL, Ci.nsIContentPolicy.TYPE_WEBSOCKET); } else if (uri.scheme === "ws") { diff --git a/netwerk/protocol/websocket/WebSocketChannel.cpp b/netwerk/protocol/websocket/WebSocketChannel.cpp index bd7ae5565c02..3fb66eaf68ff 100644 --- a/netwerk/protocol/websocket/WebSocketChannel.cpp +++ b/netwerk/protocol/websocket/WebSocketChannel.cpp @@ -1400,14 +1400,7 @@ WebSocketChannel::BeginOpenInternal() } #endif - nsCOMPtr loadInfo = localChannel->GetLoadInfo(); - if (loadInfo && loadInfo->GetSecurityMode()) { - rv = localChannel->AsyncOpen2(this); - } - else { - rv = localChannel->AsyncOpen(this, nullptr); - } - + rv = localChannel->AsyncOpen(this, mHttpChannel); if (NS_FAILED(rv)) { LOG(("WebSocketChannel::BeginOpenInternal: cannot async open\n")); AbortSession(NS_ERROR_CONNECTION_REFUSED); @@ -3557,7 +3550,7 @@ WebSocketChannel::OnStartRequest(nsIRequest *aRequest, nsISupports *aContext) { LOG(("WebSocketChannel::OnStartRequest(): %p [%p %p] recvdhttpupgrade=%d\n", - this, aRequest, mHttpChannel.get(), mRecvdHttpUpgradeTransport)); + this, aRequest, aContext, mRecvdHttpUpgradeTransport)); MOZ_ASSERT(NS_IsMainThread(), "not main thread"); MOZ_ASSERT(!mGotUpgradeOK, "OTA duplicated"); @@ -3718,7 +3711,7 @@ WebSocketChannel::OnStopRequest(nsIRequest *aRequest, nsresult aStatusCode) { LOG(("WebSocketChannel::OnStopRequest() %p [%p %p %x]\n", - this, aRequest, mHttpChannel.get(), aStatusCode)); + this, aRequest, aContext, aStatusCode)); MOZ_ASSERT(NS_IsMainThread(), "not main thread"); ReportConnectionTelemetry(); @@ -3881,7 +3874,7 @@ WebSocketChannel::OnDataAvailable(nsIRequest *aRequest, uint32_t aCount) { LOG(("WebSocketChannel::OnDataAvailable() %p [%p %p %p %llu %u]\n", - this, aRequest, mHttpChannel.get(), aInputStream, aOffset, aCount)); + this, aRequest, aContext, aInputStream, aOffset, aCount)); // This is the HTTP OnDataAvailable Method, which means this is http data in // response to the upgrade request and there should be no http response body