Bug 1595762: Make type object loads subject to CSP frame ancestors. r=jkt,annevk

Differential Revision: https://phabricator.services.mozilla.com/D52806

--HG--
extra : moz-landing-system : lando
This commit is contained in:
Christoph Kerschbaumer 2019-11-13 14:52:55 +00:00
Родитель 0eaca3ad9b
Коммит 515d2c1cdb
1 изменённых файлов: 4 добавлений и 3 удалений

Просмотреть файл

@ -121,9 +121,10 @@ nsresult DOMSecurityManager::ParseCSPAndEnforceFrameAncestorCheck(
nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
nsContentPolicyType contentType = loadInfo->GetExternalContentPolicyType();
// frame-ancestor check only makes sense for subdocument loads, if this is
// not a load of such type, there is nothing to do here.
if (contentType != nsIContentPolicy::TYPE_SUBDOCUMENT) {
// frame-ancestor check only makes sense for subdocument and object loads,
// if this is not a load of such type, there is nothing to do here.
if (contentType != nsIContentPolicy::TYPE_SUBDOCUMENT &&
contentType != nsIContentPolicy::TYPE_OBJECT) {
return NS_OK;
}