mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Backed out changeset a2192165100c (bug 1041180) for xpcshell failures; CLOSED TREE

This commit is contained in:
Ed Morley 2014-10-03 10:12:53 +01:00
Родитель 40ba5d1f27
Коммит 6c9d66f653
64 изменённых файлов: 536 добавлений и 37 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

15
content/base/src/EventSource.cpp
Просмотреть файл

@ -28,6 +28,7 @@
#include "nsIAsyncVerifyRedirectCallback.h"
#include "nsIScriptError.h"
#include "mozilla/dom/EncodingUtils.h"
#include "nsIChannelPolicy.h"
#include "nsIContentSecurityPolicy.h"
#include "nsContentUtils.h"
#include "mozilla/Preferences.h"
@ -737,7 +738,17 @@ EventSource::InitChannelAndRequestEventSource()
nsLoadFlags loadFlags;
loadFlags = nsIRequest::LOAD_BACKGROUND | nsIRequest::LOAD_BYPASS_CACHE;
nsresult rv;
// get Content Security Policy from principal to pass into channel
nsCOMPtr<nsIChannelPolicy> channelPolicy;
nsCOMPtr<nsIContentSecurityPolicy> csp;
nsresult rv = mPrincipal->GetCsp(getter_AddRefs(csp));
NS_ENSURE_SUCCESS(rv, rv);
if (csp) {
channelPolicy = do_CreateInstance("@mozilla.org/nschannelpolicy;1");
channelPolicy->SetContentSecurityPolicy(csp);
channelPolicy->SetLoadType(nsIContentPolicy::TYPE_DATAREQUEST);
}
nsIScriptContext* sc = GetContextForEventHandlers(&rv);
nsCOMPtr<nsIDocument> doc =
nsContentUtils::GetDocumentFromScriptContext(sc);
@ -750,6 +761,7 @@ EventSource::InitChannelAndRequestEventSource()
doc,
nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL,
nsIContentPolicy::TYPE_DATAREQUEST,
channelPolicy, // aChannelPolicy
mLoadGroup, // loadGroup
nullptr, // aCallbacks
loadFlags); // aLoadFlags
@ -760,6 +772,7 @@ EventSource::InitChannelAndRequestEventSource()
mPrincipal,
nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL,
nsIContentPolicy::TYPE_DATAREQUEST,
channelPolicy, // aChannelPolicy
mLoadGroup, // loadGroup
nullptr, // aCallbacks
loadFlags); // aLoadFlags

11
content/base/src/ImportManager.cpp
Просмотреть файл

@ -12,6 +12,7 @@
#include "nsContentUtils.h"
#include "nsCrossSiteListenerProxy.h"
#include "nsIChannel.h"
#include "nsIChannelPolicy.h"
#include "nsIContentPolicy.h"
#include "nsIContentSecurityPolicy.h"
#include "nsIDocument.h"
@ -480,13 +481,23 @@ ImportLoader::Open()
NS_ENSURE_SUCCESS_VOID(rv);
nsCOMPtr<nsILoadGroup> loadGroup = mImportParent->GetDocumentLoadGroup();
nsCOMPtr<nsIChannelPolicy> channelPolicy;
nsCOMPtr<nsIContentSecurityPolicy> csp;
rv = principal->GetCsp(getter_AddRefs(csp));
NS_ENSURE_SUCCESS_VOID(rv);
if (csp) {
channelPolicy = do_CreateInstance("@mozilla.org/nschannelpolicy;1");
channelPolicy->SetContentSecurityPolicy(csp);
channelPolicy->SetLoadType(nsIContentPolicy::TYPE_SUBDOCUMENT);
}
nsCOMPtr<nsIChannel> channel;
rv = NS_NewChannel(getter_AddRefs(channel),
mURI,
mImportParent,
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_SUBDOCUMENT,
channelPolicy,
loadGroup,
nullptr, // aCallbacks
nsIRequest::LOAD_BACKGROUND);

1
content/base/src/moz.build
Просмотреть файл

@ -109,6 +109,7 @@ UNIFIED_SOURCES += [
'nsAttrValue.cpp',
'nsAttrValueOrString.cpp',
'nsCCUncollectableMarker.cpp',
'nsChannelPolicy.cpp',
'nsContentAreaDragDrop.cpp',
'nsContentIterator.cpp',
'nsContentList.cpp',

3
content/base/src/nsCSPContext.cpp
Просмотреть файл

@ -11,6 +11,7 @@
#include "nsCSPService.h"
#include "nsError.h"
#include "nsIAsyncVerifyRedirectCallback.h"
#include "nsIChannelPolicy.h"
#include "nsIClassInfoImpl.h"
#include "nsIDocShell.h"
#include "nsIDocShellTreeItem.h"
@ -24,10 +25,12 @@
#include "nsIObjectOutputStream.h"
#include "nsIObserver.h"
#include "nsIObserverService.h"
#include "nsIPropertyBag2.h"
#include "nsIStringStream.h"
#include "nsIUploadChannel.h"
#include "nsIScriptError.h"
#include "nsIWebNavigation.h"
#include "nsIWritablePropertyBag2.h"
#include "nsNetUtil.h"
#include "nsNullPrincipal.h"
#include "nsIContentPolicy.h"

5
content/base/src/nsCSPService.cpp
Просмотреть файл

@ -12,7 +12,12 @@
#include "nsIContent.h"
#include "nsCSPService.h"
#include "nsIContentSecurityPolicy.h"
#include "nsIChannelPolicy.h"
#include "nsIChannelEventSink.h"
#include "nsIPropertyBag2.h"
#include "nsIWritablePropertyBag2.h"
#include "nsError.h"
#include "nsChannelProperties.h"
#include "nsIAsyncVerifyRedirectCallback.h"
#include "nsAsyncRedirectVerifyHelper.h"
#include "mozilla/Preferences.h"

46
content/base/src/nsChannelPolicy.cpp Normal file
Просмотреть файл

@ -0,0 +1,46 @@
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "nsChannelPolicy.h"
nsChannelPolicy::nsChannelPolicy()
: mLoadType(0)
{
}
nsChannelPolicy::~nsChannelPolicy()
{
}
NS_IMPL_ISUPPORTS(nsChannelPolicy, nsIChannelPolicy)
NS_IMETHODIMP
nsChannelPolicy::GetLoadType(uint32_t *aLoadType)
{
*aLoadType = mLoadType;
return NS_OK;
}
NS_IMETHODIMP
nsChannelPolicy::SetLoadType(uint32_t aLoadType)
{
mLoadType = aLoadType;
return NS_OK;
}
NS_IMETHODIMP
nsChannelPolicy::GetContentSecurityPolicy(nsISupports **aCSP)
{
*aCSP = mCSP;
NS_IF_ADDREF(*aCSP);
return NS_OK;
}
NS_IMETHODIMP
nsChannelPolicy::SetContentSecurityPolicy(nsISupports *aCSP)
{
mCSP = aCSP;
return NS_OK;
}

37
content/base/src/nsChannelPolicy.h Normal file
Просмотреть файл

@ -0,0 +1,37 @@
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef nsChannelPolicy_h___
#define nsChannelPolicy_h___
#include "nsCOMPtr.h"
#include "nsIChannelPolicy.h"
#define NSCHANNELPOLICY_CONTRACTID "@mozilla.org/nschannelpolicy;1"
#define NSCHANNELPOLICY_CID \
{ 0xd396b3cd, 0xf164, 0x4ce8, \
{ 0x93, 0xa7, 0xe3, 0x85, 0xe1, 0x46, 0x56, 0x3c } }
class nsChannelPolicy : public nsIChannelPolicy
{
public:
NS_DECL_ISUPPORTS
NS_DECL_NSICHANNELPOLICY
nsChannelPolicy();
protected:
virtual ~nsChannelPolicy();
/* Represents the type of content being loaded in the channel per
* nsIContentPolicy, e.g. TYPE_IMAGE, TYPE_SCRIPT
*/
unsigned long mLoadType;
/* pointer to a Content Security Policy object if available */
nsCOMPtr<nsISupports> mCSP;
};
#endif /* nsChannelPolicy_h___ */

