зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1806080
- Mixed content level 2 makes csp directive: block-all-mixed-content obsolete. r=freddyb
Differential Revision: https://phabricator.services.mozilla.com/D164895
This commit is contained in:
Родитель
906efb8be5
Коммит
50ae345109
|
@ -96,6 +96,10 @@ IgnoringSrcBecauseOfDirective=Ignoring ‘%1$S’ because of ‘%2$S’ directiv
|
||||||
# %1$S is the ignored src
|
# %1$S is the ignored src
|
||||||
# %2$S is the directive which supports src
|
# %2$S is the directive which supports src
|
||||||
IgnoringSourceWithinDirective = Ignoring source “%1$S” (Not supported within ‘%2$S’).
|
IgnoringSourceWithinDirective = Ignoring source “%1$S” (Not supported within ‘%2$S’).
|
||||||
|
# LOCALIZATION NOTE (IgnoringSourceWithinDirective):
|
||||||
|
# %1$S is the ignored src
|
||||||
|
obsoleteBlockAllMixedContent = Ignoring ‘%1$S’ because mixed content display upgrading makes block-all-mixed-content obsolete.
|
||||||
|
|
||||||
|
|
||||||
# CSP Errors:
|
# CSP Errors:
|
||||||
# LOCALIZATION NOTE (couldntParseInvalidSource):
|
# LOCALIZATION NOTE (couldntParseInvalidSource):
|
||||||
|
|
|
@ -923,6 +923,15 @@ nsCSPDirective* nsCSPParser::directiveName() {
|
||||||
|
|
||||||
// special case handling for block-all-mixed-content
|
// special case handling for block-all-mixed-content
|
||||||
if (directive == nsIContentSecurityPolicy::BLOCK_ALL_MIXED_CONTENT) {
|
if (directive == nsIContentSecurityPolicy::BLOCK_ALL_MIXED_CONTENT) {
|
||||||
|
// If mixed content upgrade is enabled block-all-mixed content is obsolete
|
||||||
|
if (mozilla::StaticPrefs::
|
||||||
|
security_mixed_content_upgrade_display_content()) {
|
||||||
|
// log to the console that if mixed content display upgrading is enabled
|
||||||
|
// block-all-mixed-content is obsolete.
|
||||||
|
AutoTArray<nsString, 1> params = {mCurToken};
|
||||||
|
logWarningErrorToConsole(nsIScriptError::warningFlag,
|
||||||
|
"obsoleteBlockAllMixedContent", params);
|
||||||
|
}
|
||||||
return new nsBlockAllMixedContentDirective(directive);
|
return new nsBlockAllMixedContentDirective(directive);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -5,15 +5,21 @@ support-files =
|
||||||
download_page.html
|
download_page.html
|
||||||
download_server.sjs
|
download_server.sjs
|
||||||
|
|
||||||
[browser_test_mixed_content_download.js]
|
|
||||||
skip-if = win10_2004 && debug # Bug 1723573
|
|
||||||
[browser_mixed_content_auto_upgrade_display_console.js]
|
|
||||||
support-files = file_mixed_content_auto_upgrade_display_console.html
|
|
||||||
[browser_auto_upgrading_identity.js]
|
[browser_auto_upgrading_identity.js]
|
||||||
support-files =
|
support-files =
|
||||||
auto_upgrading_identity.html
|
auto_upgrading_identity.html
|
||||||
auto_upgrading_identity.png
|
auto_upgrading_identity.png
|
||||||
|
[browser_csp_block_all_mixedcontent_and_mixed_content_display_upgrade.js]
|
||||||
|
support-files =
|
||||||
|
file_csp_block_all_mixedcontent_and_mixed_content_display_upgrade.html
|
||||||
|
pass.png
|
||||||
|
test.ogv
|
||||||
|
test.wav
|
||||||
[browser_mixed_content_auth_download.js]
|
[browser_mixed_content_auth_download.js]
|
||||||
support-files =
|
support-files =
|
||||||
file_auth_download_page.html
|
file_auth_download_page.html
|
||||||
file_auth_download_server.sjs
|
file_auth_download_server.sjs
|
||||||
|
[browser_mixed_content_auto_upgrade_display_console.js]
|
||||||
|
support-files = file_mixed_content_auto_upgrade_display_console.html
|
||||||
|
[browser_test_mixed_content_download.js]
|
||||||
|
skip-if = win10_2004 && debug # Bug 1723573
|
||||||
|
|
|
@ -0,0 +1,78 @@
|
||||||
|
/*
|
||||||
|
* Description of the Test:
|
||||||
|
* We load an https page which uses a CSP including block-all-mixed-content.
