Bug 561051 - make CSP frame-ancestors and X-Frame-Options work with viewSourceChannels, a=jst

2010-10-14 15:25:00 -07:00 · 2010-10-14 15:25:00 -07:00 · 4c969b1489
--- a/content/base/src/contentSecurityPolicy.js
+++ b/content/base/src/contentSecurityPolicy.js
@ -188,13 +188,23 @@ ContentSecurityPolicy.prototype = {
    if (!aChannel)
      return;
    // grab the request line
-    var internalChannel = aChannel.QueryInterface(Ci.nsIHttpChannelInternal);
-    var reqMaj = {};
-    var reqMin = {};
-    var reqVersion = internalChannel.getRequestVersion(reqMaj, reqMin);
-    this._request = aChannel.requestMethod + " " 
-                  + aChannel.URI.asciiSpec
-                  + " HTTP/" + reqMaj.value + "." + reqMin.value;
+    var internalChannel = null;
+    try {
+      internalChannel = aChannel.QueryInterface(Ci.nsIHttpChannelInternal);
+    } catch (e) {
+      CSPdebug("No nsIHttpChannelInternal for " + aChannel.URI.asciiSpec);
+    }
+
+    this._request = aChannel.requestMethod + " " + aChannel.URI.asciiSpec;
+
+    // We will only be able to provide the HTTP version information if aChannel
+    // implements nsIHttpChannelInternal
+    if (internalChannel) {
+      var reqMaj = {};
+      var reqMin = {};
+      var reqVersion = internalChannel.getRequestVersion(reqMaj, reqMin);
+      this._request += " HTTP/" + reqMaj.value + "." + reqMin.value;
+    }

    // grab the request headers
    var self = this;
@ -216,6 +226,13 @@ ContentSecurityPolicy.prototype = {
  function csp_refinePolicy(aPolicy, selfURI) {
    CSPdebug("REFINE POLICY: " + aPolicy);
    CSPdebug("         SELF: " + selfURI.asciiSpec);
+    // For nested schemes such as view-source: make sure we are taking the
+    // innermost URI to use as 'self' since that's where we will extract the
+    // scheme, host and port from
+    if (selfURI instanceof Ci.nsINestedURI) {
+      CSPdebug("        INNER: " + selfURI.innermostURI.asciiSpec);
+      selfURI = selfURI.innermostURI;
+    }

    // stay uninitialized until policy merging is done
    this._isInitialized = false;
@ -379,7 +396,8 @@ ContentSecurityPolicy.prototype = {
                          aExtra) {

    // don't filter chrome stuff
-    if (aContentLocation.scheme === 'chrome') {
+    if (aContentLocation.scheme === 'chrome' ||
+        aContentLocation.scheme === 'resource') {
      return Ci.nsIContentPolicy.ACCEPT;
    }

--- a/content/base/test/file_CSP_frameancestors_main.html
+++ b/content/base/test/file_CSP_frameancestors_main.html
@ -15,6 +15,9 @@
 <tt>  aa_block:     /* innermost frame denies a */</tt><br/>
 <iframe id='aa_block'></iframe><br/>

+<tt>  aa2_block:     /* innermost frame (view-source: URL) denies a */</tt><br/>
+<iframe id='aa2_block'></iframe><br/>
+
 <tt>  ab_allow:     /* innermost frame allows a */</tt><br/>
 <iframe id='ab_allow'></iframe><br/>

--- a/content/base/test/file_CSP_frameancestors_main.js
+++ b/content/base/test/file_CSP_frameancestors_main.js
@ -22,6 +22,10 @@ function setupFrames() {
  elt.src = base.a + "?testid=aa_block&internalframe=aa_b&csp=" + 
            escape("allow 'none'; frame-ancestors 'none'; script-src 'self'");

+  elt = $('aa2_block');
+  elt.src = "view-source:" + base.a + "?testid=aa2_block&internalframe=aa_b&csp=" +
+            escape("allow 'none'; frame-ancestors 'none'; script-src 'self'");
+
  elt = $('ab_allow');
  elt.src = base.b + "?testid=ab_allow&internalframe=ab_a&csp=" +
            escape("allow 'none'; frame-ancestors " + host.a + "; script-src 'self'");
--- a/content/base/test/test_CSP_frameancestors.html
+++ b/content/base/test/test_CSP_frameancestors.html
@ -23,6 +23,7 @@ var path = "/tests/content/base/test/";
 var framesThatShouldLoad = {
  aa_allow: -1,    /* innermost frame allows a */
  //aa_block: -1,    /* innermost frame denies a */
+  //aa2_block: -1,    /* innermost frame denies a */
  ab_allow: -1,    /* innermost frame allows a */
  //ab_block: -1,    /* innermost frame denies a */
  aba_allow: -1,   /* innermost frame allows b,a */
@ -33,7 +34,7 @@ var framesThatShouldLoad = {
  //abb2_block: -1,  /* innermost frame denies a */
 };