17
content/base/src/nsContentUtils.cpp
Просмотреть файл

@ -60,6 +60,7 @@
#include "nsAttrValueInlines.h"
#include "nsBindingManager.h"
#include "nsCCUncollectableMarker.h"
#include "nsChannelPolicy.h"
#include "nsCharSeparatedTokenizer.h"
#include "nsCOMPtr.h"
#include "nsContentCreatorFunctions.h"
@ -88,6 +89,7 @@
#include "nsIAsyncVerifyRedirectCallback.h"
#include "nsICategoryManager.h"
#include "nsIChannelEventSink.h"
#include "nsIChannelPolicy.h"
#include "nsIChromeRegistry.h"
#include "nsIConsoleService.h"
#include "nsIContent.h"
@ -3004,6 +3006,20 @@ nsContentUtils::LoadImage(nsIURI* aURI, nsIDocument* aLoadingDocument,
NS_ASSERTION(loadGroup || IsFontTableURI(documentURI),
"Could not get loadgroup; onload may fire too early");
// check for a Content Security Policy to pass down to the channel that
// will get created to load the image
nsCOMPtr<nsIChannelPolicy> channelPolicy;
nsCOMPtr<nsIContentSecurityPolicy> csp;
if (aLoadingPrincipal) {
nsresult rv = aLoadingPrincipal->GetCsp(getter_AddRefs(csp));
NS_ENSURE_SUCCESS(rv, rv);
if (csp) {
channelPolicy = do_CreateInstance("@mozilla.org/nschannelpolicy;1");
channelPolicy->SetContentSecurityPolicy(csp);
channelPolicy->SetLoadType(nsIContentPolicy::TYPE_IMAGE);
}
}
// Make the URI immutable so people won't change it under us
NS_TryToSetImmutable(aURI);
@ -3018,6 +3034,7 @@ nsContentUtils::LoadImage(nsIURI* aURI, nsIDocument* aLoadingDocument,
aLoadingDocument, /* uniquification key */
aLoadFlags, /* load flags */
nullptr, /* cache key */
channelPolicy, /* CSP info */
initiatorType, /* the load initiator */
aRequest);
}

2
content/base/src/nsCrossSiteListenerProxy.cpp
Просмотреть файл

@ -1122,6 +1122,7 @@ NS_StartCORSPreflight(nsIChannel* aRequestChannel,
rv = NS_NewChannelInternal(getter_AddRefs(preflightChannel),
uri,
loadInfo,
nullptr, // aChannelPolicy
loadGroup,
nullptr, // aCallbacks
loadFlags);
@ -1133,6 +1134,7 @@ NS_StartCORSPreflight(nsIChannel* aRequestChannel,
nsContentUtils::GetSystemPrincipal(),
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_OTHER,
nullptr, // aChannelPolicy
loadGroup,
nullptr, // aCallbacks
loadFlags);

1
content/base/src/nsDocument.cpp
Просмотреть файл

@ -1333,6 +1333,7 @@ nsExternalResourceMap::PendingLoad::StartLoad(nsIURI* aURI,
aRequestingNode,
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_OTHER,
nullptr, // aChannelPolicy
loadGroup,
req); // aCallbacks

12
content/base/src/nsObjectLoadingContent.cpp
Просмотреть файл

@ -65,6 +65,8 @@
#include "nsObjectLoadingContent.h"
#include "mozAutoDocUpdate.h"
#include "nsIContentSecurityPolicy.h"
#include "nsIChannelPolicy.h"
#include "nsChannelPolicy.h"
#include "GeckoProfiler.h"
#include "nsPluginFrame.h"
#include "nsDOMClassInfo.h"
@ -2490,6 +2492,15 @@ nsObjectLoadingContent::OpenChannel()
nsCOMPtr<nsILoadGroup> group = doc->GetDocumentLoadGroup();
nsCOMPtr<nsIChannel> chan;
nsCOMPtr<nsIChannelPolicy> channelPolicy;
nsCOMPtr<nsIContentSecurityPolicy> csp;
rv = doc->NodePrincipal()->GetCsp(getter_AddRefs(csp));
NS_ENSURE_SUCCESS(rv, rv);
if (csp) {
channelPolicy = do_CreateInstance("@mozilla.org/nschannelpolicy;1");
channelPolicy->SetContentSecurityPolicy(csp);
channelPolicy->SetLoadType(nsIContentPolicy::TYPE_OBJECT);
}
nsRefPtr<ObjectInterfaceRequestorShim> shim =
new ObjectInterfaceRequestorShim(this);
@ -2511,6 +2522,7 @@ nsObjectLoadingContent::OpenChannel()
thisContent,
securityFlags,
nsIContentPolicy::TYPE_OBJECT,
channelPolicy,
group, // aLoadGroup
shim, // aCallbacks
nsIChannel::LOAD_CALL_CONTENT_SNIFFERS |

15
content/base/src/nsScriptLoader.cpp
Просмотреть файл

@ -41,6 +41,8 @@
#include "nsDocShellCID.h"
#include "nsIContentSecurityPolicy.h"
#include "prlog.h"
#include "nsIChannelPolicy.h"
#include "nsChannelPolicy.h"
#include "nsCRT.h"
#include "nsContentCreatorFunctions.h"
#include "nsCrossSiteListenerProxy.h"
@ -304,12 +306,25 @@ nsScriptLoader::StartLoad(nsScriptLoadRequest *aRequest, const nsAString &aType,
return NS_OK;
}
// check for a Content Security Policy to pass down to the channel
// that will be created to load the script
nsCOMPtr<nsIChannelPolicy> channelPolicy;
nsCOMPtr<nsIContentSecurityPolicy> csp;
rv = mDocument->NodePrincipal()->GetCsp(getter_AddRefs(csp));
NS_ENSURE_SUCCESS(rv, rv);
if (csp) {
channelPolicy = do_CreateInstance("@mozilla.org/nschannelpolicy;1");
channelPolicy->SetContentSecurityPolicy(csp);
channelPolicy->SetLoadType(nsIContentPolicy::TYPE_SCRIPT);
}
nsCOMPtr<nsIChannel> channel;
rv = NS_NewChannel(getter_AddRefs(channel),
aRequest->mURI,
mDocument,
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_SCRIPT,
channelPolicy,
loadGroup,
prompter,
nsIRequest::LOAD_NORMAL |

1
content/base/src/nsSyncLoadService.cpp
Просмотреть файл

@ -315,6 +315,7 @@ nsSyncLoadService::LoadDocument(nsIURI *aURI, nsIPrincipal *aLoaderPrincipal,
aLoaderPrincipal,
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_OTHER,
nullptr, // aChannelPolicy
aLoadGroup);
NS_ENSURE_SUCCESS(rv, rv);

15
content/base/src/nsXMLHttpRequest.cpp
Просмотреть файл

@ -51,6 +51,8 @@
#include "nsIPromptFactory.h"
#include "nsIWindowWatcher.h"
#include "nsIConsoleService.h"
#include "nsIChannelPolicy.h"
#include "nsChannelPolicy.h"
#include "nsIContentSecurityPolicy.h"
#include "nsAsyncRedirectVerifyHelper.h"
#include "nsStringBuffer.h"
@ -1722,6 +1724,17 @@ nsXMLHttpRequest::Open(const nsACString& inMethod, const nsACString& url,
// will be automatically aborted if the user leaves the page.
nsCOMPtr<nsILoadGroup> loadGroup = GetLoadGroup();
// get Content Security Policy from principal to pass into channel
nsCOMPtr<nsIChannelPolicy> channelPolicy;
nsCOMPtr<nsIContentSecurityPolicy> csp;
rv = mPrincipal->GetCsp(getter_AddRefs(csp));
NS_ENSURE_SUCCESS(rv, rv);
if (csp) {
channelPolicy = do_CreateInstance("@mozilla.org/nschannelpolicy;1");
channelPolicy->SetContentSecurityPolicy(csp);
channelPolicy->SetLoadType(nsIContentPolicy::TYPE_XMLHTTPREQUEST);
}
nsSecurityFlags secFlags = nsILoadInfo::SEC_NORMAL;
if (IsSystemXHR()) {
// Don't give this document the system principal. We need to keep track of
@ -1741,6 +1754,7 @@ nsXMLHttpRequest::Open(const nsACString& inMethod, const nsACString& url,
doc,
secFlags,
nsIContentPolicy::TYPE_XMLHTTPREQUEST,
channelPolicy,
loadGroup,
nullptr, // aCallbacks
nsIRequest::LOAD_BACKGROUND);
@ -1751,6 +1765,7 @@ nsXMLHttpRequest::Open(const nsACString& inMethod, const nsACString& url,
mPrincipal,
secFlags,
nsIContentPolicy::TYPE_XMLHTTPREQUEST,
channelPolicy,
loadGroup,
nullptr, // aCallbacks
nsIRequest::LOAD_BACKGROUND);

