From 6c9d66f653fd640962b1ed541c65948f5b4162fe Mon Sep 17 00:00:00 2001 From: Ed Morley Date: Fri, 3 Oct 2014 10:12:53 +0100 Subject: [PATCH] Backed out changeset a2192165100c (bug 1041180) for xpcshell failures; CLOSED TREE --- content/base/src/EventSource.cpp | 15 +++++- content/base/src/ImportManager.cpp | 11 +++++ content/base/src/moz.build | 1 + content/base/src/nsCSPContext.cpp | 3 ++ content/base/src/nsCSPService.cpp | 5 ++ content/base/src/nsChannelPolicy.cpp | 46 ++++++++++++++++++ content/base/src/nsChannelPolicy.h | 37 ++++++++++++++ content/base/src/nsContentUtils.cpp | 17 +++++++ content/base/src/nsCrossSiteListenerProxy.cpp | 2 + content/base/src/nsDocument.cpp | 1 + content/base/src/nsObjectLoadingContent.cpp | 12 +++++ content/base/src/nsScriptLoader.cpp | 15 ++++++ content/base/src/nsSyncLoadService.cpp | 1 + content/base/src/nsXMLHttpRequest.cpp | 15 ++++++ content/html/content/src/HTMLMediaElement.cpp | 15 ++++++ content/html/content/src/HTMLTrackElement.cpp | 16 +++++++ content/html/document/src/nsHTMLDocument.cpp | 1 + content/media/MediaResource.cpp | 2 + content/xul/document/src/XULDocument.cpp | 1 + docshell/base/nsDocShell.cpp | 22 +++++++++ dom/base/Navigator.cpp | 18 ++++++- dom/plugins/base/nsPluginHost.cpp | 1 + .../base/nsPluginStreamListenerPeer.cpp | 1 + dom/workers/ScriptLoader.cpp | 21 ++++++++ dom/xbl/nsXBLService.cpp | 1 + dom/xml/XMLDocument.cpp | 1 + dom/xslt/base/txURIUtils.cpp | 1 + embedding/browser/nsContextMenuInfo.cpp | 20 ++++++-- .../webbrowserpersist/nsWebBrowserPersist.cpp | 1 + .../pref/autoconfig/src/nsAutoConfig.cpp | 1 + image/public/imgILoader.idl | 4 +- image/src/imgLoader.cpp | 48 ++++++++++--------- image/src/imgLoader.h | 4 ++ image/test/unit/async_load_tests.js | 6 +-- image/test/unit/test_private_channel.js | 2 +- js/xpconnect/loader/mozJSSubScriptLoader.cpp | 1 + layout/build/nsLayoutModule.cpp | 5 ++ layout/generic/nsImageFrame.cpp | 1 + layout/style/FontFaceSet.cpp | 26 +++++++++- layout/style/Loader.cpp | 12 +++++ modules/libjar/nsJARChannel.cpp | 1 + netwerk/base/public/moz.build | 3 ++ netwerk/base/public/nsChannelProperties.h | 35 ++++++++++++++ netwerk/base/public/nsIChannelPolicy.idl | 29 +++++++++++ netwerk/base/public/nsNetStrings.h | 24 ++++++++++ netwerk/base/public/nsNetUtil.h | 20 ++++++++ netwerk/base/src/moz.build | 1 + netwerk/base/src/nsIncrementalDownload.cpp | 1 + netwerk/base/src/nsNetStrings.cpp | 14 ++++++ netwerk/build/nsNetModule.cpp | 9 +++- netwerk/protocol/ftp/FTPChannelParent.cpp | 1 + netwerk/protocol/http/HttpChannelParent.cpp | 1 + .../protocol/wyciwyg/WyciwygChannelParent.cpp | 1 + netwerk/test/TestPageLoad.cpp | 2 + netwerk/test/TestProtocols.cpp | 2 + .../downloads/nsDownloadManager.cpp | 1 + .../nsUrlClassifierStreamUpdater.cpp | 1 + .../exthandler/nsExternalHelperAppService.cpp | 1 + uriloader/prefetch/nsOfflineCacheUpdate.cpp | 2 + uriloader/prefetch/nsPrefetchService.cpp | 1 + widget/cocoa/OSXNotificationCenter.mm | 2 +- widget/cocoa/nsMenuItemIconX.mm | 6 ++- widget/windows/nsDataObj.cpp | 1 + .../directory/nsDirectoryViewer.cpp | 1 + 64 files changed, 536 insertions(+), 37 deletions(-) create mode 100644 content/base/src/nsChannelPolicy.cpp create mode 100644 content/base/src/nsChannelPolicy.h create mode 100644 netwerk/base/public/nsChannelProperties.h create mode 100644 netwerk/base/public/nsIChannelPolicy.idl create mode 100644 netwerk/base/public/nsNetStrings.h create mode 100644 netwerk/base/src/nsNetStrings.cpp diff --git a/content/base/src/EventSource.cpp b/content/base/src/EventSource.cpp index 54212e889769..a9138c5982c2 100644 --- a/content/base/src/EventSource.cpp +++ b/content/base/src/EventSource.cpp @@ -28,6 +28,7 @@ #include "nsIAsyncVerifyRedirectCallback.h" #include "nsIScriptError.h" #include "mozilla/dom/EncodingUtils.h" +#include "nsIChannelPolicy.h" #include "nsIContentSecurityPolicy.h" #include "nsContentUtils.h" #include "mozilla/Preferences.h" @@ -737,7 +738,17 @@ EventSource::InitChannelAndRequestEventSource() nsLoadFlags loadFlags; loadFlags = nsIRequest::LOAD_BACKGROUND | nsIRequest::LOAD_BYPASS_CACHE; - nsresult rv; + // get Content Security Policy from principal to pass into channel + nsCOMPtr channelPolicy; + nsCOMPtr csp; + nsresult rv = mPrincipal->GetCsp(getter_AddRefs(csp)); + NS_ENSURE_SUCCESS(rv, rv); + if (csp) { + channelPolicy = do_CreateInstance("@mozilla.org/nschannelpolicy;1"); + channelPolicy->SetContentSecurityPolicy(csp); + channelPolicy->SetLoadType(nsIContentPolicy::TYPE_DATAREQUEST); + } + nsIScriptContext* sc = GetContextForEventHandlers(&rv); nsCOMPtr doc = nsContentUtils::GetDocumentFromScriptContext(sc); @@ -750,6 +761,7 @@ EventSource::InitChannelAndRequestEventSource() doc, nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL, nsIContentPolicy::TYPE_DATAREQUEST, + channelPolicy, // aChannelPolicy mLoadGroup, // loadGroup nullptr, // aCallbacks loadFlags); // aLoadFlags @@ -760,6 +772,7 @@ EventSource::InitChannelAndRequestEventSource() mPrincipal, nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL, nsIContentPolicy::TYPE_DATAREQUEST, + channelPolicy, // aChannelPolicy mLoadGroup, // loadGroup nullptr, // aCallbacks loadFlags); // aLoadFlags diff --git a/content/base/src/ImportManager.cpp b/content/base/src/ImportManager.cpp index 64c04f1e6773..7af448d4b67c 100644 --- a/content/base/src/ImportManager.cpp +++ b/content/base/src/ImportManager.cpp @@ -12,6 +12,7 @@ #include "nsContentUtils.h" #include "nsCrossSiteListenerProxy.h" #include "nsIChannel.h" +#include "nsIChannelPolicy.h" #include "nsIContentPolicy.h" #include "nsIContentSecurityPolicy.h" #include "nsIDocument.h" @@ -480,13 +481,23 @@ ImportLoader::Open() NS_ENSURE_SUCCESS_VOID(rv); nsCOMPtr loadGroup = mImportParent->GetDocumentLoadGroup(); + nsCOMPtr channelPolicy; + nsCOMPtr csp; + rv = principal->GetCsp(getter_AddRefs(csp)); + NS_ENSURE_SUCCESS_VOID(rv); + if (csp) { + channelPolicy = do_CreateInstance("@mozilla.org/nschannelpolicy;1"); + channelPolicy->SetContentSecurityPolicy(csp); + channelPolicy->SetLoadType(nsIContentPolicy::TYPE_SUBDOCUMENT); + } nsCOMPtr channel; rv = NS_NewChannel(getter_AddRefs(channel), mURI, mImportParent, nsILoadInfo::SEC_NORMAL, nsIContentPolicy::TYPE_SUBDOCUMENT, + channelPolicy, loadGroup, nullptr, // aCallbacks nsIRequest::LOAD_BACKGROUND); diff --git a/content/base/src/moz.build b/content/base/src/moz.build index f59c117101ae..a660ba44cbc5 100644 --- a/content/base/src/moz.build +++ b/content/base/src/moz.build @@ -109,6 +109,7 @@ UNIFIED_SOURCES += [ 'nsAttrValue.cpp', 'nsAttrValueOrString.cpp', 'nsCCUncollectableMarker.cpp', + 'nsChannelPolicy.cpp', 'nsContentAreaDragDrop.cpp', 'nsContentIterator.cpp', 'nsContentList.cpp', diff --git a/content/base/src/nsCSPContext.cpp b/content/base/src/nsCSPContext.cpp index 657fe992012f..ccbb2fdd8464 100644 --- a/content/base/src/nsCSPContext.cpp +++ b/content/base/src/nsCSPContext.cpp @@ -11,6 +11,7 @@ #include "nsCSPService.h" #include "nsError.h" #include "nsIAsyncVerifyRedirectCallback.h" +#include "nsIChannelPolicy.h" #include "nsIClassInfoImpl.h" #include "nsIDocShell.h" #include "nsIDocShellTreeItem.h" @@ -24,10 +25,12 @@ #include "nsIObjectOutputStream.h" #include "nsIObserver.h" #include "nsIObserverService.h" +#include "nsIPropertyBag2.h" #include "nsIStringStream.h" #include "nsIUploadChannel.h" #include "nsIScriptError.h" #include "nsIWebNavigation.h" +#include "nsIWritablePropertyBag2.h" #include "nsNetUtil.h" #include "nsNullPrincipal.h" #include "nsIContentPolicy.h" diff --git a/content/base/src/nsCSPService.cpp b/content/base/src/nsCSPService.cpp index 0683e78db0d0..9ab936a06073 100644 --- a/content/base/src/nsCSPService.cpp +++ b/content/base/src/nsCSPService.cpp @@ -12,7 +12,12 @@ #include "nsIContent.h" #include "nsCSPService.h" #include "nsIContentSecurityPolicy.h" +#include "nsIChannelPolicy.h" +#include "nsIChannelEventSink.h" +#include "nsIPropertyBag2.h" +#include "nsIWritablePropertyBag2.h" #include "nsError.h" +#include "nsChannelProperties.h" #include "nsIAsyncVerifyRedirectCallback.h" #include "nsAsyncRedirectVerifyHelper.h" #include "mozilla/Preferences.h" diff --git a/content/base/src/nsChannelPolicy.cpp b/content/base/src/nsChannelPolicy.cpp new file mode 100644 index 000000000000..7d647695bbe6 --- /dev/null +++ b/content/base/src/nsChannelPolicy.cpp @@ -0,0 +1,46 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsChannelPolicy.h" + +nsChannelPolicy::nsChannelPolicy() + : mLoadType(0) +{ +} + +nsChannelPolicy::~nsChannelPolicy() +{ +} + +NS_IMPL_ISUPPORTS(nsChannelPolicy, nsIChannelPolicy) + +NS_IMETHODIMP +nsChannelPolicy::GetLoadType(uint32_t *aLoadType) +{ + *aLoadType = mLoadType; + return NS_OK; +} + +NS_IMETHODIMP +nsChannelPolicy::SetLoadType(uint32_t aLoadType) +{ + mLoadType = aLoadType; + return NS_OK; +} + +NS_IMETHODIMP +nsChannelPolicy::GetContentSecurityPolicy(nsISupports **aCSP) +{ + *aCSP = mCSP; + NS_IF_ADDREF(*aCSP); + return NS_OK; +} + +NS_IMETHODIMP +nsChannelPolicy::SetContentSecurityPolicy(nsISupports *aCSP) +{ + mCSP = aCSP; + return NS_OK; +} diff --git a/content/base/src/nsChannelPolicy.h b/content/base/src/nsChannelPolicy.h new file mode 100644 index 000000000000..f5a0ba29f0e0 --- /dev/null +++ b/content/base/src/nsChannelPolicy.h @@ -0,0 +1,37 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef nsChannelPolicy_h___ +#define nsChannelPolicy_h___ + +#include "nsCOMPtr.h" +#include "nsIChannelPolicy.h" + +#define NSCHANNELPOLICY_CONTRACTID "@mozilla.org/nschannelpolicy;1" +#define NSCHANNELPOLICY_CID \ +{ 0xd396b3cd, 0xf164, 0x4ce8, \ + { 0x93, 0xa7, 0xe3, 0x85, 0xe1, 0x46, 0x56, 0x3c } } + +class nsChannelPolicy : public nsIChannelPolicy +{ +public: + NS_DECL_ISUPPORTS + NS_DECL_NSICHANNELPOLICY + + nsChannelPolicy(); + +protected: + virtual ~nsChannelPolicy(); + + /* Represents the type of content being loaded in the channel per + * nsIContentPolicy, e.g. TYPE_IMAGE, TYPE_SCRIPT + */ + unsigned long mLoadType; + + /* pointer to a Content Security Policy object if available */ + nsCOMPtr mCSP; +}; + +#endif /* nsChannelPolicy_h___ */ diff --git a/content/base/src/nsContentUtils.cpp b/content/base/src/nsContentUtils.cpp index 8e0efd068d45..015f26156e24 100644 --- a/content/base/src/nsContentUtils.cpp +++ b/content/base/src/nsContentUtils.cpp @@ -60,6 +60,7 @@ #include "nsAttrValueInlines.h" #include "nsBindingManager.h" #include "nsCCUncollectableMarker.h" +#include "nsChannelPolicy.h" #include "nsCharSeparatedTokenizer.h" #include "nsCOMPtr.h" #include "nsContentCreatorFunctions.h" @@ -88,6 +89,7 @@ #include "nsIAsyncVerifyRedirectCallback.h" #include "nsICategoryManager.h" #include "nsIChannelEventSink.h" +#include "nsIChannelPolicy.h" #include "nsIChromeRegistry.h" #include "nsIConsoleService.h" #include "nsIContent.h" @@ -3004,6 +3006,20 @@ nsContentUtils::LoadImage(nsIURI* aURI, nsIDocument* aLoadingDocument, NS_ASSERTION(loadGroup || IsFontTableURI(documentURI), "Could not get loadgroup; onload may fire too early"); + // check for a Content Security Policy to pass down to the channel that + // will get created to load the image + nsCOMPtr channelPolicy; + nsCOMPtr csp; + if (aLoadingPrincipal) { + nsresult rv = aLoadingPrincipal->GetCsp(getter_AddRefs(csp)); + NS_ENSURE_SUCCESS(rv, rv); + if (csp) { + channelPolicy = do_CreateInstance("@mozilla.org/nschannelpolicy;1"); + channelPolicy->SetContentSecurityPolicy(csp); + channelPolicy->SetLoadType(nsIContentPolicy::TYPE_IMAGE); + } + } + // Make the URI immutable so people won't change it under us NS_TryToSetImmutable(aURI); @@ -3018,6 +3034,7 @@ nsContentUtils::LoadImage(nsIURI* aURI, nsIDocument* aLoadingDocument, aLoadingDocument, /* uniquification key */ aLoadFlags, /* load flags */ nullptr, /* cache key */ + channelPolicy, /* CSP info */ initiatorType, /* the load initiator */ aRequest); } diff --git a/content/base/src/nsCrossSiteListenerProxy.cpp b/content/base/src/nsCrossSiteListenerProxy.cpp index 582b6336c82d..6a2ea5122a4c 100644 --- a/content/base/src/nsCrossSiteListenerProxy.cpp +++ b/content/base/src/nsCrossSiteListenerProxy.cpp @@ -1122,6 +1122,7 @@ NS_StartCORSPreflight(nsIChannel* aRequestChannel, rv = NS_NewChannelInternal(getter_AddRefs(preflightChannel), uri, loadInfo, + nullptr, // aChannelPolicy loadGroup, nullptr, // aCallbacks loadFlags); @@ -1133,6 +1134,7 @@ NS_StartCORSPreflight(nsIChannel* aRequestChannel, nsContentUtils::GetSystemPrincipal(), nsILoadInfo::SEC_NORMAL, nsIContentPolicy::TYPE_OTHER, + nullptr, // aChannelPolicy loadGroup, nullptr, // aCallbacks loadFlags); diff --git a/content/base/src/nsDocument.cpp b/content/base/src/nsDocument.cpp index 999ac719a3f8..6cb9484b13f3 100644 --- a/content/base/src/nsDocument.cpp +++ b/content/base/src/nsDocument.cpp @@ -1333,6 +1333,7 @@ nsExternalResourceMap::PendingLoad::StartLoad(nsIURI* aURI, aRequestingNode, nsILoadInfo::SEC_NORMAL, nsIContentPolicy::TYPE_OTHER, + nullptr, // aChannelPolicy loadGroup, req); // aCallbacks diff --git a/content/base/src/nsObjectLoadingContent.cpp b/content/base/src/nsObjectLoadingContent.cpp index e38c15733b09..5ca840c3a98d 100644 --- a/content/base/src/nsObjectLoadingContent.cpp +++ b/content/base/src/nsObjectLoadingContent.cpp @@ -65,6 +65,8 @@ #include "nsObjectLoadingContent.h" #include "mozAutoDocUpdate.h" #include "nsIContentSecurityPolicy.h" +#include "nsIChannelPolicy.h" +#include "nsChannelPolicy.h" #include "GeckoProfiler.h" #include "nsPluginFrame.h" #include "nsDOMClassInfo.h" @@ -2490,6 +2492,15 @@ nsObjectLoadingContent::OpenChannel() nsCOMPtr group = doc->GetDocumentLoadGroup(); nsCOMPtr chan; + nsCOMPtr channelPolicy; + nsCOMPtr csp; + rv = doc->NodePrincipal()->GetCsp(getter_AddRefs(csp)); + NS_ENSURE_SUCCESS(rv, rv); + if (csp) { + channelPolicy = do_CreateInstance("@mozilla.org/nschannelpolicy;1"); + channelPolicy->SetContentSecurityPolicy(csp); + channelPolicy->SetLoadType(nsIContentPolicy::TYPE_OBJECT); + } nsRefPtr shim = new ObjectInterfaceRequestorShim(this); @@ -2511,6 +2522,7 @@ nsObjectLoadingContent::OpenChannel() thisContent, securityFlags, nsIContentPolicy::TYPE_OBJECT, + channelPolicy, group, // aLoadGroup shim, // aCallbacks nsIChannel::LOAD_CALL_CONTENT_SNIFFERS | diff --git a/content/base/src/nsScriptLoader.cpp b/content/base/src/nsScriptLoader.cpp index 4ba7bb67f6ba..f11842915296 100644 --- a/content/base/src/nsScriptLoader.cpp +++ b/content/base/src/nsScriptLoader.cpp @@ -41,6 +41,8 @@ #include "nsDocShellCID.h" #include "nsIContentSecurityPolicy.h" #include "prlog.h" +#include "nsIChannelPolicy.h" +#include "nsChannelPolicy.h" #include "nsCRT.h" #include "nsContentCreatorFunctions.h" #include "nsCrossSiteListenerProxy.h" @@ -304,12 +306,25 @@ nsScriptLoader::StartLoad(nsScriptLoadRequest *aRequest, const nsAString &aType, return NS_OK; } + // check for a Content Security Policy to pass down to the channel + // that will be created to load the script + nsCOMPtr channelPolicy; + nsCOMPtr csp; + rv = mDocument->NodePrincipal()->GetCsp(getter_AddRefs(csp)); + NS_ENSURE_SUCCESS(rv, rv); + if (csp) { + channelPolicy = do_CreateInstance("@mozilla.org/nschannelpolicy;1"); + channelPolicy->SetContentSecurityPolicy(csp); + channelPolicy->SetLoadType(nsIContentPolicy::TYPE_SCRIPT); + } + nsCOMPtr channel; rv = NS_NewChannel(getter_AddRefs(channel), aRequest->mURI, mDocument, nsILoadInfo::SEC_NORMAL, nsIContentPolicy::TYPE_SCRIPT, + channelPolicy, loadGroup, prompter, nsIRequest::LOAD_NORMAL | diff --git a/content/base/src/nsSyncLoadService.cpp b/content/base/src/nsSyncLoadService.cpp index 6805aca44df9..3a675e1a8d6e 100644 --- a/content/base/src/nsSyncLoadService.cpp +++ b/content/base/src/nsSyncLoadService.cpp @@ -315,6 +315,7 @@ nsSyncLoadService::LoadDocument(nsIURI *aURI, nsIPrincipal *aLoaderPrincipal, aLoaderPrincipal, nsILoadInfo::SEC_NORMAL, nsIContentPolicy::TYPE_OTHER, + nullptr, // aChannelPolicy aLoadGroup); NS_ENSURE_SUCCESS(rv, rv); diff --git