|
||||||
|
* The page embedded an audio, img and video. ML2 should upgrade them and
|
||||||
|
* CSP should not be triggered.
|
||||||
|
*/
|
||||||
|
|
||||||
|
const PRE_PATH = getRootDirectory(gTestPath).replace(
|
||||||
|
"chrome://mochitests/content",
|
||||||
|
"https://example.com"
|
||||||
|
);
|
||||||
|
var gTestBrowser = null;
|
||||||
|
let expectedMessages = 3;
|
||||||
|
function on_new_message(msgObj) {
|
||||||
|
const message = msgObj.message;
|
||||||
|
|
||||||
|
// Check if csp warns about block-all-mixed content being obsolete
|
||||||
|
if (message.includes("Content Security Policy")) {
|
||||||
|
ok(
|
||||||
|
message.includes("block-all-mixed-content obsolete"),
|
||||||
|
"CSP warns about block-all-mixed content being obsolete"
|
||||||
|
);
|
||||||
|
}
|
||||||
|
if (message.includes("Mixed Content:")) {
|
||||||
|
ok(
|
||||||
|
message.includes("Upgrading insecure display request"),
|
||||||
|
"msg included a mixed content upgrade"
|
||||||
|
);
|
||||||
|
expectedMessages--;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
add_task(async function() {
|
||||||
|
await SpecialPowers.pushPrefEnv({
|
||||||
|
set: [["security.mixed_content.upgrade_display_content", true]],
|
||||||
|
});
|
||||||
|
Services.console.registerListener(on_new_message);
|
||||||
|
// Starting the test
|
||||||
|
var url =
|
||||||
|
PRE_PATH +
|
||||||
|
"file_csp_block_all_mixedcontent_and_mixed_content_display_upgrade.html";
|
||||||
|
|
||||||
|
await BrowserTestUtils.withNewTab(
|
||||||
|
{
|
||||||
|
gBrowser,
|
||||||
|
url,
|
||||||
|
waitForLoad: true,
|
||||||
|
},
|
||||||
|
async function(browser) {
|
||||||
|
let loadedElements = await ContentTask.spawn(
|
||||||
|
browser,
|
||||||
|
[],
|
||||||
|
async function() {
|
||||||
|
// Check image loaded
|
||||||
|
let image = content.document.getElementById("some-img");
|
||||||
|
let imageLoaded =
|
||||||
|
image && image.complete && image.naturalHeight !== 0;
|
||||||
|
// Check audio loaded
|
||||||
|
let audio = content.document.getElementById("some-audio");
|
||||||
|
let audioLoaded = audio && audio.readyState >= 2;
|
||||||
|
// Check video loaded
|
||||||
|
let video = content.document.getElementById("some-video");
|
||||||
|
//let videoPlayable = await once(video, "loadeddata").then(_ => true);
|
||||||
|
let videoLoaded = video && video.readyState === 4;
|
||||||
|
return { audio: audioLoaded, img: imageLoaded, video: videoLoaded };
|
||||||
|
}
|
||||||
|
);
|
||||||
|
is(true, loadedElements.img, "Image loaded and was upgraded " + url);
|
||||||
|
is(true, loadedElements.video, "Video loaded and was upgraded " + url);
|
||||||
|
is(true, loadedElements.audio, "Audio loaded and was upgraded " + url);
|
||||||
|
}
|
||||||
|
);
|
||||||
|
|
||||||
|
await BrowserTestUtils.waitForCondition(() => expectedMessages === 0);
|
||||||
|
|
||||||
|
// Clean up
|
||||||
|
Services.console.unregisterListener(on_new_message);
|
||||||
|
});
|
|
@ -0,0 +1,14 @@
|
||||||
|
<!DOCTYPE HTML>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<meta charset="utf-8">
|
||||||
|
<title>Bug 1806080 - ML2 with CSP block-all-mixed-content </title>
|
||||||
|
<meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<!--upgradeable resources--->
|
||||||
|
<img id="some-img" src="http://test1.example.com/browser/dom/security/test/mixedcontentblocker/pass.png" width="100px">
|
||||||
|
<video id="some-video" src="http://test1.example.com/browser/dom/security/test/mixedcontentblocker/test.ogv" width="100px">
|
||||||
|
<audio id="some-audio" src="http://test1.example.com/browser/dom/security/test/mixedcontentblocker/test.wav" width="100px">
|
||||||
|
</body>
|
||||||
|
</html>
|
Двоичный файл не отображается.
После Ширина: | Высота: | Размер: 1.6 KiB |
Двоичный файл не отображается.
Двоичный файл не отображается.
Загрузка…
Ссылка в новой задаче