15
content/html/content/src/HTMLMediaElement.cpp
Просмотреть файл

@ -99,6 +99,8 @@ static PRLogModuleInfo* gMediaElementEventsLog;
#endif
#include "nsIContentSecurityPolicy.h"
#include "nsIChannelPolicy.h"
#include "nsChannelPolicy.h"
#include "mozilla/Preferences.h"
@ -1184,12 +1186,25 @@ nsresult HTMLMediaElement::LoadResource()
}
nsCOMPtr<nsILoadGroup> loadGroup = GetDocumentLoadGroup();
// check for a Content Security Policy to pass down to the channel
// created to load the media content
nsCOMPtr<nsIChannelPolicy> channelPolicy;
nsCOMPtr<nsIContentSecurityPolicy> csp;
rv = NodePrincipal()->GetCsp(getter_AddRefs(csp));
NS_ENSURE_SUCCESS(rv,rv);
if (csp) {
channelPolicy = do_CreateInstance("@mozilla.org/nschannelpolicy;1");
channelPolicy->SetContentSecurityPolicy(csp);
channelPolicy->SetLoadType(nsIContentPolicy::TYPE_MEDIA);
}
nsCOMPtr<nsIChannel> channel;
rv = NS_NewChannel(getter_AddRefs(channel),
mLoadingSrc,
static_cast<Element*>(this),
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_MEDIA,
channelPolicy,
loadGroup,
nullptr, // aCallbacks
nsICachingChannel::LOAD_BYPASS_LOCAL_CACHE_IF_BUSY |

16
content/html/content/src/HTMLTrackElement.cpp
Просмотреть файл

@ -21,6 +21,7 @@
#include "nsIAsyncVerifyRedirectCallback.h"
#include "nsICachingChannel.h"
#include "nsIChannelEventSink.h"
#include "nsIChannelPolicy.h"
#include "nsIContentPolicy.h"
#include "nsIContentSecurityPolicy.h"
#include "nsIDocument.h"
@ -236,6 +237,20 @@ HTMLTrackElement::LoadResource()
CreateTextTrack();
}
// Check for a Content Security Policy to pass down to the channel
// created to load the media content.
nsCOMPtr<nsIChannelPolicy> channelPolicy;
nsCOMPtr<nsIContentSecurityPolicy> csp;
rv = NodePrincipal()->GetCsp(getter_AddRefs(csp));
NS_ENSURE_TRUE_VOID(NS_SUCCEEDED(rv));
if (csp) {
channelPolicy = do_CreateInstance("@mozilla.org/nschannelpolicy;1");
if (!channelPolicy) {
return;
}
channelPolicy->SetContentSecurityPolicy(csp);
channelPolicy->SetLoadType(nsIContentPolicy::TYPE_MEDIA);
}
nsCOMPtr<nsIChannel> channel;
nsCOMPtr<nsILoadGroup> loadGroup = OwnerDoc()->GetDocumentLoadGroup();
rv = NS_NewChannel(getter_AddRefs(channel),
@ -243,6 +258,7 @@ HTMLTrackElement::LoadResource()
static_cast<Element*>(this),
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_MEDIA,
channelPolicy,
loadGroup);
NS_ENSURE_TRUE_VOID(NS_SUCCEEDED(rv));

1
content/html/document/src/nsHTMLDocument.cpp
Просмотреть файл

@ -1516,6 +1516,7 @@ nsHTMLDocument::Open(JSContext* cx,
callerDoc,
nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL,
nsIContentPolicy::TYPE_OTHER,
nullptr, // aChannelPolicy
group);
if (rv.Failed()) {

2
content/media/MediaResource.cpp
Просмотреть файл

@ -939,6 +939,7 @@ ChannelMediaResource::RecreateChannel()
element,
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_MEDIA,
nullptr, // aChannelPolicy
loadGroup,
nullptr, // aCallbacks
loadFlags);
@ -1458,6 +1459,7 @@ already_AddRefed<MediaResource> FileMediaResource::CloneData(MediaDecoder* aDeco
element,
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_MEDIA,
nullptr, // aChannelPolicy
loadGroup);
if (NS_FAILED(rv))

1
content/xul/document/src/XULDocument.cpp
Просмотреть файл

@ -2701,6 +2701,7 @@ XULDocument::LoadOverlayInternal(nsIURI* aURI, bool aIsDynamic,
NodePrincipal(),
nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL,
nsIContentPolicy::TYPE_OTHER,
nullptr, // aChannelPolicy
group);
if (NS_SUCCEEDED(rv)) {

22
docshell/base/nsDocShell.cpp
Просмотреть файл

@ -173,6 +173,7 @@
#endif
#include "nsContentUtils.h"
#include "nsIChannelPolicy.h"
#include "nsIContentSecurityPolicy.h"
#include "nsILoadInfo.h"
#include "nsSandboxFlags.h"
@ -10131,7 +10132,27 @@ nsDocShell::DoURILoad(nsIURI * aURI,
loadFlags |= nsIChannel::LOAD_BACKGROUND;
}
// check for Content Security Policy to pass along with the
// new channel we are creating
nsCOMPtr<nsIChannelPolicy> channelPolicy;
if (IsFrame()) {
// check the parent docshell for a CSP
nsCOMPtr<nsIContentSecurityPolicy> csp;
nsCOMPtr<nsIDocShellTreeItem> parentItem;
GetSameTypeParent(getter_AddRefs(parentItem));
if (parentItem) {
nsCOMPtr<nsIDocument> doc = parentItem->GetDocument();
if (doc) {
rv = doc->NodePrincipal()->GetCsp(getter_AddRefs(csp));
NS_ENSURE_SUCCESS(rv, rv);
if (csp) {
channelPolicy = do_CreateInstance("@mozilla.org/nschannelpolicy;1");
channelPolicy->SetContentSecurityPolicy(csp);
channelPolicy->SetLoadType(nsIContentPolicy::TYPE_SUBDOCUMENT);
}
}
}
// Only allow view-source scheme in top-level docshells. view-source is
// the only scheme to which this applies at the moment due to potential
// timing attacks to read data from cross-origin iframes. If this widens
@ -10200,6 +10221,7 @@ nsDocShell::DoURILoad(nsIURI * aURI,
requestingPrincipal,
securityFlags,
aContentPolicyType,
channelPolicy,
nullptr, // loadGroup
static_cast<nsIInterfaceRequestor*>(this),
loadFlags);

18
dom/base/Navigator.cpp
Просмотреть файл

@ -66,6 +66,7 @@
#include "mozIApplication.h"
#include "WidgetUtils.h"
#include "mozIThirdPartyUtil.h"
#include "nsChannelPolicy.h"
#ifdef MOZ_MEDIA_NAVIGATOR
#include "MediaManager.h"
@ -1048,11 +1049,26 @@ Navigator::SendBeacon(const nsAString& aUrl,
}
nsCOMPtr<nsIChannel> channel;
nsCOMPtr<nsIChannelPolicy> channelPolicy;
nsCOMPtr<nsIContentSecurityPolicy> csp;
rv = principal->GetCsp(getter_AddRefs(csp));
if (NS_FAILED(rv)) {
aRv.Throw(NS_ERROR_FAILURE);
return false;
}
if (csp) {
channelPolicy = do_CreateInstance(NSCHANNELPOLICY_CONTRACTID);
channelPolicy->SetContentSecurityPolicy(csp);
channelPolicy->SetLoadType(nsIContentPolicy::TYPE_BEACON);
}
rv = NS_NewChannel(getter_AddRefs(channel),
uri,
doc,
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_BEACON);
nsIContentPolicy::TYPE_BEACON,
channelPolicy);
if (NS_FAILED(rv)) {
aRv.Throw(rv);

1
dom/plugins/base/nsPluginHost.cpp
Просмотреть файл

@ -2857,6 +2857,7 @@ nsresult nsPluginHost::NewPluginURLStream(const nsString& aURL,
principal,
nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL,
nsIContentPolicy::TYPE_OBJECT_SUBREQUEST,
nullptr, // aChannelPolicy
nullptr, // aLoadGroup
listenerPeer);

1
dom/plugins/base/nsPluginStreamListenerPeer.cpp
Просмотреть файл

@ -662,6 +662,7 @@ nsPluginStreamListenerPeer::RequestRead(NPByteRange* rangeList)
principal,
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_OTHER,
nullptr, // aChannelPolicy
loadGroup,
callbacks);