a/content/base/src/nsXMLHttpRequest.cpp b/content/base/src/nsXMLHttpRequest.cpp index c2cd05246cf3..80d053254314 100644 --- a/content/base/src/nsXMLHttpRequest.cpp +++ b/content/base/src/nsXMLHttpRequest.cpp @@ -51,6 +51,8 @@ #include "nsIPromptFactory.h" #include "nsIWindowWatcher.h" #include "nsIConsoleService.h" +#include "nsIChannelPolicy.h" +#include "nsChannelPolicy.h" #include "nsIContentSecurityPolicy.h" #include "nsAsyncRedirectVerifyHelper.h" #include "nsStringBuffer.h" @@ -1722,6 +1724,17 @@ nsXMLHttpRequest::Open(const nsACString& inMethod, const nsACString& url, // will be automatically aborted if the user leaves the page. nsCOMPtr loadGroup = GetLoadGroup(); + // get Content Security Policy from principal to pass into channel + nsCOMPtr channelPolicy; + nsCOMPtr csp; + rv = mPrincipal->GetCsp(getter_AddRefs(csp)); + NS_ENSURE_SUCCESS(rv, rv); + if (csp) { + channelPolicy = do_CreateInstance("@mozilla.org/nschannelpolicy;1"); + channelPolicy->SetContentSecurityPolicy(csp); + channelPolicy->SetLoadType(nsIContentPolicy::TYPE_XMLHTTPREQUEST); + } + nsSecurityFlags secFlags = nsILoadInfo::SEC_NORMAL; if (IsSystemXHR()) { // Don't give this document the system principal. We need to keep track of @@ -1741,6 +1754,7 @@ nsXMLHttpRequest::Open(const nsACString& inMethod, const nsACString& url, doc, secFlags, nsIContentPolicy::TYPE_XMLHTTPREQUEST, + channelPolicy, loadGroup, nullptr, // aCallbacks nsIRequest::LOAD_BACKGROUND); @@ -1751,6 +1765,7 @@ nsXMLHttpRequest::Open(const nsACString& inMethod, const nsACString& url, mPrincipal, secFlags, nsIContentPolicy::TYPE_XMLHTTPREQUEST, + channelPolicy, loadGroup, nullptr, // aCallbacks nsIRequest::LOAD_BACKGROUND); diff --git a/content/html/content/src/HTMLMediaElement.cpp b/content/html/content/src/HTMLMediaElement.cpp index 6a485c361ac5..616b4bd04be8 100755 --- a/content/html/content/src/HTMLMediaElement.cpp +++ b/content/html/content/src/HTMLMediaElement.cpp @@ -99,6 +99,8 @@ static PRLogModuleInfo* gMediaElementEventsLog; #endif #include "nsIContentSecurityPolicy.h" +#include "nsIChannelPolicy.h" +#include "nsChannelPolicy.h" #include "mozilla/Preferences.h" @@ -1184,12 +1186,25 @@ nsresult HTMLMediaElement::LoadResource() } nsCOMPtr loadGroup = GetDocumentLoadGroup(); + + // check for a Content Security Policy to pass down to the channel + // created to load the media content + nsCOMPtr channelPolicy; + nsCOMPtr csp; + rv = NodePrincipal()->GetCsp(getter_AddRefs(csp)); + NS_ENSURE_SUCCESS(rv,rv); + if (csp) { + channelPolicy = do_CreateInstance("@mozilla.org/nschannelpolicy;1"); + channelPolicy->SetContentSecurityPolicy(csp); + channelPolicy->SetLoadType(nsIContentPolicy::TYPE_MEDIA); + } nsCOMPtr channel; rv = NS_NewChannel(getter_AddRefs(channel), mLoadingSrc, static_cast(this), nsILoadInfo::SEC_NORMAL, nsIContentPolicy::TYPE_MEDIA, + channelPolicy, loadGroup, nullptr, // aCallbacks nsICachingChannel::LOAD_BYPASS_LOCAL_CACHE_IF_BUSY | diff --git a/content/html/content/src/HTMLTrackElement.cpp b/content/html/content/src/HTMLTrackElement.cpp index db01a4d5608c..5c21c4cc6f59 100644 --- a/content/html/content/src/HTMLTrackElement.cpp +++ b/content/html/content/src/HTMLTrackElement.cpp @@ -21,6 +21,7 @@ #include "nsIAsyncVerifyRedirectCallback.h" #include "nsICachingChannel.h" #include "nsIChannelEventSink.h" +#include "nsIChannelPolicy.h" #include "nsIContentPolicy.h" #include "nsIContentSecurityPolicy.h" #include "nsIDocument.h" @@ -236,6 +237,20 @@ HTMLTrackElement::LoadResource() CreateTextTrack(); } + // Check for a Content Security Policy to pass down to the channel + // created to load the media content. + nsCOMPtr channelPolicy; + nsCOMPtr csp; + rv = NodePrincipal()->GetCsp(getter_AddRefs(csp)); + NS_ENSURE_TRUE_VOID(NS_SUCCEEDED(rv)); + if (csp) { + channelPolicy = do_CreateInstance("@mozilla.org/nschannelpolicy;1"); + if (!channelPolicy) { + return; + } + channelPolicy->SetContentSecurityPolicy(csp); + channelPolicy->SetLoadType(nsIContentPolicy::TYPE_MEDIA); + } nsCOMPtr channel; nsCOMPtr loadGroup = OwnerDoc()->GetDocumentLoadGroup(); rv = NS_NewChannel(getter_AddRefs(channel), @@ -243,6 +258,7 @@ HTMLTrackElement::LoadResource() static_cast(this), nsILoadInfo::SEC_NORMAL, nsIContentPolicy::TYPE_MEDIA, + channelPolicy, loadGroup); NS_ENSURE_TRUE_VOID(NS_SUCCEEDED(rv)); diff --git a/content/html/document/src/nsHTMLDocument.cpp b/content/html/document/src/nsHTMLDocument.cpp index e1de1ccb2793..0678c81353db 100644 --- a/content/html/document/src/nsHTMLDocument.cpp +++ b/content/html/document/src/nsHTMLDocument.cpp @@ -1516,6 +1516,7 @@ nsHTMLDocument::Open(JSContext* cx, callerDoc, nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL, nsIContentPolicy::TYPE_OTHER, + nullptr, // aChannelPolicy group); if (rv.Failed()) { diff --git a/content/media/MediaResource.cpp b/content/media/MediaResource.cpp index 012b73f96696..0864c91dbe44 100644 --- a/content/media/MediaResource.cpp +++ b/content/media/MediaResource.cpp @@ -939,6 +939,7 @@ ChannelMediaResource::RecreateChannel() element, nsILoadInfo::SEC_NORMAL, nsIContentPolicy::TYPE_MEDIA, + nullptr, // aChannelPolicy loadGroup, nullptr, // aCallbacks loadFlags); @@ -1458,6 +1459,7 @@ already_AddRefed FileMediaResource::CloneData(MediaDecoder* aDeco element, nsILoadInfo::SEC_NORMAL, nsIContentPolicy::TYPE_MEDIA, + nullptr, // aChannelPolicy loadGroup); if (NS_FAILED(rv)) diff --git a/content/xul/document/src/XULDocument.cpp b/content/xul/document/src/XULDocument.cpp index b4f27ec5e37b..de31b1150723 100644 --- a/content/xul/document/src/XULDocument.cpp +++ b/content/xul/document/src/XULDocument.cpp @@ -2701,6 +2701,7 @@ XULDocument::LoadOverlayInternal(nsIURI* aURI, bool aIsDynamic, NodePrincipal(), nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL, nsIContentPolicy::TYPE_OTHER, + nullptr, // aChannelPolicy group); if (NS_SUCCEEDED(rv)) { diff --git a/docshell/base/nsDocShell.cpp b/docshell/base/nsDocShell.cpp index 89135644beed..f9647455116a 100644 --- a/docshell/base/nsDocShell.cpp +++ b/docshell/base/nsDocShell.cpp @@ -173,6 +173,7 @@ #endif #include "nsContentUtils.h" +#include "nsIChannelPolicy.h" #include "nsIContentSecurityPolicy.h" #include "nsILoadInfo.h" #include "nsSandboxFlags.h" @@ -10131,7 +10132,27 @@ nsDocShell::DoURILoad(nsIURI * aURI, loadFlags |= nsIChannel::LOAD_BACKGROUND; } + // check for Content Security Policy to pass along with the + // new channel we are creating + nsCOMPtr channelPolicy; if (IsFrame()) { + // check the parent docshell for a CSP + nsCOMPtr csp; + nsCOMPtr parentItem; + GetSameTypeParent(getter_AddRefs(parentItem)); + if (parentItem) { + nsCOMPtr doc = parentItem->GetDocument(); + if (doc) { + rv = doc->NodePrincipal()->GetCsp(getter_AddRefs(csp)); + NS_ENSURE_SUCCESS(rv, rv); + if (csp) { + channelPolicy = do_CreateInstance("@mozilla.org/nschannelpolicy;1"); + channelPolicy->SetContentSecurityPolicy(csp); + channelPolicy->SetLoadType(nsIContentPolicy::TYPE_SUBDOCUMENT); + } + } + } + // Only allow view-source scheme in top-level docshells. view-source is // the only scheme to which this applies at the moment due to potential // timing attacks to read data from cross-origin iframes. If this widens @@ -10200,6 +10221,7 @@ nsDocShell::DoURILoad(nsIURI * aURI, requestingPrincipal, securityFlags, aContentPolicyType, + channelPolicy, nullptr, // loadGroup static_cast(this), loadFlags); diff --git a/dom/base/Navigator.cpp b/dom/base/Navigator.cpp index 9f169c7195fb..175688100419 100644 --- a/dom/base/Navigator.cpp +++ b/dom/base/Navigator.cpp @@ -66,6 +66,7 @@ #include "mozIApplication.h" #include "WidgetUtils.h" #include "mozIThirdPartyUtil.h" +#include "nsChannelPolicy.h" #ifdef MOZ_MEDIA_NAVIGATOR #include "MediaManager.h" @@ -1048,11 +1049,26 @@ Navigator::SendBeacon(const nsAString& aUrl, } nsCOMPtr channel; + nsCOMPtr channelPolicy; + nsCOMPtr csp; + rv = principal->GetCsp(getter_AddRefs(csp)); + if (NS_FAILED(rv)) { + aRv.Throw(NS_ERROR_FAILURE); + return false; + } + + if (csp) { + channelPolicy = do_CreateInstance(NSCHANNELPOLICY_CONTRACTID); + channelPolicy->SetContentSecurityPolicy(csp); + channelPolicy->SetLoadType(nsIContentPolicy::TYPE_BEACON); + } + rv = NS_NewChannel(getter_AddRefs(channel), uri, doc, nsILoadInfo::SEC_NORMAL, - nsIContentPolicy::TYPE_BEACON); + nsIContentPolicy::TYPE_BEACON, + channelPolicy); if (NS_FAILED(rv)) { aRv.Throw(rv); diff --git a/dom/plugins/base/nsPluginHost.cpp b/dom/plugins/base/nsPluginHost.cpp index ec70c22afa0c..d8fc59477428 100644 --- a/dom/plugins/base/nsPluginHost.cpp +++ b/dom/plugins/base/nsPluginHost.cpp @@ -2857,6 +2857,7 @@ nsresult nsPluginHost::NewPluginURLStream(const nsString& aURL, principal, nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL, nsIContentPolicy::TYPE_OBJECT_SUBREQUEST, + nullptr, // aChannelPolicy nullptr, // aLoadGroup listenerPeer); diff --git a/dom/plugins/base/nsPluginStreamListenerPeer.cpp b/dom/plugins/base/nsPluginStreamListenerPeer.cpp index ab00a1d97216..54f2afb92a0a 100644 --- a/dom/plugins/base/nsPluginStreamListenerPeer.cpp +++ b/dom/plugins/base/nsPluginStreamListenerPeer.cpp @@ -662,6 +662,7 @@ nsPluginStreamListenerPeer::RequestRead(NPByteRange* rangeList) principal, nsILoadInfo::SEC_NORMAL, nsIContentPolicy::TYPE_OTHER, + nullptr, // aChannelPolicy loadGroup, callbacks); diff --git a/dom/workers/ScriptLoader.cpp b/dom/workers/ScriptLoader.cpp index 1f4b4b6841b8..c4f6aa37c082 100644 --- a/dom/workers/ScriptLoader.cpp +++ b/dom/workers/ScriptLoader.cpp @@ -6,6 +6,7 @@ #include "ScriptLoader.h" #include "nsIChannel.h" +#include "nsIChannelPolicy.h" #include "nsIContentPolicy.h" #include "nsIContentSecurityPolicy.h" #include "nsIHttpChannel.h" @@ -16,6 +17,7 @@ #include "nsIURI.h" #include "jsapi.h" +#include "nsChannelPolicy.h" #include "nsError.h" #include "nsContentPolicyUtils.h" #include "nsContentUtils.h" @@ -102,6 +104,23 @@ ChannelFromScriptURL(nsIPrincipal* principal, NS_ENSURE_SUCCESS(rv, NS_ERROR_DOM_SECURITY_ERR); } + // Get Content Security Policy from parent document to pass into channel. + nsCOMPtr csp; + rv = principal->GetCsp(getter_AddRefs(csp)); + NS_ENSURE_SUCCESS(rv, rv); + + nsCOMPtr channelPolicy; + if (csp) { + channelPolicy = do_CreateInstance(NSCHANNELPOLICY_CONTRACTID, &rv); + NS_ENSURE_SUCCESS(rv, rv); + + rv = channelPolicy->SetContentSecurityPolicy(csp); + NS_ENSURE_SUCCESS(rv, rv); + + rv = channelPolicy->SetLoadType(nsIContentPolicy::TYPE_SCRIPT); + NS_ENSURE_SUCCESS(rv, rv); + } + uint32_t flags = nsIRequest::LOAD_NORMAL | nsIChannel::LOAD_CLASSIFY_URI; nsCOMPtr channel; @@ -112,6 +131,7 @@ ChannelFromScriptURL(nsIPrincipal* principal, parentDoc, nsILoadInfo::SEC_NORMAL, nsIContentPolicy::TYPE_SCRIPT, + channelPolicy, loadGroup, nullptr, // aCallbacks flags, @@ -128,6 +148,7 @@ ChannelFromScriptURL(nsIPrincipal* principal, nullPrincipal, nsILoadInfo::SEC_NORMAL, nsIContentPolicy::TYPE_SCRIPT, + channelPolicy, loadGroup, nullptr, // aCallbacks flags, diff --git a/dom/xbl/nsXBLService.cpp b/dom/xbl/nsXBLService.cpp index eac4d6c9fa03..22d2b07d370b 100644 --- a/dom/xbl/nsXBLService.cpp +++ b/dom/xbl/nsXBLService.cpp @@ -1076,6 +1076,7 @@ nsXBLService::FetchBindingDocument(nsIContent* aBoundElement, nsIDocument* aBoun requestingPrincipal, nsILoadInfo::SEC_NORMAL, nsIContentPolicy::TYPE_OTHER, + nullptr, // aChannelPolicy loadGroup); NS_ENSURE_SUCCESS(rv, rv); diff --git a/dom/xml/XMLDocument.cpp b/dom/xml/XMLDocument.cpp index 2d1bc1d20974..ebd093a5f548 100644 --- a/dom/xml/XMLDocument.cpp +++ b/dom/xml/XMLDocument.cpp @@ -449,6 +449,7 @@ XMLDocument::Load(const nsAString& aUrl, ErrorResult& aRv) static_cast(this), nsILoadInfo::SEC_NORMAL, nsIContentPolicy::TYPE_XMLHTTPREQUEST, + nullptr, // aChannelPolicy loadGroup, req, nsIRequest::LOAD_BACKGROUND); diff --git a/dom/xslt/base/txURIUtils.cpp b/dom/xslt/base/txURIUtils.cpp index b2a78db2e47d..ebcc484d21d6 100644 --- a/dom/xslt/base/txURIUtils.cpp +++ b/dom/xslt/base/txURIUtils.cpp @@ -64,6 +64,7 @@ URIUtils::ResetWithSource(nsIDocument *aNewDoc, nsIDOMNode *aSourceNode) sourceDoc, nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL, nsIContentPolicy::TYPE_OTHER, + nullptr, // aChannelPolicy loadGroup); if (NS_FAILED(rv)) { diff --git a/embedding/browser/nsContextMenuInfo.cpp b/embedding/browser/nsContextMenuInfo.cpp index 0b4733071c0b..6a15401444b2 100644 --- a/embedding/browser/nsContextMenuInfo.cpp +++ b/embedding/browser/nsContextMenuInfo.cpp @@ -23,6 +23,7 @@ #include "nsUnicharUtils.h" #include "nsIDocument.h" #include "nsIPrincipal.h" +#include "nsIChannelPolicy.h" #include "nsIContentSecurityPolicy.h" #include "nsIContentPolicy.h" #include "nsAutoPtr.h" @@ -267,9 +268,22 @@ nsContextMenuInfo::GetBackgroundImageRequestInternal(nsIDOMNode *aDOMNode, imgRe nsCOMPtr primitiveValue; nsAutoString bgStringValue; + // get Content Security Policy to pass to LoadImage nsCOMPtr doc(do_QueryInterface(document)); - nsCOMPtr principal = doc ? doc->NodePrincipal() : nullptr; - + nsCOMPtr principal; + nsCOMPtr channelPolicy; + nsCOMPtr csp; + if (doc) { + principal = doc->NodePrincipal(); + nsresult rv = principal->GetCsp(getter_AddRefs(csp)); + NS_ENSURE_SUCCESS(rv, rv); + if (csp) { + channelPolicy = do_CreateInstance("@mozilla.org/nschannelpolicy;1"); + channelPolicy->SetContentSecurityPolicy(csp); + channelPolicy->SetLoadType(nsIContentPolicy::TYPE_IMAGE); + } + } + while (true) { nsCOMPtr domElement(do_QueryInterface(domNode)); // bail for the parent node of the root element or null argument @@ -296,7 +310,7 @@ nsContextMenuInfo::GetBackgroundImageRequestInternal(nsIDOMNode *aDOMNode, imgRe return il->LoadImage(bgUri, nullptr, nullptr, principal, nullptr, nullptr, nullptr, nsIRequest::LOAD_NORMAL, - nullptr, EmptyString(), aRequest); + nullptr, channelPolicy, EmptyString(), aRequest); } } diff --git a/embedding/components/webbrowserpersist/nsWebBrowserPersist.cpp b/embedding/components/webbrowserpersist/nsWebBrowserPersist.cpp index dad12ded7f69..cbfef03aa9fa 100644 --- a/embedding/components/webbrowserpersist/nsWebBrowserPersist.cpp +++ b/embedding/components/webbrowserpersist/nsWebBrowserPersist.cpp @@ -1205,6 +1205,7 @@ nsresult nsWebBrowserPersist::SaveURIInternal( nsContentUtils::GetSystemPrincipal(), nsILoadInfo::SEC_NORMAL, nsIContentPolicy::TYPE_OTHER, + nullptr, // aChannelPolicy nullptr, // aLoadGroup static_cast(this), loadFlags); diff --git a/extensions/pref/autoconfig/src/nsAutoConfig.cpp b/extensions/pref/autoconfig/src/nsAutoConfig.cpp index 8b81bbef5e3c..565bdb20ca25 100644 --- a/extensions/pref/autoconfig/src/nsAutoConfig.cpp +++ b/extensions/pref/autoconfig/src/nsAutoConfig.cpp @@ -285,6 +285,7 @@ nsresult nsAutoConfig::downloadAutoConfig() nsContentUtils::GetSystemPrincipal(), nsILoadInfo::SEC_NORMAL, nsIContentPolicy::TYPE_OTHER, + nullptr, // aChannelPolicy nullptr, // loadGroup nullptr, // aCallbacks nsIRequest::INHIBIT_PERSISTENT_CACHING | diff --git a/image/public/imgILoader.idl b/image/public/imgILoader.idl index b47c34b092da..cf751632aae7 100644 --- a/image/public/imgILoader.idl +++ b/image/public/imgILoader.idl @@ -16,6 +16,7 @@ interface nsIStreamListener; interface nsIURI; interface nsISimpleEnumerator; +interface nsIChannelPolicy; #include "nsIRequest.idl" // for nsLoadFlags @@ -61,7 +62,8 @@ interface imgILoader : nsISupports in imgINotificationObserver aObserver, in nsISupports aCX, in nsLoadFlags aLoadFlags, - in nsISupports cacheKey); + in nsISupports cacheKey, + in nsIChannelPolicy channelPolicy); /** * Start the load and decode of an image. diff --git a/image/src/imgLoader.cpp b/image/src/imgLoader.cpp index a96e00796d4c..0ac8d497a9dc 100644 --- a/image/src/imgLoader.cpp +++ b/image/src/imgLoader.cpp @@ -635,6 +635,7 @@ static nsresult NewImageChannel(nsIChannel **aResult, nsILoadGroup *aLoadGroup, const nsCString& aAcceptHeader, nsLoadFlags aLoadFlags, + nsIChannelPolicy *aPolicy, nsIPrincipal *aLoadingPrincipal, nsISupports *aRequestingContext) { @@ -690,6 +691,7 @@ static