зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1337543 P3 Factor out code to set WorkerPrivate CSP from headers. r=baku
This commit is contained in:
Родитель
f86436457f
Коммит
6e8c6089aa
|
@ -1134,49 +1134,10 @@ private:
|
|||
// We did inherit CSP in bug 1223647. If we do not already have a CSP, we
|
||||
// should get it from the HTTP headers on the worker script.
|
||||
if (!mWorkerPrivate->GetCSP() && CSPService::sCSPEnabled) {
|
||||
NS_ConvertASCIItoUTF16 cspHeaderValue(tCspHeaderValue);
|
||||
NS_ConvertASCIItoUTF16 cspROHeaderValue(tCspROHeaderValue);
|
||||
|
||||
nsIPrincipal* principal = mWorkerPrivate->GetPrincipal();
|
||||
MOZ_ASSERT(principal, "Should not be null");
|
||||
|
||||
nsCOMPtr<nsIContentSecurityPolicy> csp;
|
||||
rv = principal->EnsureCSP(nullptr, getter_AddRefs(csp));
|
||||
|
||||
if (csp) {
|
||||
// If there's a CSP header, apply it.
|
||||
if (!cspHeaderValue.IsEmpty()) {
|
||||
rv = CSP_AppendCSPFromHeader(csp, cspHeaderValue, false);
|
||||
rv = mWorkerPrivate->SetCSPFromHeaderValues(tCspHeaderValue,
|
||||
tCspROHeaderValue);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
}
|
||||
// If there's a report-only CSP header, apply it.
|
||||
if (!cspROHeaderValue.IsEmpty()) {
|
||||
rv = CSP_AppendCSPFromHeader(csp, cspROHeaderValue, true);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
}
|
||||
|
||||
// Set evalAllowed, default value is set in GetAllowsEval
|
||||
bool evalAllowed = false;
|
||||
bool reportEvalViolations = false;
|
||||
rv = csp->GetAllowsEval(&reportEvalViolations, &evalAllowed);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
mWorkerPrivate->SetCSP(csp);
|
||||
mWorkerPrivate->SetEvalAllowed(evalAllowed);
|
||||
mWorkerPrivate->SetReportCSPViolations(reportEvalViolations);
|
||||
|
||||
// Set ReferrerPolicy, default value is set in GetReferrerPolicy
|
||||
bool hasReferrerPolicy = false;
|
||||
uint32_t rp = mozilla::net::RP_Unset;
|
||||
rv = csp->GetReferrerPolicy(&rp, &hasReferrerPolicy);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
|
||||
if (hasReferrerPolicy) { //FIXME bug 1307366: move RP out of CSP code
|
||||
mWorkerPrivate->SetReferrerPolicy(static_cast<net::ReferrerPolicy>(rp));
|
||||
}
|
||||
}
|
||||
}
|
||||
WorkerPrivate* parent = mWorkerPrivate->GetParent();
|
||||
if (parent) {
|
||||
// XHR Params Allowed
|
||||
|
|
|
@ -58,6 +58,7 @@
|
|||
#include "mozilla/dom/MessageEventBinding.h"
|
||||
#include "mozilla/dom/MessagePort.h"
|
||||
#include "mozilla/dom/MessagePortBinding.h"
|
||||
#include "mozilla/dom/nsCSPUtils.h"
|
||||
#include "mozilla/dom/Performance.h"
|
||||
#include "mozilla/dom/PMessagePort.h"
|
||||
#include "mozilla/dom/Promise.h"
|
||||
|
@ -2596,6 +2597,57 @@ WorkerPrivateParent<Derived>::GetDocument() const
|
|||
return nullptr;
|
||||
}
|
||||
|
||||
template <class Derived>
|
||||
nsresult
|
||||
WorkerPrivateParent<Derived>::SetCSPFromHeaderValues(const nsACString& aCSPHeaderValue,
|
||||
const nsACString& aCSPReportOnlyHeaderValue)
|
||||
{
|
||||
AssertIsOnMainThread();
|
||||
MOZ_DIAGNOSTIC_ASSERT(!mLoadInfo.mCSP);
|
||||
|
||||
NS_ConvertASCIItoUTF16 cspHeaderValue(aCSPHeaderValue);
|
||||
NS_ConvertASCIItoUTF16 cspROHeaderValue(aCSPReportOnlyHeaderValue);
|
||||
|
||||
nsCOMPtr<nsIContentSecurityPolicy> csp;
|
||||
nsresult rv = mLoadInfo.mPrincipal->EnsureCSP(nullptr, getter_AddRefs(csp));
|
||||
if (!csp) {
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
// If there's a CSP header, apply it.
|
||||
if (!cspHeaderValue.IsEmpty()) {
|
||||
rv = CSP_AppendCSPFromHeader(csp, cspHeaderValue, false);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
}
|
||||
// If there's a report-only CSP header, apply it.
|
||||
if (!cspROHeaderValue.IsEmpty()) {
|
||||
rv = CSP_AppendCSPFromHeader(csp, cspROHeaderValue, true);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
}
|
||||
|
||||
// Set evalAllowed, default value is set in GetAllowsEval
|
||||
bool evalAllowed = false;
|
||||
bool reportEvalViolations = false;
|
||||
rv = csp->GetAllowsEval(&reportEvalViolations, &evalAllowed);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
// Set ReferrerPolicy, default value is set in GetReferrerPolicy
|
||||
bool hasReferrerPolicy = false;
|
||||
uint32_t rp = mozilla::net::RP_Unset;
|
||||
rv = csp->GetReferrerPolicy(&rp, &hasReferrerPolicy);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
mLoadInfo.mCSP = csp;
|
||||
mLoadInfo.mEvalAllowed = evalAllowed;
|
||||
mLoadInfo.mReportCSPViolations = reportEvalViolations;
|
||||
|
||||
if (hasReferrerPolicy) {
|
||||
mLoadInfo.mReferrerPolicy = static_cast<net::ReferrerPolicy>(rp);
|
||||
}
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
|
||||
// Can't use NS_IMPL_CYCLE_COLLECTION_CLASS(WorkerPrivateParent) because of the
|
||||
// templates.
|
||||
|
|
|
@ -665,6 +665,10 @@ public:
|
|||
mLoadInfo.mCSP = aCSP;
|
||||
}
|
||||
|
||||
nsresult
|
||||
SetCSPFromHeaderValues(const nsACString& aCSPHeaderValue,
|
||||
const nsACString& aCSPReportOnlyHeaderValue);
|
||||
|
||||
net::ReferrerPolicy
|
||||
GetReferrerPolicy() const
|
||||
{
|
||||
|
|
Загрузка…
Ссылка в новой задаче