21
dom/workers/ScriptLoader.cpp
Просмотреть файл

@ -6,6 +6,7 @@
#include "ScriptLoader.h"
#include "nsIChannel.h"
#include "nsIChannelPolicy.h"
#include "nsIContentPolicy.h"
#include "nsIContentSecurityPolicy.h"
#include "nsIHttpChannel.h"
@ -16,6 +17,7 @@
#include "nsIURI.h"
#include "jsapi.h"
#include "nsChannelPolicy.h"
#include "nsError.h"
#include "nsContentPolicyUtils.h"
#include "nsContentUtils.h"
@ -102,6 +104,23 @@ ChannelFromScriptURL(nsIPrincipal* principal,
NS_ENSURE_SUCCESS(rv, NS_ERROR_DOM_SECURITY_ERR);
}
// Get Content Security Policy from parent document to pass into channel.
nsCOMPtr<nsIContentSecurityPolicy> csp;
rv = principal->GetCsp(getter_AddRefs(csp));
NS_ENSURE_SUCCESS(rv, rv);
nsCOMPtr<nsIChannelPolicy> channelPolicy;
if (csp) {
channelPolicy = do_CreateInstance(NSCHANNELPOLICY_CONTRACTID, &rv);
NS_ENSURE_SUCCESS(rv, rv);
rv = channelPolicy->SetContentSecurityPolicy(csp);
NS_ENSURE_SUCCESS(rv, rv);
rv = channelPolicy->SetLoadType(nsIContentPolicy::TYPE_SCRIPT);
NS_ENSURE_SUCCESS(rv, rv);
}
uint32_t flags = nsIRequest::LOAD_NORMAL | nsIChannel::LOAD_CLASSIFY_URI;
nsCOMPtr<nsIChannel> channel;
@ -112,6 +131,7 @@ ChannelFromScriptURL(nsIPrincipal* principal,
parentDoc,
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_SCRIPT,
channelPolicy,
loadGroup,
nullptr, // aCallbacks
flags,
@ -128,6 +148,7 @@ ChannelFromScriptURL(nsIPrincipal* principal,
nullPrincipal,
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_SCRIPT,
channelPolicy,
loadGroup,
nullptr, // aCallbacks
flags,

1
dom/xbl/nsXBLService.cpp
Просмотреть файл

@ -1076,6 +1076,7 @@ nsXBLService::FetchBindingDocument(nsIContent* aBoundElement, nsIDocument* aBoun
requestingPrincipal,
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_OTHER,
nullptr, // aChannelPolicy
loadGroup);
NS_ENSURE_SUCCESS(rv, rv);

1
dom/xml/XMLDocument.cpp
Просмотреть файл

@ -449,6 +449,7 @@ XMLDocument::Load(const nsAString& aUrl, ErrorResult& aRv)
static_cast<nsIDocument*>(this),
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_XMLHTTPREQUEST,
nullptr, // aChannelPolicy
loadGroup,
req,
nsIRequest::LOAD_BACKGROUND);

1
dom/xslt/base/txURIUtils.cpp
Просмотреть файл

@ -64,6 +64,7 @@ URIUtils::ResetWithSource(nsIDocument *aNewDoc, nsIDOMNode *aSourceNode)
sourceDoc,
nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL,
nsIContentPolicy::TYPE_OTHER,
nullptr, // aChannelPolicy
loadGroup);
if (NS_FAILED(rv)) {

20
embedding/browser/nsContextMenuInfo.cpp
Просмотреть файл

@ -23,6 +23,7 @@
#include "nsUnicharUtils.h"
#include "nsIDocument.h"
#include "nsIPrincipal.h"
#include "nsIChannelPolicy.h"
#include "nsIContentSecurityPolicy.h"
#include "nsIContentPolicy.h"
#include "nsAutoPtr.h"
@ -267,9 +268,22 @@ nsContextMenuInfo::GetBackgroundImageRequestInternal(nsIDOMNode *aDOMNode, imgRe
nsCOMPtr<nsIDOMCSSPrimitiveValue> primitiveValue;
nsAutoString bgStringValue;
// get Content Security Policy to pass to LoadImage
nsCOMPtr<nsIDocument> doc(do_QueryInterface(document));
nsCOMPtr<nsIPrincipal> principal = doc ? doc->NodePrincipal() : nullptr;
nsCOMPtr<nsIPrincipal> principal;
nsCOMPtr<nsIChannelPolicy> channelPolicy;
nsCOMPtr<nsIContentSecurityPolicy> csp;
if (doc) {
principal = doc->NodePrincipal();
nsresult rv = principal->GetCsp(getter_AddRefs(csp));
NS_ENSURE_SUCCESS(rv, rv);
if (csp) {
channelPolicy = do_CreateInstance("@mozilla.org/nschannelpolicy;1");
channelPolicy->SetContentSecurityPolicy(csp);
channelPolicy->SetLoadType(nsIContentPolicy::TYPE_IMAGE);
}
}
while (true) {
nsCOMPtr<nsIDOMElement> domElement(do_QueryInterface(domNode));
// bail for the parent node of the root element or null argument
@ -296,7 +310,7 @@ nsContextMenuInfo::GetBackgroundImageRequestInternal(nsIDOMNode *aDOMNode, imgRe
return il->LoadImage(bgUri, nullptr, nullptr, principal, nullptr,
nullptr, nullptr, nsIRequest::LOAD_NORMAL,
nullptr, EmptyString(), aRequest);
nullptr, channelPolicy, EmptyString(), aRequest);
}
}

1
embedding/components/webbrowserpersist/nsWebBrowserPersist.cpp
Просмотреть файл

@ -1205,6 +1205,7 @@ nsresult nsWebBrowserPersist::SaveURIInternal(
nsContentUtils::GetSystemPrincipal(),
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_OTHER,
nullptr, // aChannelPolicy
nullptr, // aLoadGroup
static_cast<nsIInterfaceRequestor*>(this),
loadFlags);

1
extensions/pref/autoconfig/src/nsAutoConfig.cpp
Просмотреть файл

@ -285,6 +285,7 @@ nsresult nsAutoConfig::downloadAutoConfig()
nsContentUtils::GetSystemPrincipal(),
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_OTHER,
nullptr, // aChannelPolicy
nullptr, // loadGroup
nullptr, // aCallbacks
nsIRequest::INHIBIT_PERSISTENT_CACHING |

4
image/public/imgILoader.idl
Просмотреть файл

@ -16,6 +16,7 @@ interface nsIStreamListener;
interface nsIURI;
interface nsISimpleEnumerator;
interface nsIChannelPolicy;
#include "nsIRequest.idl" // for nsLoadFlags
@ -61,7 +62,8 @@ interface imgILoader : nsISupports
in imgINotificationObserver aObserver,
in nsISupports aCX,
in nsLoadFlags aLoadFlags,
in nsISupports cacheKey);
in nsISupports cacheKey,
in nsIChannelPolicy channelPolicy);
/**
* Start the load and decode of an image.