nsresult NewImageChannel(nsIChannel **aResult, requestingPrincipal, securityFlags, nsIContentPolicy::TYPE_IMAGE, + aPolicy, nullptr, // loadGroup callbacks, aLoadFlags); @@ -1443,6 +1445,7 @@ bool imgLoader::ValidateRequestWithNewChannel(imgRequest *request, nsISupports *aCX, nsLoadFlags aLoadFlags, imgRequestProxy **aProxyRequest, + nsIChannelPolicy *aPolicy, nsIPrincipal* aLoadingPrincipal, int32_t aCORSMode) { @@ -1490,6 +1493,7 @@ bool imgLoader::ValidateRequestWithNewChannel(imgRequest *request, aLoadGroup, mAcceptHeader, aLoadFlags, + aPolicy, aLoadingPrincipal, aCX); if (NS_FAILED(rv)) { @@ -1569,6 +1573,7 @@ bool imgLoader::ValidateEntry(imgCacheEntry *aEntry, nsLoadFlags aLoadFlags, bool aCanMakeNewChannel, imgRequestProxy **aProxyRequest, + nsIChannelPolicy *aPolicy, nsIPrincipal* aLoadingPrincipal, int32_t aCORSMode) { @@ -1673,7 +1678,7 @@ bool imgLoader::ValidateEntry(imgCacheEntry *aEntry, return ValidateRequestWithNewChannel(request, aURI, aInitialDocumentURI, aReferrerURI, aLoadGroup, aObserver, - aCX, aLoadFlags, aProxyRequest, + aCX, aLoadFlags, aProxyRequest, aPolicy, aLoadingPrincipal, aCORSMode); } @@ -1848,6 +1853,7 @@ NS_IMETHODIMP imgLoader::LoadImageXPCOM(nsIURI *aURI, nsISupports *aCX, nsLoadFlags aLoadFlags, nsISupports *aCacheKey, + nsIChannelPolicy *aPolicy, imgIRequest **_retval) { imgRequestProxy *proxy; @@ -1860,32 +1866,29 @@ NS_IMETHODIMP imgLoader::LoadImageXPCOM(nsIURI *aURI, aCX, aLoadFlags, aCacheKey, + aPolicy, EmptyString(), &proxy); *_retval = proxy; return result; } -// imgIRequest loadImage(in nsIURI aURI, -// in nsIURI aInitialDocumentURL, -// in nsIURI aReferrerURI, -// in nsIPrincipal aLoadingPrincipal, -// in nsILoadGroup aLoadGroup, -// in imgINotificationObserver aObserver, -// in nsISupports aCX, -// in nsLoadFlags aLoadFlags, -// in nsISupports cacheKey); + + +/* imgIRequest loadImage(in nsIURI aURI, in nsIURI aInitialDocumentURL, in nsIURI aReferrerURI, in nsIPrincipal aLoadingPrincipal, in nsILoadGroup aLoadGroup, in imgINotificationObserver aObserver, in nsISupports aCX, in nsLoadFlags aLoadFlags, in nsISupports cacheKey, in nsIChannelPolicy channelPolicy); */ + nsresult imgLoader::LoadImage(nsIURI *aURI, - nsIURI *aInitialDocumentURI, - nsIURI *aReferrerURI, - nsIPrincipal* aLoadingPrincipal, - nsILoadGroup *aLoadGroup, - imgINotificationObserver *aObserver, - nsISupports *aCX, - nsLoadFlags aLoadFlags, - nsISupports *aCacheKey, - const nsAString& initiatorType, - imgRequestProxy **_retval) + nsIURI *aInitialDocumentURI, + nsIURI *aReferrerURI, + nsIPrincipal* aLoadingPrincipal, + nsILoadGroup *aLoadGroup, + imgINotificationObserver *aObserver, + nsISupports *aCX, + nsLoadFlags aLoadFlags, + nsISupports *aCacheKey, + nsIChannelPolicy *aPolicy, + const nsAString& initiatorType, + imgRequestProxy **_retval) { VerifyCacheSizes(); @@ -1963,7 +1966,7 @@ nsresult imgLoader::LoadImage(nsIURI *aURI, if (cache.Get(spec, getter_AddRefs(entry)) && entry) { if (ValidateEntry(entry, aURI, aInitialDocumentURI, aReferrerURI, aLoadGroup, aObserver, aCX, requestFlags, true, - _retval, aLoadingPrincipal, corsmode)) { + _retval, aPolicy, aLoadingPrincipal, corsmode)) { request = entry->GetRequest(); // If this entry has no proxies, its request has no reference to the entry. @@ -2005,6 +2008,7 @@ nsresult imgLoader::LoadImage(nsIURI *aURI, aLoadGroup, mAcceptHeader, requestFlags, + aPolicy, aLoadingPrincipal, aCX); if (NS_FAILED(rv)) @@ -2188,7 +2192,7 @@ nsresult imgLoader::LoadImageWithChannel(nsIChannel *channel, imgINotificationOb // XXX -- should this be changed? it's pretty much verbatim from the old // code, but seems nonsensical. if (ValidateEntry(entry, uri, nullptr, nullptr, nullptr, aObserver, aCX, - requestFlags, false, nullptr, nullptr, + requestFlags, false, nullptr, nullptr, nullptr, imgIRequest::CORS_NONE)) { request = entry->GetRequest(); } else { diff --git a/image/src/imgLoader.h b/image/src/imgLoader.h index 620457651086..334a3a16b260 100644 --- a/image/src/imgLoader.h +++ b/image/src/imgLoader.h @@ -29,6 +29,7 @@ class imgINotificationObserver; class nsILoadGroup; class imgCacheExpirationTracker; class imgMemoryReporter; +class nsIChannelPolicy; namespace mozilla { namespace image { @@ -257,6 +258,7 @@ public: nsISupports *aCX, nsLoadFlags aLoadFlags, nsISupports *aCacheKey, + nsIChannelPolicy *aPolicy, const nsAString& initiatorType, imgRequestProxy **_retval); nsresult LoadImageWithChannel(nsIChannel *channel, @@ -338,6 +340,7 @@ private: // methods imgINotificationObserver *aObserver, nsISupports *aCX, nsLoadFlags aLoadFlags, bool aCanMakeNewChannel, imgRequestProxy **aProxyRequest, + nsIChannelPolicy *aPolicy, nsIPrincipal* aLoadingPrincipal, int32_t aCORSMode); @@ -348,6 +351,7 @@ private: // methods imgINotificationObserver *aObserver, nsISupports *aCX, nsLoadFlags aLoadFlags, imgRequestProxy **aProxyRequest, + nsIChannelPolicy *aPolicy, nsIPrincipal* aLoadingPrincipal, int32_t aCORSMode); diff --git a/image/test/unit/async_load_tests.js b/image/test/unit/async_load_tests.js index c4cdcd0730c0..970ae812ee86 100644 --- a/image/test/unit/async_load_tests.js +++ b/image/test/unit/async_load_tests.js @@ -96,7 +96,7 @@ function checkSecondLoad() var listener = new ImageListener(checkClone, secondLoadDone); var outer = Cc["@mozilla.org/image/tools;1"].getService(Ci.imgITools) .createScriptedObserver(listener); - requests.push(gCurrentLoader.loadImageXPCOM(uri, null, null, null, null, outer, null, 0, null)); + requests.push(gCurrentLoader.loadImageXPCOM(uri, null, null, null, null, outer, null, 0, null, null)); listener.synchronous = false; } @@ -194,7 +194,7 @@ function startImageCallback(otherCb) var listener2 = new ImageListener(null, function(foo, bar) { do_test_finished(); }); var outer = Cc["@mozilla.org/image/tools;1"].getService(Ci.imgITools) .createScriptedObserver(listener2); - requests.push(gCurrentLoader.loadImageXPCOM(uri, null, null, null, null, outer, null, 0, null)); + requests.push(gCurrentLoader.loadImageXPCOM(uri, null, null, null, null, outer, null, 0, null, null)); listener2.synchronous = false; // Now that we've started another load, chain to the callback. @@ -221,7 +221,7 @@ function run_test() var listener = new ImageListener(startImageCallback(checkClone), firstLoadDone); var outer = Cc["@mozilla.org/image/tools;1"].getService(Ci.imgITools) .createScriptedObserver(listener); - var req = gCurrentLoader.loadImageXPCOM(uri, null, null, null, null, outer, null, 0, null); + var req = gCurrentLoader.loadImageXPCOM(uri, null, null, null, null, outer, null, 0, null, null); requests.push(req); // Ensure that we don't cause any mayhem when we lock an image. diff --git a/image/test/unit/test_private_channel.js b/image/test/unit/test_private_channel.js index 318dece2afa1..36aa8ee784c5 100644 --- a/image/test/unit/test_private_channel.js +++ b/image/test/unit/test_private_channel.js @@ -77,7 +77,7 @@ function loadImage(isPrivate, callback) { var loadGroup = Cc["@mozilla.org/network/load-group;1"].createInstance(Ci.nsILoadGroup); loadGroup.notificationCallbacks = new NotificationCallbacks(isPrivate); var loader = isPrivate ? gPrivateLoader : gPublicLoader; - requests.push(loader.loadImageXPCOM(uri, null, null, null, loadGroup, outer, null, 0, null)); + requests.push(loader.loadImageXPCOM(uri, null, null, null, loadGroup, outer, null, 0, null, null)); listener.synchronous = false; } diff --git a/js/xpconnect/loader/mozJSSubScriptLoader.cpp b/js/xpconnect/loader/mozJSSubScriptLoader.cpp index 9cbec3d8e05a..ce6c072c1a72 100644 --- a/js/xpconnect/loader/mozJSSubScriptLoader.cpp +++ b/js/xpconnect/loader/mozJSSubScriptLoader.cpp @@ -113,6 +113,7 @@ mozJSSubScriptLoader::ReadScript(nsIURI *uri, JSContext *cx, JSObject *targetObj nsContentUtils::GetSystemPrincipal(), nsILoadInfo::SEC_NORMAL, nsIContentPolicy::TYPE_OTHER, + nullptr, // aChannelPolicy nullptr, // aLoadGroup nullptr, // aCallbacks nsIRequest::LOAD_NORMAL, diff --git a/layout/build/nsLayoutModule.cpp