Backed out 2 changesets (bug 1839165) for causing failures on test_ext_contentscript_triggeringPrincipal.js CLOSED TREE

Backed out changeset 5e73732114f1 (bug 1839165)
Backed out changeset 7ab35b57969d (bug 1839165)

devtools/client/webconsole/test/browser/_webconsole.ini

@@ -39,8 +39,6 @@ support-files =
   test-csp-violation-frame-ancestor-child.html
   test-csp-violation-frame-ancestor-parent.html^headers^
   test-csp-violation-frame-ancestor-parent.html
-  test-csp-many-errors.html
-  test-csp-many-errors.html^headers^
   test-cspro.html
   test-cspro.html^headers^
   test-iframe-child.html
@@ -264,7 +262,6 @@ skip-if = http3 # Bug 1829298
 https_first_disabled = true
 skip-if = http3 # Bug 1829298
 [browser_webconsole_csp_violation.js]
-[browser_webconsole_csp_too_many_reports.js]
 [browser_webconsole_cspro.js]
 https_first_disabled = true
 skip-if = http3 # Bug 1829298

devtools/client/webconsole/test/browser/browser_webconsole_csp_too_many_reports.js

@@ -1,44 +0,0 @@
-/* Any copyright is dedicated to the Public Domain.
- * http://creativecommons.org/publicdomain/zero/1.0/ */
-
-/*
- * This tests loads a page that triggers so many CSP reports that they throttled
- * and a console error is logged.
- */
-
-"use strict";
-
-const TEST_URI =
-  "data:text/html;charset=utf8,<!DOCTYPE html>Web Console CSP too many reports test";
-const TEST_VIOLATIONS =
-  "https://example.com/browser/devtools/client/webconsole/" +
-  "test/browser/test-csp-many-errors.html";
-const CSP_VIOLATION_MSG =
-  "Content-Security-Policy: The page\u2019s settings blocked the loading of a resource " +
-  "at inline (\u201cstyle-src\u201d).";
-const CSP_TOO_MANY_REPORTS_MSG =
-  "Content-Security-Policy: Prevented too many CSP reports from being sent within a short period of time.";
-
-add_task(async function () {
-  const hud = await openNewTabAndConsole(TEST_URI);
-
-  const onCspViolationMessage = waitForMessageByType(
-    hud,
-    CSP_VIOLATION_MSG,
-    ".error"
-  );
-  const onCspTooManyReportsMessage = waitForMessageByType(
-    hud,
-    CSP_TOO_MANY_REPORTS_MSG,
-    ".error"
-  );
-
-  info("Load a page with CSP warnings.");
-  await navigateTo(TEST_VIOLATIONS);
-
-  await onCspViolationMessage;
-  await onCspTooManyReportsMessage;
-  ok(true, "Got error about too many reports");
-
-  await clearOutput(hud);
-});

devtools/client/webconsole/test/browser/test-csp-many-errors.html

@@ -1,24 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<head>
-  <meta charset="UTF-8">
-  <title>Test for Bug 1839165 - Verify that we warn about too many reports.</title>
-<!-- Any copyright is dedicated to the Public Domain.
-     http://creativecommons.org/publicdomain/zero/1.0/ -->
-</head>
-<body>
-<div></div>
-<script>
-"use strict";
-
-function run() {
-  const div = document.querySelector("div");
-  // Setting more than 100 (disallowed) inline styles will trigger throttling.
-  for (let i = 0; i < 200; i++) {
-    div.setAttribute("style", `background-color: rgb(0, 0, ${i});`);
-  }
-}
-run();
-</script>
-</body>
-</html>

devtools/client/webconsole/test/browser/test-csp-many-errors.html^headers^

@@ -1 +0,0 @@
-Content-Security-Policy: style-src 'none'; report-uri https://example.com/ignored/;

dom/locales/en-US/chrome/security/csp.properties

@@ -20,7 +20,6 @@ CSPROViolationWithURI = The page’s settings observed the loading of a resource
 # LOCALIZATION NOTE (triedToSendReport):
 # %1$S is the URI we attempted to send a report to.
 triedToSendReport = Tried to send report to invalid URI: “%1$S”
-tooManyReports = Prevented too many CSP reports from being sent within a short period of time.
 # LOCALIZATION NOTE (couldNotParseReportURI):
 # %1$S is the report URI that could not be parsed
 couldNotParseReportURI = couldn’t parse report URI: %1$S

dom/security/nsCSPContext.cpp

@@ -1134,63 +1134,12 @@ nsresult nsCSPContext::GatherSecurityPolicyViolationEventData(
   return NS_OK;
 }
 