48
image/src/imgLoader.cpp
Просмотреть файл

@ -635,6 +635,7 @@ static nsresult NewImageChannel(nsIChannel **aResult,
nsILoadGroup *aLoadGroup,
const nsCString& aAcceptHeader,
nsLoadFlags aLoadFlags,
nsIChannelPolicy *aPolicy,
nsIPrincipal *aLoadingPrincipal,
nsISupports *aRequestingContext)
{
@ -690,6 +691,7 @@ static nsresult NewImageChannel(nsIChannel **aResult,
requestingPrincipal,
securityFlags,
nsIContentPolicy::TYPE_IMAGE,
aPolicy,
nullptr, // loadGroup
callbacks,
aLoadFlags);
@ -1443,6 +1445,7 @@ bool imgLoader::ValidateRequestWithNewChannel(imgRequest *request,
nsISupports *aCX,
nsLoadFlags aLoadFlags,
imgRequestProxy **aProxyRequest,
nsIChannelPolicy *aPolicy,
nsIPrincipal* aLoadingPrincipal,
int32_t aCORSMode)
{
@ -1490,6 +1493,7 @@ bool imgLoader::ValidateRequestWithNewChannel(imgRequest *request,
aLoadGroup,
mAcceptHeader,
aLoadFlags,
aPolicy,
aLoadingPrincipal,
aCX);
if (NS_FAILED(rv)) {
@ -1569,6 +1573,7 @@ bool imgLoader::ValidateEntry(imgCacheEntry *aEntry,
nsLoadFlags aLoadFlags,
bool aCanMakeNewChannel,
imgRequestProxy **aProxyRequest,
nsIChannelPolicy *aPolicy,
nsIPrincipal* aLoadingPrincipal,
int32_t aCORSMode)
{
@ -1673,7 +1678,7 @@ bool imgLoader::ValidateEntry(imgCacheEntry *aEntry,
return ValidateRequestWithNewChannel(request, aURI, aInitialDocumentURI,
aReferrerURI, aLoadGroup, aObserver,
aCX, aLoadFlags, aProxyRequest,
aCX, aLoadFlags, aProxyRequest, aPolicy,
aLoadingPrincipal, aCORSMode);
}
@ -1848,6 +1853,7 @@ NS_IMETHODIMP imgLoader::LoadImageXPCOM(nsIURI *aURI,
nsISupports *aCX,
nsLoadFlags aLoadFlags,
nsISupports *aCacheKey,
nsIChannelPolicy *aPolicy,
imgIRequest **_retval)
{
imgRequestProxy *proxy;
@ -1860,32 +1866,29 @@ NS_IMETHODIMP imgLoader::LoadImageXPCOM(nsIURI *aURI,
aCX,
aLoadFlags,
aCacheKey,
aPolicy,
EmptyString(),
&proxy);
*_retval = proxy;
return result;
}
// imgIRequest loadImage(in nsIURI aURI,
// in nsIURI aInitialDocumentURL,
// in nsIURI aReferrerURI,
// in nsIPrincipal aLoadingPrincipal,
// in nsILoadGroup aLoadGroup,
// in imgINotificationObserver aObserver,
// in nsISupports aCX,
// in nsLoadFlags aLoadFlags,
// in nsISupports cacheKey);
/* imgIRequest loadImage(in nsIURI aURI, in nsIURI aInitialDocumentURL, in nsIURI aReferrerURI, in nsIPrincipal aLoadingPrincipal, in nsILoadGroup aLoadGroup, in imgINotificationObserver aObserver, in nsISupports aCX, in nsLoadFlags aLoadFlags, in nsISupports cacheKey, in nsIChannelPolicy channelPolicy); */
nsresult imgLoader::LoadImage(nsIURI *aURI,
nsIURI *aInitialDocumentURI,
nsIURI *aReferrerURI,
nsIPrincipal* aLoadingPrincipal,
nsILoadGroup *aLoadGroup,
imgINotificationObserver *aObserver,
nsISupports *aCX,
nsLoadFlags aLoadFlags,
nsISupports *aCacheKey,
const nsAString& initiatorType,
imgRequestProxy **_retval)
nsIURI *aInitialDocumentURI,
nsIURI *aReferrerURI,
nsIPrincipal* aLoadingPrincipal,
nsILoadGroup *aLoadGroup,
imgINotificationObserver *aObserver,
nsISupports *aCX,
nsLoadFlags aLoadFlags,
nsISupports *aCacheKey,
nsIChannelPolicy *aPolicy,
const nsAString& initiatorType,
imgRequestProxy **_retval)
{
VerifyCacheSizes();
@ -1963,7 +1966,7 @@ nsresult imgLoader::LoadImage(nsIURI *aURI,
if (cache.Get(spec, getter_AddRefs(entry)) && entry) {
if (ValidateEntry(entry, aURI, aInitialDocumentURI, aReferrerURI,
aLoadGroup, aObserver, aCX, requestFlags, true,
_retval, aLoadingPrincipal, corsmode)) {
_retval, aPolicy, aLoadingPrincipal, corsmode)) {
request = entry->GetRequest();
// If this entry has no proxies, its request has no reference to the entry.
@ -2005,6 +2008,7 @@ nsresult imgLoader::LoadImage(nsIURI *aURI,
aLoadGroup,
mAcceptHeader,
requestFlags,
aPolicy,
aLoadingPrincipal,
aCX);
if (NS_FAILED(rv))
@ -2188,7 +2192,7 @@ nsresult imgLoader::LoadImageWithChannel(nsIChannel *channel, imgINotificationOb
// XXX -- should this be changed? it's pretty much verbatim from the old
// code, but seems nonsensical.
if (ValidateEntry(entry, uri, nullptr, nullptr, nullptr, aObserver, aCX,
requestFlags, false, nullptr, nullptr,
requestFlags, false, nullptr, nullptr, nullptr,
imgIRequest::CORS_NONE)) {
request = entry->GetRequest();
} else {

4
image/src/imgLoader.h
Просмотреть файл

@ -29,6 +29,7 @@ class imgINotificationObserver;
class nsILoadGroup;
class imgCacheExpirationTracker;
class imgMemoryReporter;
class nsIChannelPolicy;
namespace mozilla {
namespace image {
@ -257,6 +258,7 @@ public:
nsISupports *aCX,
nsLoadFlags aLoadFlags,
nsISupports *aCacheKey,
nsIChannelPolicy *aPolicy,
const nsAString& initiatorType,
imgRequestProxy **_retval);
nsresult LoadImageWithChannel(nsIChannel *channel,
@ -338,6 +340,7 @@ private: // methods
imgINotificationObserver *aObserver, nsISupports *aCX,
nsLoadFlags aLoadFlags, bool aCanMakeNewChannel,
imgRequestProxy **aProxyRequest,
nsIChannelPolicy *aPolicy,
nsIPrincipal* aLoadingPrincipal,
int32_t aCORSMode);
@ -348,6 +351,7 @@ private: // methods
imgINotificationObserver *aObserver,
nsISupports *aCX, nsLoadFlags aLoadFlags,
imgRequestProxy **aProxyRequest,
nsIChannelPolicy *aPolicy,
nsIPrincipal* aLoadingPrincipal,
int32_t aCORSMode);

6
image/test/unit/async_load_tests.js
Просмотреть файл

@ -96,7 +96,7 @@ function checkSecondLoad()
var listener = new ImageListener(checkClone, secondLoadDone);
var outer = Cc["@mozilla.org/image/tools;1"].getService(Ci.imgITools)
.createScriptedObserver(listener);
requests.push(gCurrentLoader.loadImageXPCOM(uri, null, null, null, null, outer, null, 0, null));
requests.push(gCurrentLoader.loadImageXPCOM(uri, null, null, null, null, outer, null, 0, null, null));
listener.synchronous = false;
}
@ -194,7 +194,7 @@ function startImageCallback(otherCb)
var listener2 = new ImageListener(null, function(foo, bar) { do_test_finished(); });
var outer = Cc["@mozilla.org/image/tools;1"].getService(Ci.imgITools)
.createScriptedObserver(listener2);
requests.push(gCurrentLoader.loadImageXPCOM(uri, null, null, null, null, outer, null, 0, null));
requests.push(gCurrentLoader.loadImageXPCOM(uri, null, null, null, null, outer, null, 0, null, null));
listener2.synchronous = false;
// Now that we've started another load, chain to the callback.
@ -221,7 +221,7 @@ function run_test()
var listener = new ImageListener(startImageCallback(checkClone), firstLoadDone);
var outer = Cc["@mozilla.org/image/tools;1"].getService(Ci.imgITools)
.createScriptedObserver(listener);
var req = gCurrentLoader.loadImageXPCOM(uri, null, null, null, null, outer, null, 0, null);
var req = gCurrentLoader.loadImageXPCOM(uri, null, null, null, null, outer, null, 0, null, null);
requests.push(req);
// Ensure that we don't cause any mayhem when we lock an image.

2
image/test/unit/test_private_channel.js
Просмотреть файл

@ -77,7 +77,7 @@ function loadImage(isPrivate, callback) {
var loadGroup = Cc["@mozilla.org/network/load-group;1"].createInstance(Ci.nsILoadGroup);
loadGroup.notificationCallbacks = new NotificationCallbacks(isPrivate);
var loader = isPrivate ? gPrivateLoader : gPublicLoader;
requests.push(loader.loadImageXPCOM(uri, null, null, null, loadGroup, outer, null, 0, null));
requests.push(loader.loadImageXPCOM(uri, null, null, null, loadGroup, outer, null, 0, null, null));
listener.synchronous = false;
}

1
js/xpconnect/loader/mozJSSubScriptLoader.cpp
Просмотреть файл

@ -113,6 +113,7 @@ mozJSSubScriptLoader::ReadScript(nsIURI *uri, JSContext *cx, JSObject *targetObj
nsContentUtils::GetSystemPrincipal(),
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_OTHER,
nullptr, // aChannelPolicy
nullptr, // aLoadGroup
nullptr, // aCallbacks
nsIRequest::LOAD_NORMAL,