b/layout/build/nsLayoutModule.cpp index 24d4fdb82bfe..e0ad0f35c1ee 100644 --- a/layout/build/nsLayoutModule.cpp +++ b/layout/build/nsLayoutModule.cpp @@ -61,6 +61,7 @@ #include "mozilla/dom/DOMParser.h" #include "nsDOMSerializer.h" #include "nsXMLHttpRequest.h" +#include "nsChannelPolicy.h" // view stuff #include "nsContentCreatorFunctions.h" @@ -282,6 +283,7 @@ NS_GENERIC_FACTORY_CONSTRUCTOR(DOMParser) NS_GENERIC_FACTORY_CONSTRUCTOR(Exception) NS_GENERIC_FACTORY_CONSTRUCTOR(DOMSessionStorageManager) NS_GENERIC_FACTORY_CONSTRUCTOR(DOMLocalStorageManager) +NS_GENERIC_FACTORY_CONSTRUCTOR(nsChannelPolicy) NS_GENERIC_FACTORY_SINGLETON_CONSTRUCTOR(DOMRequestService, DOMRequestService::FactoryCreate) NS_GENERIC_FACTORY_SINGLETON_CONSTRUCTOR(QuotaManager, @@ -751,6 +753,7 @@ NS_DEFINE_NAMED_CID(NS_EVENTLISTENERSERVICE_CID); NS_DEFINE_NAMED_CID(NS_GLOBALMESSAGEMANAGER_CID); NS_DEFINE_NAMED_CID(NS_PARENTPROCESSMESSAGEMANAGER_CID); NS_DEFINE_NAMED_CID(NS_CHILDPROCESSMESSAGEMANAGER_CID); +NS_DEFINE_NAMED_CID(NSCHANNELPOLICY_CID); NS_DEFINE_NAMED_CID(NS_SCRIPTSECURITYMANAGER_CID); NS_DEFINE_NAMED_CID(NS_PRINCIPAL_CID); NS_DEFINE_NAMED_CID(NS_SYSTEMPRINCIPAL_CID); @@ -1045,6 +1048,7 @@ static const mozilla::Module::CIDEntry kLayoutCIDs[] = { { &kNS_GLOBALMESSAGEMANAGER_CID, false, nullptr, CreateGlobalMessageManager }, { &kNS_PARENTPROCESSMESSAGEMANAGER_CID, false, nullptr, CreateParentMessageManager }, { &kNS_CHILDPROCESSMESSAGEMANAGER_CID, false, nullptr, CreateChildMessageManager }, + { &kNSCHANNELPOLICY_CID, false, nullptr, nsChannelPolicyConstructor }, { &kNS_SCRIPTSECURITYMANAGER_CID, false, nullptr, Construct_nsIScriptSecurityManager }, { &kNS_PRINCIPAL_CID, false, nullptr, nsPrincipalConstructor }, { &kNS_SYSTEMPRINCIPAL_CID, false, nullptr, nsSystemPrincipalConstructor }, @@ -1202,6 +1206,7 @@ static const mozilla::Module::ContractIDEntry kLayoutContracts[] = { { NS_GLOBALMESSAGEMANAGER_CONTRACTID, &kNS_GLOBALMESSAGEMANAGER_CID }, { NS_PARENTPROCESSMESSAGEMANAGER_CONTRACTID, &kNS_PARENTPROCESSMESSAGEMANAGER_CID }, { NS_CHILDPROCESSMESSAGEMANAGER_CONTRACTID, &kNS_CHILDPROCESSMESSAGEMANAGER_CID }, + { NSCHANNELPOLICY_CONTRACTID, &kNSCHANNELPOLICY_CID }, { NS_SCRIPTSECURITYMANAGER_CONTRACTID, &kNS_SCRIPTSECURITYMANAGER_CID }, { NS_GLOBAL_CHANNELEVENTSINK_CONTRACTID, &kNS_SCRIPTSECURITYMANAGER_CID }, { NS_PRINCIPAL_CONTRACTID, &kNS_PRINCIPAL_CID }, diff --git a/layout/generic/nsImageFrame.cpp b/layout/generic/nsImageFrame.cpp index 6b67ee2d55f9..c742c78225b0 100644 --- a/layout/generic/nsImageFrame.cpp +++ b/layout/generic/nsImageFrame.cpp @@ -1931,6 +1931,7 @@ nsImageFrame::LoadIcon(const nsAString& aSpec, nullptr, /* Not associated with any particular document */ loadFlags, nullptr, + nullptr, /* channel policy not needed */ EmptyString(), aRequest); } diff --git a/layout/style/FontFaceSet.cpp b/layout/style/FontFaceSet.cpp index 571aaf7f1547..59ed4f9fc09e 100644 --- a/layout/style/FontFaceSet.cpp +++ b/layout/style/FontFaceSet.cpp @@ -19,6 +19,7 @@ #include "mozilla/AsyncEventDispatcher.h" #include "nsCrossSiteListenerProxy.h" #include "nsFontFaceLoader.h" +#include "nsIChannelPolicy.h" #include "nsIConsoleService.h" #include "nsIContentPolicy.h" #include "nsIContentSecurityPolicy.h" @@ -396,6 +397,16 @@ FontFaceSet::StartLoad(gfxUserFontEntry* aUserFontEntry, nsCOMPtr loadGroup(ps->GetDocument()->GetDocumentLoadGroup()); nsCOMPtr channel; + // get Content Security Policy from principal to pass into channel + nsCOMPtr channelPolicy; + nsCOMPtr csp; + rv = aUserFontEntry->GetPrincipal()->GetCsp(getter_AddRefs(csp)); + NS_ENSURE_SUCCESS(rv, rv); + if (csp) { + channelPolicy = do_CreateInstance("@mozilla.org/nschannelpolicy;1"); + channelPolicy->SetContentSecurityPolicy(csp); + channelPolicy->SetLoadType(nsIContentPolicy::TYPE_FONT); + } // Note we are calling NS_NewChannelInternal() with both a node and a // principal. This is because the document where the font is being loaded // might have a different origin from the principal of the stylesheet @@ -406,6 +417,7 @@ FontFaceSet::StartLoad(gfxUserFontEntry* aUserFontEntry, aUserFontEntry->GetPrincipal(), nsILoadInfo::SEC_NORMAL, nsIContentPolicy::TYPE_FONT, + channelPolicy, loadGroup); NS_ENSURE_SUCCESS(rv, rv); @@ -1142,6 +1154,17 @@ FontFaceSet::SyncLoadFontData(gfxUserFontEntry* aFontToLoad, nsresult rv; nsCOMPtr channel; + // get Content Security Policy from principal to pass into channel + nsCOMPtr channelPolicy; + nsCOMPtr csp; + rv = aFontToLoad->GetPrincipal()->GetCsp(getter_AddRefs(csp)); + NS_ENSURE_SUCCESS(rv, rv); + if (csp) { + channelPolicy = do_CreateInstance("@mozilla.org/nschannelpolicy;1"); + channelPolicy->SetContentSecurityPolicy(csp); + channelPolicy->SetLoadType(nsIContentPolicy::TYPE_FONT); + } + nsIPresShell* ps = mPresContext->PresShell(); if (!ps) { return NS_ERROR_FAILURE; @@ -1155,7 +1178,8 @@ FontFaceSet::SyncLoadFontData(gfxUserFontEntry* aFontToLoad, ps->GetDocument(), aFontToLoad->GetPrincipal(), nsILoadInfo::SEC_NORMAL, - nsIContentPolicy::TYPE_FONT); + nsIContentPolicy::TYPE_FONT, + channelPolicy); NS_ENSURE_SUCCESS(rv, rv); diff --git a/layout/style/Loader.cpp b/layout/style/Loader.cpp index e0f480c2f6e6..4e82b4e83b0a 100644 --- a/layout/style/Loader.cpp +++ b/layout/style/Loader.cpp @@ -60,6 +60,7 @@ #include "nsIDOMStyleSheet.h" #include "nsError.h" +#include "nsIChannelPolicy.h" #include "nsIContentSecurityPolicy.h" #include "mozilla/dom/EncodingUtils.h" @@ -1551,10 +1552,20 @@ Loader::LoadSheet(SheetLoadData* aLoadData, StyleSheetState aSheetState) mSyncCallback = true; #endif nsCOMPtr loadGroup; + // Content Security Policy information to pass into channel + nsCOMPtr channelPolicy; if (mDocument) { loadGroup = mDocument->GetDocumentLoadGroup(); NS_ASSERTION(loadGroup, "No loadgroup for stylesheet; onload will fire early"); + nsCOMPtr csp; + rv = mDocument->NodePrincipal()->GetCsp(getter_AddRefs(csp)); + NS_ENSURE_SUCCESS(rv, rv); + if (csp) { + channelPolicy = do_CreateInstance("@mozilla.org/nschannelpolicy;1"); + channelPolicy->SetContentSecurityPolicy(csp); + channelPolicy->SetLoadType(nsIContentPolicy::TYPE_STYLESHEET); + } } nsLoadFlags securityFlags = nsILoadInfo::SEC_NORMAL; @@ -1573,6 +1584,7 @@ Loader::LoadSheet(SheetLoadData* aLoadData, StyleSheetState aSheetState) requestingPrincipal, securityFlags, nsIContentPolicy::TYPE_STYLESHEET, + channelPolicy, loadGroup, nullptr, // aCallbacks nsIChannel::LOAD_NORMAL | diff --git a/modules/libjar/nsJARChannel.cpp b/modules/libjar/nsJARChannel.cpp index c712544f2d5c..99230e006793 100644 --- a/modules/libjar/nsJARChannel.cpp +++ b/modules/libjar/nsJARChannel.cpp @@ -13,6 +13,7 @@ #include "nsIPrefService.h" #include "nsIPrefBranch.h" #include "nsIViewSourceChannel.h" +#include "nsChannelProperties.h" #include "nsContentUtils.h" #include "nsProxyRelease.h" diff --git a/netwerk/base/public/moz.build b/netwerk/base/public/moz.build index ecba3e7344bb..9bde21513032 100644 --- a/netwerk/base/public/moz.build +++ b/netwerk/base/public/moz.build @@ -29,6 +29,7 @@ XPIDL_SOURCES += [ 'nsICancelable.idl', 'nsIChannel.idl', 'nsIChannelEventSink.idl', + 'nsIChannelPolicy.idl', 'nsIChildChannel.idl', 'nsIContentSniffer.idl', 'nsICryptoFIPSInfo.idl', @@ -136,6 +137,8 @@ EXPORTS += [ 'netCore.h', 'nsASocketHandler.h', 'nsAsyncRedirectVerifyHelper.h', + 'nsChannelProperties.h', + 'nsNetStrings.h', 'nsNetUtil.h', 'nsReadLine.h', 'nsStreamListenerWrapper.h', diff --git a/netwerk/base/public/nsChannelProperties.h b/netwerk/base/public/nsChannelProperties.h new file mode 100644 index 000000000000..0323a6f39d13 --- /dev/null +++ b/netwerk/base/public/nsChannelProperties.h @@ -0,0 +1,35 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef nsChannelProperties_h__ +#define nsChannelProperties_h__ + +#include "nsStringGlue.h" +#ifdef IMPL_LIBXUL +#include "nsNetStrings.h" +#endif + +/** + * @file + * This file contains constants for properties channels can expose. + * They can be accessed by