-var expectedViolationsLeft = 6;
+var expectedViolationsLeft = 7;

 // This is used to watch the blocked data bounce off CSP and allowed data 
 // get sent out to the wire.
--- a/netwerk/protocol/viewsource/nsViewSourceChannel.cpp
+++ b/netwerk/protocol/viewsource/nsViewSourceChannel.cpp
@ -60,6 +60,7 @@ NS_INTERFACE_MAP_BEGIN(nsViewSourceChannel)
    NS_INTERFACE_MAP_ENTRY(nsIStreamListener)
    NS_INTERFACE_MAP_ENTRY(nsIRequestObserver)
    NS_INTERFACE_MAP_ENTRY_CONDITIONAL(nsIHttpChannel, mHttpChannel)
+    NS_INTERFACE_MAP_ENTRY_CONDITIONAL(nsIHttpChannelInternal, mHttpChannelInternal)
    NS_INTERFACE_MAP_ENTRY_CONDITIONAL(nsICachingChannel, mCachingChannel)
    NS_INTERFACE_MAP_ENTRY_CONDITIONAL(nsIUploadChannel, mUploadChannel)
    NS_INTERFACE_MAP_ENTRY_AMBIGUOUS(nsIRequest, nsIViewSourceChannel)
@ -97,6 +98,7 @@ nsViewSourceChannel::Init(nsIURI* uri)
 
    mChannel->SetOriginalURI(mOriginalURI);
    mHttpChannel = do_QueryInterface(mChannel);
+    mHttpChannelInternal = do_QueryInterface(mChannel);
    mCachingChannel = do_QueryInterface(mChannel);
    mUploadChannel = do_QueryInterface(mChannel);
    
@ -628,6 +630,12 @@ nsViewSourceChannel::GetResponseHeader(const nsACString & aHeader,
        return NS_ERROR_NULL_POINTER;

    if (!aHeader.Equals(NS_LITERAL_CSTRING("Content-Type"),
+                        nsCaseInsensitiveCStringComparator()) &&
+        !aHeader.Equals(NS_LITERAL_CSTRING("X-Content-Security-Policy"),
+                        nsCaseInsensitiveCStringComparator()) &&
+        !aHeader.Equals(NS_LITERAL_CSTRING("X-Content-Security-Policy-Report-Only"),
+                        nsCaseInsensitiveCStringComparator()) &&
+        !aHeader.Equals(NS_LITERAL_CSTRING("X-Frame-Options"),
                        nsCaseInsensitiveCStringComparator())) {
        aValue.Truncate();
        return NS_OK;
--- a/netwerk/protocol/viewsource/nsViewSourceChannel.h
+++ b/netwerk/protocol/viewsource/nsViewSourceChannel.h
@ -48,12 +48,14 @@
 #include "nsViewSourceHandler.h"
 #include "nsNetCID.h"
 #include "nsIHttpChannel.h"
+#include "nsIHttpChannelInternal.h"
 #include "nsICachingChannel.h"
 #include "nsIUploadChannel.h"

 class nsViewSourceChannel : public nsIViewSourceChannel,
                            public nsIStreamListener,
                            public nsIHttpChannel,
+                            public nsIHttpChannelInternal,
                            public nsICachingChannel,
                            public nsIUploadChannel
 {
@ -69,6 +71,7 @@ public:
    NS_FORWARD_SAFE_NSICACHEINFOCHANNEL(mCachingChannel)
    NS_FORWARD_SAFE_NSICACHINGCHANNEL(mCachingChannel)
    NS_FORWARD_SAFE_NSIUPLOADCHANNEL(mUploadChannel)
+    NS_FORWARD_SAFE_NSIHTTPCHANNELINTERNAL(mHttpChannelInternal)

    // nsViewSourceChannel methods:
    nsViewSourceChannel()
@ -80,6 +83,7 @@ public:
 protected:
    nsCOMPtr<nsIChannel>        mChannel;
    nsCOMPtr<nsIHttpChannel>    mHttpChannel;
+    nsCOMPtr<nsIHttpChannelInternal>    mHttpChannelInternal;
    nsCOMPtr<nsICachingChannel> mCachingChannel;
    nsCOMPtr<nsIUploadChannel>  mUploadChannel;
    nsCOMPtr<nsIStreamListener> mListener;