5
layout/build/nsLayoutModule.cpp
Просмотреть файл

@ -61,6 +61,7 @@
#include "mozilla/dom/DOMParser.h"
#include "nsDOMSerializer.h"
#include "nsXMLHttpRequest.h"
#include "nsChannelPolicy.h"
// view stuff
#include "nsContentCreatorFunctions.h"
@ -282,6 +283,7 @@ NS_GENERIC_FACTORY_CONSTRUCTOR(DOMParser)
NS_GENERIC_FACTORY_CONSTRUCTOR(Exception)
NS_GENERIC_FACTORY_CONSTRUCTOR(DOMSessionStorageManager)
NS_GENERIC_FACTORY_CONSTRUCTOR(DOMLocalStorageManager)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsChannelPolicy)
NS_GENERIC_FACTORY_SINGLETON_CONSTRUCTOR(DOMRequestService,
DOMRequestService::FactoryCreate)
NS_GENERIC_FACTORY_SINGLETON_CONSTRUCTOR(QuotaManager,
@ -751,6 +753,7 @@ NS_DEFINE_NAMED_CID(NS_EVENTLISTENERSERVICE_CID);
NS_DEFINE_NAMED_CID(NS_GLOBALMESSAGEMANAGER_CID);
NS_DEFINE_NAMED_CID(NS_PARENTPROCESSMESSAGEMANAGER_CID);
NS_DEFINE_NAMED_CID(NS_CHILDPROCESSMESSAGEMANAGER_CID);
NS_DEFINE_NAMED_CID(NSCHANNELPOLICY_CID);
NS_DEFINE_NAMED_CID(NS_SCRIPTSECURITYMANAGER_CID);
NS_DEFINE_NAMED_CID(NS_PRINCIPAL_CID);
NS_DEFINE_NAMED_CID(NS_SYSTEMPRINCIPAL_CID);
@ -1045,6 +1048,7 @@ static const mozilla::Module::CIDEntry kLayoutCIDs[] = {
{ &kNS_GLOBALMESSAGEMANAGER_CID, false, nullptr, CreateGlobalMessageManager },
{ &kNS_PARENTPROCESSMESSAGEMANAGER_CID, false, nullptr, CreateParentMessageManager },
{ &kNS_CHILDPROCESSMESSAGEMANAGER_CID, false, nullptr, CreateChildMessageManager },
{ &kNSCHANNELPOLICY_CID, false, nullptr, nsChannelPolicyConstructor },
{ &kNS_SCRIPTSECURITYMANAGER_CID, false, nullptr, Construct_nsIScriptSecurityManager },
{ &kNS_PRINCIPAL_CID, false, nullptr, nsPrincipalConstructor },
{ &kNS_SYSTEMPRINCIPAL_CID, false, nullptr, nsSystemPrincipalConstructor },
@ -1202,6 +1206,7 @@ static const mozilla::Module::ContractIDEntry kLayoutContracts[] = {
{ NS_GLOBALMESSAGEMANAGER_CONTRACTID, &kNS_GLOBALMESSAGEMANAGER_CID },
{ NS_PARENTPROCESSMESSAGEMANAGER_CONTRACTID, &kNS_PARENTPROCESSMESSAGEMANAGER_CID },
{ NS_CHILDPROCESSMESSAGEMANAGER_CONTRACTID, &kNS_CHILDPROCESSMESSAGEMANAGER_CID },
{ NSCHANNELPOLICY_CONTRACTID, &kNSCHANNELPOLICY_CID },
{ NS_SCRIPTSECURITYMANAGER_CONTRACTID, &kNS_SCRIPTSECURITYMANAGER_CID },
{ NS_GLOBAL_CHANNELEVENTSINK_CONTRACTID, &kNS_SCRIPTSECURITYMANAGER_CID },
{ NS_PRINCIPAL_CONTRACTID, &kNS_PRINCIPAL_CID },

1
layout/generic/nsImageFrame.cpp
Просмотреть файл

@ -1931,6 +1931,7 @@ nsImageFrame::LoadIcon(const nsAString& aSpec,
nullptr, /* Not associated with any particular document */
loadFlags,
nullptr,
nullptr, /* channel policy not needed */
EmptyString(),
aRequest);
}

26
layout/style/FontFaceSet.cpp
Просмотреть файл

@ -19,6 +19,7 @@
#include "mozilla/AsyncEventDispatcher.h"
#include "nsCrossSiteListenerProxy.h"
#include "nsFontFaceLoader.h"
#include "nsIChannelPolicy.h"
#include "nsIConsoleService.h"
#include "nsIContentPolicy.h"
#include "nsIContentSecurityPolicy.h"
@ -396,6 +397,16 @@ FontFaceSet::StartLoad(gfxUserFontEntry* aUserFontEntry,
nsCOMPtr<nsILoadGroup> loadGroup(ps->GetDocument()->GetDocumentLoadGroup());
nsCOMPtr<nsIChannel> channel;
// get Content Security Policy from principal to pass into channel
nsCOMPtr<nsIChannelPolicy> channelPolicy;
nsCOMPtr<nsIContentSecurityPolicy> csp;
rv = aUserFontEntry->GetPrincipal()->GetCsp(getter_AddRefs(csp));
NS_ENSURE_SUCCESS(rv, rv);
if (csp) {
channelPolicy = do_CreateInstance("@mozilla.org/nschannelpolicy;1");
channelPolicy->SetContentSecurityPolicy(csp);
channelPolicy->SetLoadType(nsIContentPolicy::TYPE_FONT);
}
// Note we are calling NS_NewChannelInternal() with both a node and a
// principal. This is because the document where the font is being loaded
// might have a different origin from the principal of the stylesheet
@ -406,6 +417,7 @@ FontFaceSet::StartLoad(gfxUserFontEntry* aUserFontEntry,
aUserFontEntry->GetPrincipal(),
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_FONT,
channelPolicy,
loadGroup);
NS_ENSURE_SUCCESS(rv, rv);
@ -1142,6 +1154,17 @@ FontFaceSet::SyncLoadFontData(gfxUserFontEntry* aFontToLoad,
nsresult rv;
nsCOMPtr<nsIChannel> channel;
// get Content Security Policy from principal to pass into channel
nsCOMPtr<nsIChannelPolicy> channelPolicy;
nsCOMPtr<nsIContentSecurityPolicy> csp;
rv = aFontToLoad->GetPrincipal()->GetCsp(getter_AddRefs(csp));
NS_ENSURE_SUCCESS(rv, rv);
if (csp) {
channelPolicy = do_CreateInstance("@mozilla.org/nschannelpolicy;1");
channelPolicy->SetContentSecurityPolicy(csp);
channelPolicy->SetLoadType(nsIContentPolicy::TYPE_FONT);
}
nsIPresShell* ps = mPresContext->PresShell();
if (!ps) {
return NS_ERROR_FAILURE;
@ -1155,7 +1178,8 @@ FontFaceSet::SyncLoadFontData(gfxUserFontEntry* aFontToLoad,
ps->GetDocument(),
aFontToLoad->GetPrincipal(),
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_FONT);
nsIContentPolicy::TYPE_FONT,
channelPolicy);
NS_ENSURE_SUCCESS(rv, rv);

12
layout/style/Loader.cpp
Просмотреть файл

@ -60,6 +60,7 @@
#include "nsIDOMStyleSheet.h"
#include "nsError.h"
#include "nsIChannelPolicy.h"
#include "nsIContentSecurityPolicy.h"
#include "mozilla/dom/EncodingUtils.h"
@ -1551,10 +1552,20 @@ Loader::LoadSheet(SheetLoadData* aLoadData, StyleSheetState aSheetState)
mSyncCallback = true;
#endif
nsCOMPtr<nsILoadGroup> loadGroup;
// Content Security Policy information to pass into channel
nsCOMPtr<nsIChannelPolicy> channelPolicy;
if (mDocument) {
loadGroup = mDocument->GetDocumentLoadGroup();
NS_ASSERTION(loadGroup,
"No loadgroup for stylesheet; onload will fire early");
nsCOMPtr<nsIContentSecurityPolicy> csp;
rv = mDocument->NodePrincipal()->GetCsp(getter_AddRefs(csp));
NS_ENSURE_SUCCESS(rv, rv);
if (csp) {
channelPolicy = do_CreateInstance("@mozilla.org/nschannelpolicy;1");
channelPolicy->SetContentSecurityPolicy(csp);
channelPolicy->SetLoadType(nsIContentPolicy::TYPE_STYLESHEET);
}
}
nsLoadFlags securityFlags = nsILoadInfo::SEC_NORMAL;
@ -1573,6 +1584,7 @@ Loader::LoadSheet(SheetLoadData* aLoadData, StyleSheetState aSheetState)
requestingPrincipal,
securityFlags,
nsIContentPolicy::TYPE_STYLESHEET,
channelPolicy,
loadGroup,
nullptr, // aCallbacks
nsIChannel::LOAD_NORMAL |

1
modules/libjar/nsJARChannel.cpp
Просмотреть файл

@ -13,6 +13,7 @@
#include "nsIPrefService.h"
#include "nsIPrefBranch.h"
#include "nsIViewSourceChannel.h"
#include "nsChannelProperties.h"
#include "nsContentUtils.h"
#include "nsProxyRelease.h"