using QueryInterface to access the nsIPropertyBag + * or nsIPropertyBag2 interface on a channel and reading the value. + */ + + +/** + * Exists to allow content policy mechanism to function properly during channel + * redirects. Contains security contextual information about the load. + * Type: nsIChannelPolicy + */ +#define NS_CHANNEL_PROP_CHANNEL_POLICY_STR "channel-policy" + +#ifdef IMPL_LIBXUL +#define NS_CHANNEL_PROP_CHANNEL_POLICY gNetStrings->kChannelPolicy +#else +#define NS_CHANNEL_PROP_CHANNEL_POLICY \ + NS_LITERAL_STRING(NS_CHANNEL_PROP_CHANNEL_POLICY_STR) +#endif + +#endif diff --git a/netwerk/base/public/nsIChannelPolicy.idl b/netwerk/base/public/nsIChannelPolicy.idl new file mode 100644 index 000000000000..5894db08fcc0 --- /dev/null +++ b/netwerk/base/public/nsIChannelPolicy.idl @@ -0,0 +1,29 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsISupports.idl" + +/** + * A container for policy information to be used during channel creation. + * + * This interface exists to allow the content policy mechanism to function + * properly during channel redirects. Channels can be created with this + * interface placed in the property bag and upon redirect, the interface can + * be transferred from the old channel to the new channel. + */ +[scriptable, uuid(18045e96-1afe-4162-837a-04691267158c)] +interface nsIChannelPolicy : nsISupports +{ + /** + * Indicates what type of content is being loaded, e.g. + * nsIContentPolicy::TYPE_IMAGE + */ + attribute unsigned long loadType; + + /** + * A nsIContentSecurityPolicy object to determine if the load should + * be allowed. + */ + attribute nsISupports contentSecurityPolicy; +}; diff --git a/netwerk/base/public/nsNetStrings.h b/netwerk/base/public/nsNetStrings.h new file mode 100644 index 000000000000..653c34dc3f77 --- /dev/null +++ b/netwerk/base/public/nsNetStrings.h @@ -0,0 +1,24 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef nsNetStrings_h__ +#define nsNetStrings_h__ + +#include "nsLiteralString.h" + +/** + * Class on which wide strings are available, to avoid constructing strings + * wherever these strings are used. + */ +class nsNetStrings { +public: + nsNetStrings(); + + const nsLiteralString kChannelPolicy; +}; + +extern nsNetStrings* gNetStrings; + + +#endif diff --git a/netwerk/base/public/nsNetUtil.h b/netwerk/base/public/nsNetUtil.h index 60cf2e1ee7d6..a27d01f19613 100644 --- a/netwerk/base/public/nsNetUtil.h +++ b/netwerk/base/public/nsNetUtil.h @@ -32,6 +32,7 @@ #include "nsIIOService.h" #include "nsIServiceManager.h" #include "nsIChannel.h" +#include "nsChannelProperties.h" #include "nsIInputStreamChannel.h" #include "nsITransport.h" #include "nsIStreamTransportService.h" @@ -68,6 +69,7 @@ #include "nsIWritablePropertyBag2.h" #include "nsIIDNService.h" #include "nsIChannelEventSink.h" +#include "nsIChannelPolicy.h" #include "nsISocketProviderService.h" #include "nsISocketProvider.h" #include "nsIRedirectChannelRegistrar.h" @@ -200,6 +202,7 @@ inline nsresult NS_NewChannelInternal(nsIChannel** outChannel, nsIURI* aUri, nsILoadInfo* aLoadInfo, + nsIChannelPolicy* aChannelPolicy = nullptr, nsILoadGroup* aLoadGroup = nullptr, nsIInterfaceRequestor* aCallbacks = nullptr, nsLoadFlags aLoadFlags = nsIRequest::LOAD_NORMAL, @@ -233,6 +236,14 @@ NS_NewChannelInternal(nsIChannel** outChannel, rv = channel->SetLoadFlags(aLoadFlags | (normalLoadFlags & nsIChannel::LOAD_REPLACE)); NS_ENSURE_SUCCESS(rv, rv); } + + if (aChannelPolicy) { + nsCOMPtr props = do_QueryInterface(channel); + if (props) { + props->SetPropertyAsInterface(NS_CHANNEL_PROP_CHANNEL_POLICY, aChannelPolicy); + } + } + channel->SetLoadInfo(aLoadInfo); // If we're sandboxed, make sure to clear any owner the channel @@ -252,6 +263,7 @@ NS_NewChannelInternal(nsIChannel** outChannel, nsIPrincipal* aRequestingPrincipal, nsSecurityFlags aSecurityFlags, nsContentPolicyType aContentPolicyType, + nsIChannelPolicy* aChannelPolicy = nullptr, nsILoadGroup* aLoadGroup = nullptr, nsIInterfaceRequestor* aCallbacks = nullptr, nsLoadFlags aLoadFlags = nsIRequest::LOAD_NORMAL, @@ -270,6 +282,7 @@ NS_NewChannelInternal(nsIChannel** outChannel, return NS_NewChannelInternal(outChannel, aUri, loadInfo, + aChannelPolicy, aLoadGroup, aCallbacks, aLoadFlags, @@ -282,6 +295,7 @@ NS_NewChannel(nsIChannel** outChannel, nsINode* aRequestingNode, nsSecurityFlags aSecurityFlags, nsContentPolicyType aContentPolicyType, + nsIChannelPolicy* aChannelPolicy = nullptr, nsILoadGroup* aLoadGroup = nullptr, nsIInterfaceRequestor* aCallbacks = nullptr, nsLoadFlags aLoadFlags = nsIRequest::LOAD_NORMAL, @@ -294,6 +308,7 @@ NS_NewChannel(nsIChannel** outChannel, aRequestingNode->NodePrincipal(), aSecurityFlags, aContentPolicyType, + aChannelPolicy, aLoadGroup, aCallbacks, aLoadFlags, @@ -306,6 +321,7 @@ NS_NewChannel(nsIChannel** outChannel, nsIPrincipal* aRequestingPrincipal, nsSecurityFlags aSecurityFlags, nsContentPolicyType aContentPolicyType, + nsIChannelPolicy* aChannelPolicy = nullptr, nsILoadGroup* aLoadGroup = nullptr, nsIInterfaceRequestor* aCallbacks = nullptr, nsLoadFlags aLoadFlags = nsIRequest::LOAD_NORMAL, @@ -317,6 +333,7 @@ NS_NewChannel(nsIChannel** outChannel, aRequestingPrincipal, aSecurityFlags, aContentPolicyType, + aChannelPolicy, aLoadGroup, aCallbacks, aLoadFlags, @@ -349,6 +366,7 @@ NS_OpenURIInternal(nsIInputStream** outStream, aRequestingPrincipal, aSecurityFlags, aContentPolicyType, + nullptr, // aChannelPolicy, aLoadGroup, aCallbacks, aLoadFlags, @@ -405,6 +423,7 @@ NS_OpenURIInternal(nsIStreamListener* aListener, nsresult rv = NS_NewChannelInternal(getter_AddRefs(channel), aUri, aLoadInfo, + nullptr, // aChannelPolicy aLoadGroup, aCallbacks, aLoadFlags, @@ -815,6 +834,7 @@ NS_NewStreamLoaderInternal(nsIStreamLoader** outStream, aRequestingPrincipal, aSecurityFlags, aContentPolicyType, + nullptr, // aChannelPolicy aLoadGroup, aCallbacks, aLoadFlags); diff --git a/netwerk/base/src/moz.build b/netwerk/base/src/moz.build index 9539524bbaf8..0fb2fc3a97c1 100644 --- a/netwerk/base/src/moz.build +++ b/netwerk/base/src/moz.build @@ -47,6 +47,7 @@ UNIFIED_SOURCES += [ 'nsMediaFragmentURIParser.cpp', 'nsMIMEInputStream.cpp', 'nsNetAddr.cpp', + 'nsNetStrings.cpp', 'nsNetUtil.cpp', 'nsPACMan.cpp', 'nsPreloadedStream.cpp', diff --git a/netwerk/base/src/nsIncrementalDownload.cpp b/netwerk/base/src/nsIncrementalDownload.cpp index d13a81213ab7..5859f50b1d02 100644 --- a/netwerk/base/src/nsIncrementalDownload.cpp +++ b/netwerk/base/src/nsIncrementalDownload.cpp @@ -267,6 +267,7 @@ nsIncrementalDownload::ProcessTimeout() nsContentUtils::GetSystemPrincipal(), nsILoadInfo::SEC_NORMAL, nsIContentPolicy::TYPE_OTHER, + nullptr, // aChannelPolicy nullptr, // loadGroup this, // aCallbacks mLoadFlags); diff --git a/netwerk/base/src/nsNetStrings.cpp b/netwerk/base/src/nsNetStrings.cpp new file mode 100644 index 000000000000..cd3ebfac3037 --- /dev/null +++ b/netwerk/base/src/nsNetStrings.cpp @@ -0,0 +1,14 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsNetStrings.h" +#include "nsChannelProperties.h" + +nsNetStrings* gNetStrings; + +nsNetStrings::nsNetStrings() + : NS_LITERAL_STRING_INIT(kChannelPolicy, NS_CHANNEL_PROP_CHANNEL_POLICY_STR) +{} + + diff --git a/netwerk/build/nsNetModule.cpp b/netwerk/build/nsNetModule.cpp index 070762956e7a..51e20fb53d4b 100644 --- a/netwerk/build/nsNetModule.cpp +++ b/netwerk/build/nsNetModule.cpp @@ -31,6 +31,7 @@ #include "nsApplicationCache.h" #include "nsApplicationCacheService.h" #include "nsMimeTypes.h" +#include "nsNetStrings.h" #include "nsDNSPrefetch.h" #include "nsAboutProtocolHandler.h" #include "nsXULAppAPI.h" @@ -629,9 +630,11 @@ CreateNewBinaryDetectorFactory(nsISupports *aOuter, REFNSIID aIID, void **aResul // Net module startup hook static nsresult nsNetStartup() { - return NS_OK; + gNetStrings = new nsNetStrings(); + return gNetStrings ? NS_OK : NS_ERROR_OUT_OF_MEMORY; } + // Net module shutdown hook static void nsNetShutdown() { @@ -644,6 +647,10 @@ static void