-bool nsCSPContext::ShouldThrottleReport(
-    const mozilla::dom::SecurityPolicyViolationEventInit& aViolationEventInit) {
-  // Fetch rate limiting preferences
-  const uint32_t kLimitCount =
-      StaticPrefs::security_csp_reporting_limit_count();
-  const uint32_t kTimeSpanSeconds =
-      StaticPrefs::security_csp_reporting_limit_timespan();
-
-  // Disable throttling if either of the preferences is set to 0.
-  if (kLimitCount == 0 || kTimeSpanSeconds == 0) {
-    return false;
-  }
-
-  TimeDuration throttleSpan = TimeDuration::FromSeconds(kTimeSpanSeconds);
-  if (mSendReportLimitSpanStart.IsNull() ||
-      ((TimeStamp::Now() - mSendReportLimitSpanStart) > throttleSpan)) {
-    // Initial call or timespan exceeded, reset counter and timespan.
-    mSendReportLimitSpanStart = TimeStamp::Now();
-    mSendReportLimitCount = 1;
-    // Also make sure we warn about omitted messages. (XXX or only do this once
-    // per context?)
-    mWarnedAboutTooManyReports = false;
-    return false;
-  }
-
-  if (mSendReportLimitCount < kLimitCount) {
-    mSendReportLimitCount++;
-    return false;
-  }
-
-  // Rate limit reached
-  if (!mWarnedAboutTooManyReports) {
-    logToConsole("tooManyReports", {}, aViolationEventInit.mSourceFile,
-                 aViolationEventInit.mSample, aViolationEventInit.mLineNumber,
-                 aViolationEventInit.mColumnNumber, nsIScriptError::errorFlag);
-    mWarnedAboutTooManyReports = true;
-  }
-  return true;
-}
-
 nsresult nsCSPContext::SendReports(
     const mozilla::dom::SecurityPolicyViolationEventInit& aViolationEventInit,
     uint32_t aViolatedPolicyIndex) {
   EnsureIPCPoliciesRead();
   NS_ENSURE_ARG_MAX(aViolatedPolicyIndex, mPolicies.Length() - 1);
 
-  nsTArray<nsString> reportURIs;
-  mPolicies[aViolatedPolicyIndex]->getReportURIs(reportURIs);
-  // There is nowhere to send reports to.
-  if (reportURIs.IsEmpty()) {
-    return NS_OK;
-  }
-
-  if (ShouldThrottleReport(aViolationEventInit)) {
-    return NS_OK;
-  }
-
   dom::CSPReport report;
 
   // blocked-uri
@@ -1249,6 +1198,10 @@ nsresult nsCSPContext::SendReports(
   }
 
   // ---------- Assembled, now send it to all the report URIs ----------- //
+
+  nsTArray<nsString> reportURIs;
+  mPolicies[aViolatedPolicyIndex]->getReportURIs(reportURIs);
+
   nsCOMPtr<Document> doc = do_QueryReferent(mLoadingContext);
   nsCOMPtr<nsIURI> reportURI;
   nsCOMPtr<nsIChannel> reportChannel;

dom/security/nsCSPContext.h

@@ -151,10 +151,6 @@ class nsCSPContext : public nsIContentSecurityPolicy {
  private:
   void EnsureIPCPoliciesRead();
 
-  bool ShouldThrottleReport(
-      const mozilla::dom::SecurityPolicyViolationEventInit&
-          aViolationEventInit);
-
   bool permitsInternal(CSPDirective aDir,
                        mozilla::dom::Element* aTriggeringElement,
                        nsICSPEventListener* aCSPEventListener,
@@ -196,10 +192,6 @@ class nsCSPContext : public nsIContentSecurityPolicy {
   nsTArray<ConsoleMsgQueueElem> mConsoleMsgQueue;
   bool mQueueUpMessages;
   nsCOMPtr<nsIEventTarget> mEventTarget;
-
-  mozilla::TimeStamp mSendReportLimitSpanStart;
-  uint32_t mSendReportLimitCount = 1;
-  bool mWarnedAboutTooManyReports = false;
 };
 
 // Class that listens to violation report transmission and logs errors.

modules/libpref/init/StaticPrefList.yaml

@@ -13509,18 +13509,6 @@
   value: true
   mirror: always
 
-# Limit the number of CSP reports that are send in a specific timespan.
-- name: security.csp.reporting.limit.count
-  type: uint32_t
-  value: 100
-  mirror: always
-
-# Time span in seconds for reporting limit.
-- name: security.csp.reporting.limit.timespan
-  type: uint32_t
-  value: 2
-  mirror: always
-
 # If true, all toplevel data: URI navigations will be blocked.
 # Please note that manually entering a data: URI in the
 # URL-Bar will not be blocked when flipping this pref.