3
netwerk/base/public/moz.build
Просмотреть файл

@ -29,6 +29,7 @@ XPIDL_SOURCES += [
'nsICancelable.idl',
'nsIChannel.idl',
'nsIChannelEventSink.idl',
'nsIChannelPolicy.idl',
'nsIChildChannel.idl',
'nsIContentSniffer.idl',
'nsICryptoFIPSInfo.idl',
@ -136,6 +137,8 @@ EXPORTS += [
'netCore.h',
'nsASocketHandler.h',
'nsAsyncRedirectVerifyHelper.h',
'nsChannelProperties.h',
'nsNetStrings.h',
'nsNetUtil.h',
'nsReadLine.h',
'nsStreamListenerWrapper.h',

35
netwerk/base/public/nsChannelProperties.h Normal file
Просмотреть файл

@ -0,0 +1,35 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef nsChannelProperties_h__
#define nsChannelProperties_h__
#include "nsStringGlue.h"
#ifdef IMPL_LIBXUL
#include "nsNetStrings.h"
#endif
/**
* @file
* This file contains constants for properties channels can expose.
* They can be accessed by using QueryInterface to access the nsIPropertyBag
* or nsIPropertyBag2 interface on a channel and reading the value.
*/
/**
* Exists to allow content policy mechanism to function properly during channel
* redirects. Contains security contextual information about the load.
* Type: nsIChannelPolicy
*/
#define NS_CHANNEL_PROP_CHANNEL_POLICY_STR "channel-policy"
#ifdef IMPL_LIBXUL
#define NS_CHANNEL_PROP_CHANNEL_POLICY gNetStrings->kChannelPolicy
#else
#define NS_CHANNEL_PROP_CHANNEL_POLICY \
NS_LITERAL_STRING(NS_CHANNEL_PROP_CHANNEL_POLICY_STR)
#endif
#endif

29
netwerk/base/public/nsIChannelPolicy.idl Normal file
Просмотреть файл

@ -0,0 +1,29 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "nsISupports.idl"
/**
* A container for policy information to be used during channel creation.
*
* This interface exists to allow the content policy mechanism to function
* properly during channel redirects. Channels can be created with this
* interface placed in the property bag and upon redirect, the interface can
* be transferred from the old channel to the new channel.
*/
[scriptable, uuid(18045e96-1afe-4162-837a-04691267158c)]
interface nsIChannelPolicy : nsISupports
{
/**
* Indicates what type of content is being loaded, e.g.
* nsIContentPolicy::TYPE_IMAGE
*/
attribute unsigned long loadType;
/**
* A nsIContentSecurityPolicy object to determine if the load should
* be allowed.
*/
attribute nsISupports contentSecurityPolicy;
};

24
netwerk/base/public/nsNetStrings.h Normal file
Просмотреть файл

@ -0,0 +1,24 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef nsNetStrings_h__
#define nsNetStrings_h__
#include "nsLiteralString.h"
/**
* Class on which wide strings are available, to avoid constructing strings
* wherever these strings are used.
*/
class nsNetStrings {
public:
nsNetStrings();
const nsLiteralString kChannelPolicy;
};
extern nsNetStrings* gNetStrings;
#endif

20
netwerk/base/public/nsNetUtil.h
Просмотреть файл

@ -32,6 +32,7 @@
#include "nsIIOService.h"
#include "nsIServiceManager.h"
#include "nsIChannel.h"
#include "nsChannelProperties.h"
#include "nsIInputStreamChannel.h"
#include "nsITransport.h"
#include "nsIStreamTransportService.h"
@ -68,6 +69,7 @@
#include "nsIWritablePropertyBag2.h"
#include "nsIIDNService.h"
#include "nsIChannelEventSink.h"
#include "nsIChannelPolicy.h"
#include "nsISocketProviderService.h"
#include "nsISocketProvider.h"
#include "nsIRedirectChannelRegistrar.h"
@ -200,6 +202,7 @@ inline nsresult
NS_NewChannelInternal(nsIChannel** outChannel,
nsIURI* aUri,
nsILoadInfo* aLoadInfo,
nsIChannelPolicy* aChannelPolicy = nullptr,
nsILoadGroup* aLoadGroup = nullptr,
nsIInterfaceRequestor* aCallbacks = nullptr,
nsLoadFlags aLoadFlags = nsIRequest::LOAD_NORMAL,
@ -233,6 +236,14 @@ NS_NewChannelInternal(nsIChannel** outChannel,
rv = channel->SetLoadFlags(aLoadFlags | (normalLoadFlags & nsIChannel::LOAD_REPLACE));
NS_ENSURE_SUCCESS(rv, rv);
}
if (aChannelPolicy) {
nsCOMPtr<nsIWritablePropertyBag2> props = do_QueryInterface(channel);
if (props) {
props->SetPropertyAsInterface(NS_CHANNEL_PROP_CHANNEL_POLICY, aChannelPolicy);
}
}
channel->SetLoadInfo(aLoadInfo);
// If we're sandboxed, make sure to clear any owner the channel
@ -252,6 +263,7 @@ NS_NewChannelInternal(nsIChannel** outChannel,
nsIPrincipal* aRequestingPrincipal,
nsSecurityFlags aSecurityFlags,
nsContentPolicyType aContentPolicyType,
nsIChannelPolicy* aChannelPolicy = nullptr,
nsILoadGroup* aLoadGroup = nullptr,
nsIInterfaceRequestor* aCallbacks = nullptr,
nsLoadFlags aLoadFlags = nsIRequest::LOAD_NORMAL,
@ -270,6 +282,7 @@ NS_NewChannelInternal(nsIChannel** outChannel,
return NS_NewChannelInternal(outChannel,
aUri,
loadInfo,
aChannelPolicy,
aLoadGroup,
aCallbacks,
aLoadFlags,
@ -282,6 +295,7 @@ NS_NewChannel(nsIChannel** outChannel,
nsINode* aRequestingNode,
nsSecurityFlags aSecurityFlags,
nsContentPolicyType aContentPolicyType,
nsIChannelPolicy* aChannelPolicy = nullptr,
nsILoadGroup* aLoadGroup = nullptr,
nsIInterfaceRequestor* aCallbacks = nullptr,
nsLoadFlags aLoadFlags = nsIRequest::LOAD_NORMAL,
@ -294,6 +308,7 @@ NS_NewChannel(nsIChannel** outChannel,
aRequestingNode->NodePrincipal(),
aSecurityFlags,
aContentPolicyType,
aChannelPolicy,
aLoadGroup,
aCallbacks,
aLoadFlags,
@ -306,6 +321,7 @@ NS_NewChannel(nsIChannel** outChannel,
nsIPrincipal* aRequestingPrincipal,
nsSecurityFlags aSecurityFlags,
nsContentPolicyType aContentPolicyType,
nsIChannelPolicy* aChannelPolicy = nullptr,
nsILoadGroup* aLoadGroup = nullptr,
nsIInterfaceRequestor* aCallbacks = nullptr,
nsLoadFlags aLoadFlags = nsIRequest::LOAD_NORMAL,
@ -317,6 +333,7 @@ NS_NewChannel(nsIChannel** outChannel,
aRequestingPrincipal,
aSecurityFlags,
aContentPolicyType,
aChannelPolicy,
aLoadGroup,
aCallbacks,
aLoadFlags,
@ -349,6 +366,7 @@ NS_OpenURIInternal(nsIInputStream** outStream,
aRequestingPrincipal,
aSecurityFlags,
aContentPolicyType,
nullptr, // aChannelPolicy,
aLoadGroup,
aCallbacks,
aLoadFlags,
@ -405,6 +423,7 @@ NS_OpenURIInternal(nsIStreamListener* aListener,
nsresult rv = NS_NewChannelInternal(getter_AddRefs(channel),
aUri,
aLoadInfo,
nullptr, // aChannelPolicy
aLoadGroup,
aCallbacks,
aLoadFlags,
@ -815,6 +834,7 @@ NS_NewStreamLoaderInternal(nsIStreamLoader** outStream,
aRequestingPrincipal,
aSecurityFlags,
aContentPolicyType,
nullptr, // aChannelPolicy
aLoadGroup,
aCallbacks,
aLoadFlags);

1
netwerk/base/src/moz.build
Просмотреть файл

@ -47,6 +47,7 @@ UNIFIED_SOURCES += [
'nsMediaFragmentURIParser.cpp',
'nsMIMEInputStream.cpp',
'nsNetAddr.cpp',
'nsNetStrings.cpp',
'nsNetUtil.cpp',
'nsPACMan.cpp',
'nsPreloadedStream.cpp',