nsNetShutdown() net_ShutdownURLHelperOSX(); #endif + // Release necko strings + delete gNetStrings; + gNetStrings = nullptr; + // Release DNS service reference. nsDNSPrefetch::Shutdown(); diff --git a/netwerk/protocol/ftp/FTPChannelParent.cpp b/netwerk/protocol/ftp/FTPChannelParent.cpp index 1b140c2dcde1..3d94e6c16885 100644 --- a/netwerk/protocol/ftp/FTPChannelParent.cpp +++ b/netwerk/protocol/ftp/FTPChannelParent.cpp @@ -132,6 +132,7 @@ FTPChannelParent::DoAsyncOpen(const URIParams& aURI, requestingPrincipal, aSecurityFlags, aContentPolicyType, + nullptr, // aChannelPolicy nullptr, // aLoadGroup nullptr, // aCallbacks nsIRequest::LOAD_NORMAL, diff --git a/netwerk/protocol/http/HttpChannelParent.cpp b/netwerk/protocol/http/HttpChannelParent.cpp index 3a13ba0442b2..6b3bee11619f 100644 --- a/netwerk/protocol/http/HttpChannelParent.cpp +++ b/netwerk/protocol/http/HttpChannelParent.cpp @@ -219,6 +219,7 @@ HttpChannelParent::DoAsyncOpen( const URIParams& aURI, requestingPrincipal, aSecurityFlags, aContentPolicyType, + nullptr, // aChannelPolicy nullptr, // loadGroup nullptr, // aCallbacks loadFlags, diff --git a/netwerk/protocol/wyciwyg/WyciwygChannelParent.cpp b/netwerk/protocol/wyciwyg/WyciwygChannelParent.cpp index 474a0e5955a5..41194d233707 100644 --- a/netwerk/protocol/wyciwyg/WyciwygChannelParent.cpp +++ b/netwerk/protocol/wyciwyg/WyciwygChannelParent.cpp @@ -92,6 +92,7 @@ WyciwygChannelParent::RecvInit(const URIParams& aURI, requestingPrincipal, aSecurityFlags, aContentPolicyType, + nullptr, // aChannelPolicy nullptr, // loadGroup nullptr, // aCallbacks nsIRequest::LOAD_NORMAL, diff --git a/netwerk/test/TestPageLoad.cpp b/netwerk/test/TestPageLoad.cpp index fe5002a20193..6402b0e6cb66 100644 --- a/netwerk/test/TestPageLoad.cpp +++ b/netwerk/test/TestPageLoad.cpp @@ -312,6 +312,7 @@ nsresult auxLoad(char *uriBuf) systemPrincipal, nsILoadInfo::SEC_NORMAL, nsIContentPolicy::TYPE_OTHER, + nullptr, // aChannelPolicy nullptr, // loadGroup callbacks); @@ -370,6 +371,7 @@ int main(int argc, char **argv) systemPrincipal, nsILoadInfo::SEC_NORMAL, nsIContentPolicy::TYPE_OTHER, + nullptr, // aChannelPolicy nullptr, // loadGroup callbacks); diff --git a/netwerk/test/TestProtocols.cpp b/netwerk/test/TestProtocols.cpp index ec41b840e8fc..3e147adecd58 100644 --- a/netwerk/test/TestProtocols.cpp +++ b/netwerk/test/TestProtocols.cpp @@ -49,6 +49,7 @@ #include "nsIPropertyBag2.h" #include "nsIWritablePropertyBag2.h" #include "nsITimedChannel.h" +#include "nsChannelProperties.h" #include "mozilla/Attributes.h" #include "mozilla/unused.h" #include "nsIScriptSecurityManager.h" @@ -643,6 +644,7 @@ nsresult StartLoadingURL(const char* aUrlString) systemPrincipal, nsILoadInfo::SEC_NORMAL, nsIContentPolicy::TYPE_OTHER, + nullptr, // aChannelPolicy nullptr, // loadGroup callbacks, nsIRequest::LOAD_NORMAL, diff --git a/toolkit/components/downloads/nsDownloadManager.cpp b/toolkit/components/downloads/nsDownloadManager.cpp index 4c67e4969c99..b17ab187aef8 100644 --- a/toolkit/components/downloads/nsDownloadManager.cpp +++ b/toolkit/components/downloads/nsDownloadManager.cpp @@ -3534,6 +3534,7 @@ nsDownload::Resume() nsContentUtils::GetSystemPrincipal(), nsILoadInfo::SEC_NORMAL, nsIContentPolicy::TYPE_OTHER, + nullptr, // aChannelPolicy nullptr, // aLoadGroup ir); diff --git a/toolkit/components/url-classifier/nsUrlClassifierStreamUpdater.cpp b/toolkit/components/url-classifier/nsUrlClassifierStreamUpdater.cpp index 731070ed997f..77aaa0bbf560 100644 --- a/toolkit/components/url-classifier/nsUrlClassifierStreamUpdater.cpp +++ b/toolkit/components/url-classifier/nsUrlClassifierStreamUpdater.cpp @@ -99,6 +99,7 @@ nsUrlClassifierStreamUpdater::FetchUpdate(nsIURI *aUpdateUrl, nsContentUtils::GetSystemPrincipal(), nsILoadInfo::SEC_NORMAL, nsIContentPolicy::TYPE_OTHER, + nullptr, // aChannelPolicy nullptr, // aLoadGroup this, // aInterfaceRequestor loadFlags); diff --git a/uriloader/exthandler/nsExternalHelperAppService.cpp b/uriloader/exthandler/nsExternalHelperAppService.cpp index 9d3a133fc54d..85475533bc99 100644 --- a/uriloader/exthandler/nsExternalHelperAppService.cpp +++ b/uriloader/exthandler/nsExternalHelperAppService.cpp @@ -57,6 +57,7 @@ #include "nsNetUtil.h" #include "nsIIOService.h" #include "nsNetCID.h" +#include "nsChannelProperties.h" #include "nsMimeTypes.h" // used for header disposition information. diff --git a/uriloader/prefetch/nsOfflineCacheUpdate.cpp b/uriloader/prefetch/nsOfflineCacheUpdate.cpp index 769f188e6590..305296309206 100644 --- a/uriloader/prefetch/nsOfflineCacheUpdate.cpp +++ b/uriloader/prefetch/nsOfflineCacheUpdate.cpp @@ -185,6 +185,7 @@ nsManifestCheck::Begin() nsContentUtils::GetSystemPrincipal(), nsILoadInfo::SEC_NORMAL, nsIContentPolicy::TYPE_OTHER, + nullptr, // aChannelPolicy nullptr, // loadGroup nullptr, // aCallbacks nsIRequest::LOAD_BYPASS_CACHE); @@ -382,6 +383,7 @@ nsOfflineCacheUpdateItem::OpenChannel(nsOfflineCacheUpdate *aUpdate) nsContentUtils::GetSystemPrincipal(), nsILoadInfo::SEC_NORMAL, nsIContentPolicy::TYPE_OTHER, + nullptr, // aChannelPolicy nullptr, // aLoadGroup this, // aCallbacks flags); diff --git a/uriloader/prefetch/nsPrefetchService.cpp b/uriloader/prefetch/nsPrefetchService.cpp index 71d04d8dbcf1..ec5a601dd002 100644 --- a/uriloader/prefetch/nsPrefetchService.cpp +++ b/uriloader/prefetch/nsPrefetchService.cpp @@ -192,6 +192,7 @@ nsPrefetchNode::OpenChannel() nsContentUtils::GetSystemPrincipal(), nsILoadInfo::SEC_NORMAL, nsIContentPolicy::TYPE_OTHER, + nullptr, // aChannelPolicy loadGroup, // aLoadGroup this, // aCallbacks nsIRequest::LOAD_BACKGROUND | diff --git a/widget/cocoa/OSXNotificationCenter.mm b/widget/cocoa/OSXNotificationCenter.mm index 943658e96f42..43e44db0d6fc 100644 --- a/widget/cocoa/OSXNotificationCenter.mm +++ b/widget/cocoa/OSXNotificationCenter.mm @@ -244,7 +244,7 @@ OSXNotificationCenter::ShowAlertNotification(const nsAString & aImageUrl, const if (imageUri) { nsresult rv = il->LoadImage(imageUri, nullptr, nullptr, aPrincipal, nullptr, this, nullptr, nsIRequest::LOAD_NORMAL, nullptr, - EmptyString(), + nullptr, EmptyString(), getter_AddRefs(osxni->mIconRequest)); if (NS_SUCCEEDED(rv)) { // Set a timer for six seconds. If we don't have an icon by the time this diff --git a/widget/cocoa/nsMenuItemIconX.mm b/widget/cocoa/nsMenuItemIconX.mm index 1150d9fc7986..9ad01949f060 100644 --- a/widget/cocoa/nsMenuItemIconX.mm +++ b/widget/cocoa/nsMenuItemIconX.mm @@ -305,9 +305,11 @@ nsMenuItemIconX::LoadIcon(nsIURI* aIconURI) [mNativeMenuItem setImage:sPlaceholderIconImage]; } + // Passing in null for channelPolicy here since nsMenuItemIconX::LoadIcon is + // not exposed to web content nsresult rv = loader->LoadImage(aIconURI, nullptr, nullptr, nullptr, loadGroup, this, - nullptr, nsIRequest::LOAD_NORMAL, nullptr, - EmptyString(), getter_AddRefs(mIconRequest)); + nullptr, nsIRequest::LOAD_NORMAL, nullptr, + nullptr, EmptyString(), getter_AddRefs(mIconRequest)); if (NS_FAILED(rv)) return rv; // We need to request the icon be decoded (bug 573583, bug 705516). diff --git a/widget/windows/nsDataObj.cpp b/widget/windows/nsDataObj.cpp index 67196ca6e1e5..adb04267ac68 100644 --- a/widget/windows/nsDataObj.cpp +++ b/widget/windows/nsDataObj.cpp @@ -74,6 +74,7 @@ nsresult nsDataObj::CStream::Init(nsIURI *pSourceURI, aRequestingNode, nsILoadInfo::SEC_NORMAL, nsIContentPolicy::TYPE_OTHER, + nullptr, // aChannelPolicy nullptr, // loadGroup nullptr, // aCallbacks nsIRequest::LOAD_FROM_CACHE); diff --git a/xpfe/components/directory/nsDirectoryViewer.cpp b/xpfe/components/directory/nsDirectoryViewer.cpp index b54fde367d8c..8cf610b8ba9c 100644 --- a/xpfe/components/directory/nsDirectoryViewer.cpp +++ b/xpfe/components/directory/nsDirectoryViewer.cpp @@ -1305,6 +1305,7 @@ nsDirectoryViewerFactory::CreateInstance(const char *aCommand, nsContentUtils::GetSystemPrincipal(), nsILoadInfo::SEC_NORMAL, nsIContentPolicy::TYPE_OTHER, + nullptr, // aChannelPolicy aLoadGroup); if (NS_FAILED(rv)) return rv;