1
netwerk/base/src/nsIncrementalDownload.cpp
Просмотреть файл

@ -267,6 +267,7 @@ nsIncrementalDownload::ProcessTimeout()
nsContentUtils::GetSystemPrincipal(),
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_OTHER,
nullptr, // aChannelPolicy
nullptr, // loadGroup
this, // aCallbacks
mLoadFlags);

14
netwerk/base/src/nsNetStrings.cpp Normal file
Просмотреть файл

@ -0,0 +1,14 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "nsNetStrings.h"
#include "nsChannelProperties.h"
nsNetStrings* gNetStrings;
nsNetStrings::nsNetStrings()
: NS_LITERAL_STRING_INIT(kChannelPolicy, NS_CHANNEL_PROP_CHANNEL_POLICY_STR)
{}

9
netwerk/build/nsNetModule.cpp
Просмотреть файл

@ -31,6 +31,7 @@
#include "nsApplicationCache.h"
#include "nsApplicationCacheService.h"
#include "nsMimeTypes.h"
#include "nsNetStrings.h"
#include "nsDNSPrefetch.h"
#include "nsAboutProtocolHandler.h"
#include "nsXULAppAPI.h"
@ -629,9 +630,11 @@ CreateNewBinaryDetectorFactory(nsISupports *aOuter, REFNSIID aIID, void **aResul
// Net module startup hook
static nsresult nsNetStartup()
{
return NS_OK;
gNetStrings = new nsNetStrings();
return gNetStrings ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
}
// Net module shutdown hook
static void nsNetShutdown()
{
@ -644,6 +647,10 @@ static void nsNetShutdown()
net_ShutdownURLHelperOSX();
#endif
// Release necko strings
delete gNetStrings;
gNetStrings = nullptr;
// Release DNS service reference.
nsDNSPrefetch::Shutdown();

1
netwerk/protocol/ftp/FTPChannelParent.cpp
Просмотреть файл

@ -132,6 +132,7 @@ FTPChannelParent::DoAsyncOpen(const URIParams& aURI,
requestingPrincipal,
aSecurityFlags,
aContentPolicyType,
nullptr, // aChannelPolicy
nullptr, // aLoadGroup
nullptr, // aCallbacks
nsIRequest::LOAD_NORMAL,

1
netwerk/protocol/http/HttpChannelParent.cpp
Просмотреть файл

@ -219,6 +219,7 @@ HttpChannelParent::DoAsyncOpen( const URIParams& aURI,
requestingPrincipal,
aSecurityFlags,
aContentPolicyType,
nullptr, // aChannelPolicy
nullptr, // loadGroup
nullptr, // aCallbacks
loadFlags,

1
netwerk/protocol/wyciwyg/WyciwygChannelParent.cpp
Просмотреть файл

@ -92,6 +92,7 @@ WyciwygChannelParent::RecvInit(const URIParams& aURI,
requestingPrincipal,
aSecurityFlags,
aContentPolicyType,
nullptr, // aChannelPolicy
nullptr, // loadGroup
nullptr, // aCallbacks
nsIRequest::LOAD_NORMAL,

2
netwerk/test/TestPageLoad.cpp
Просмотреть файл

@ -312,6 +312,7 @@ nsresult auxLoad(char *uriBuf)
systemPrincipal,
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_OTHER,
nullptr, // aChannelPolicy
nullptr, // loadGroup
callbacks);
@ -370,6 +371,7 @@ int main(int argc, char **argv)
systemPrincipal,
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_OTHER,
nullptr, // aChannelPolicy
nullptr, // loadGroup
callbacks);

2
netwerk/test/TestProtocols.cpp
Просмотреть файл

@ -49,6 +49,7 @@
#include "nsIPropertyBag2.h"
#include "nsIWritablePropertyBag2.h"
#include "nsITimedChannel.h"
#include "nsChannelProperties.h"
#include "mozilla/Attributes.h"
#include "mozilla/unused.h"
#include "nsIScriptSecurityManager.h"
@ -643,6 +644,7 @@ nsresult StartLoadingURL(const char* aUrlString)
systemPrincipal,
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_OTHER,
nullptr, // aChannelPolicy
nullptr, // loadGroup
callbacks,
nsIRequest::LOAD_NORMAL,

1
toolkit/components/downloads/nsDownloadManager.cpp
Просмотреть файл

@ -3534,6 +3534,7 @@ nsDownload::Resume()
nsContentUtils::GetSystemPrincipal(),
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_OTHER,
nullptr, // aChannelPolicy
nullptr, // aLoadGroup
ir);

1
toolkit/components/url-classifier/nsUrlClassifierStreamUpdater.cpp
Просмотреть файл

@ -99,6 +99,7 @@ nsUrlClassifierStreamUpdater::FetchUpdate(nsIURI *aUpdateUrl,
nsContentUtils::GetSystemPrincipal(),
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_OTHER,
nullptr, // aChannelPolicy
nullptr, // aLoadGroup
this, // aInterfaceRequestor
loadFlags);

1
uriloader/exthandler/nsExternalHelperAppService.cpp
Просмотреть файл

@ -57,6 +57,7 @@
#include "nsNetUtil.h"
#include "nsIIOService.h"
#include "nsNetCID.h"
#include "nsChannelProperties.h"
#include "nsMimeTypes.h"
// used for header disposition information.

2
uriloader/prefetch/nsOfflineCacheUpdate.cpp
Просмотреть файл

@ -185,6 +185,7 @@ nsManifestCheck::Begin()
nsContentUtils::GetSystemPrincipal(),
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_OTHER,
nullptr, // aChannelPolicy
nullptr, // loadGroup
nullptr, // aCallbacks
nsIRequest::LOAD_BYPASS_CACHE);
@ -382,6 +383,7 @@ nsOfflineCacheUpdateItem::OpenChannel(nsOfflineCacheUpdate *aUpdate)
nsContentUtils::GetSystemPrincipal(),
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_OTHER,
nullptr, // aChannelPolicy
nullptr, // aLoadGroup
this, // aCallbacks
flags);

1
uriloader/prefetch/nsPrefetchService.cpp
Просмотреть файл

@ -192,6 +192,7 @@ nsPrefetchNode::OpenChannel()
nsContentUtils::GetSystemPrincipal(),
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_OTHER,
nullptr, // aChannelPolicy
loadGroup, // aLoadGroup
this, // aCallbacks
nsIRequest::LOAD_BACKGROUND |

2
widget/cocoa/OSXNotificationCenter.mm
Просмотреть файл

@ -244,7 +244,7 @@ OSXNotificationCenter::ShowAlertNotification(const nsAString & aImageUrl, const
if (imageUri) {
nsresult rv = il->LoadImage(imageUri, nullptr, nullptr, aPrincipal, nullptr,
this, nullptr, nsIRequest::LOAD_NORMAL, nullptr,
EmptyString(),
nullptr, EmptyString(),
getter_AddRefs(osxni->mIconRequest));
if (NS_SUCCEEDED(rv)) {
// Set a timer for six seconds. If we don't have an icon by the time this

6
widget/cocoa/nsMenuItemIconX.mm
Просмотреть файл

@ -305,9 +305,11 @@ nsMenuItemIconX::LoadIcon(nsIURI* aIconURI)
[mNativeMenuItem setImage:sPlaceholderIconImage];
}
// Passing in null for channelPolicy here since nsMenuItemIconX::LoadIcon is
// not exposed to web content
nsresult rv = loader->LoadImage(aIconURI, nullptr, nullptr, nullptr, loadGroup, this,
nullptr, nsIRequest::LOAD_NORMAL, nullptr,
EmptyString(), getter_AddRefs(mIconRequest));
nullptr, nsIRequest::LOAD_NORMAL, nullptr,
nullptr, EmptyString(), getter_AddRefs(mIconRequest));
if (NS_FAILED(rv)) return rv;
// We need to request the icon be decoded (bug 573583, bug 705516).

1
widget/windows/nsDataObj.cpp
Просмотреть файл

@ -74,6 +74,7 @@ nsresult nsDataObj::CStream::Init(nsIURI *pSourceURI,
aRequestingNode,
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_OTHER,
nullptr, // aChannelPolicy
nullptr, // loadGroup
nullptr, // aCallbacks
nsIRequest::LOAD_FROM_CACHE);

1
xpfe/components/directory/nsDirectoryViewer.cpp
Просмотреть файл

@ -1305,6 +1305,7 @@ nsDirectoryViewerFactory::CreateInstance(const char *aCommand,
nsContentUtils::GetSystemPrincipal(),
nsILoadInfo::SEC_NORMAL,
nsIContentPolicy::TYPE_OTHER,
nullptr, // aChannelPolicy
aLoadGroup);
if (NS_FAILED(rv)) return rv;