зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1730494 - Add error codes for COOP and COEP errors r=necko-reviewers,dragana
Differential Revision: https://phabricator.services.mozilla.com/D125671
This commit is contained in:
Родитель
13ab902ec7
Коммит
72c414923b
|
@ -3661,6 +3661,8 @@ nsDocShell::DisplayLoadError(nsresult aError, nsIURI* aURI,
|
|||
addHostPort = true;
|
||||
break;
|
||||
case NS_ERROR_BLOCKED_BY_POLICY:
|
||||
case NS_ERROR_DOM_COOP_FAILED:
|
||||
case NS_ERROR_DOM_COEP_FAILED:
|
||||
// Page blocked by policy
|
||||
error = "blockedByPolicy";
|
||||
break;
|
||||
|
@ -6149,7 +6151,9 @@ nsresult nsDocShell::FilterStatusForErrorPage(
|
|||
aStatus == NS_ERROR_PROXY_AUTHENTICATION_FAILED ||
|
||||
aStatus == NS_ERROR_PROXY_TOO_MANY_REQUESTS ||
|
||||
aStatus == NS_ERROR_MALFORMED_URI ||
|
||||
aStatus == NS_ERROR_BLOCKED_BY_POLICY) &&
|
||||
aStatus == NS_ERROR_BLOCKED_BY_POLICY ||
|
||||
aStatus == NS_ERROR_DOM_COOP_FAILED ||
|
||||
aStatus == NS_ERROR_DOM_COEP_FAILED) &&
|
||||
(aIsTopFrame || aUseErrorPages)) {
|
||||
return aStatus;
|
||||
}
|
||||
|
|
|
@ -2212,7 +2212,7 @@ nsresult HttpBaseChannel::ProcessCrossOriginEmbedderPolicyHeader() {
|
|||
mLoadInfo->GetLoadingEmbedderPolicy() !=
|
||||
nsILoadInfo::EMBEDDER_POLICY_NULL &&
|
||||
resultPolicy != nsILoadInfo::EMBEDDER_POLICY_REQUIRE_CORP) {
|
||||
return NS_ERROR_BLOCKED_BY_POLICY;
|
||||
return NS_ERROR_DOM_COEP_FAILED;
|
||||
}
|
||||
|
||||
return NS_OK;
|
||||
|
@ -2440,7 +2440,7 @@ nsresult HttpBaseChannel::ComputeCrossOriginOpenerPolicyMismatch() {
|
|||
LOG((
|
||||
"HttpBaseChannel::ComputeCrossOriginOpenerPolicyMismatch network error "
|
||||
"for non empty sandboxing and non null COOP"));
|
||||
return NS_ERROR_BLOCKED_BY_POLICY;
|
||||
return NS_ERROR_DOM_COOP_FAILED;
|
||||
}
|
||||
|
||||
// In xpcshell-tests we don't always have a current window global
|
||||
|
@ -2503,6 +2503,18 @@ nsresult HttpBaseChannel::ComputeCrossOriginOpenerPolicyMismatch() {
|
|||
return NS_OK;
|
||||
}
|
||||
|
||||
nsresult HttpBaseChannel::ProcessCrossOriginSecurityHeaders() {
|
||||
nsresult rv = ProcessCrossOriginEmbedderPolicyHeader();
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
rv = ProcessCrossOriginResourcePolicyHeader();
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
return ComputeCrossOriginOpenerPolicyMismatch();
|
||||
}
|
||||
|
||||
enum class Report { Error, Warning };
|
||||
|
||||
// Helper Function to report messages to the console when the loaded
|
||||
|
|
|
@ -609,6 +609,8 @@ class HttpBaseChannel : public nsHashPropertyBag,
|
|||
|
||||
nsresult ComputeCrossOriginOpenerPolicyMismatch();
|
||||
|
||||
nsresult ProcessCrossOriginSecurityHeaders();
|
||||
|
||||
nsresult ValidateMIMEType();
|
||||
|
||||
bool EnsureOpaqueResponseIsAllowed();
|
||||
|
|
|
@ -2525,27 +2525,9 @@ nsresult nsHttpChannel::ContinueProcessNormal(nsresult rv) {
|
|||
return rv;
|
||||
}
|
||||
|
||||
rv = ProcessCrossOriginEmbedderPolicyHeader();
|
||||
rv = ProcessCrossOriginSecurityHeaders();
|
||||
if (NS_FAILED(rv)) {
|
||||
mStatus = NS_ERROR_BLOCKED_BY_POLICY;
|
||||
HandleAsyncAbort();
|
||||
return rv;
|
||||
}
|
||||
|
||||
rv = ProcessCrossOriginResourcePolicyHeader();
|
||||
if (NS_FAILED(rv)) {
|
||||
mStatus = NS_ERROR_DOM_CORP_FAILED;
|
||||
HandleAsyncAbort();
|
||||
return rv;
|
||||
}
|
||||
|
||||
// before we check for redirects, check if the load should be shifted into a
|
||||
// new process.
|
||||
rv = ComputeCrossOriginOpenerPolicyMismatch();
|
||||
|
||||
if (rv == NS_ERROR_BLOCKED_BY_POLICY) {
|
||||
// this navigates the doc's browsing context to a network error.
|
||||
mStatus = NS_ERROR_BLOCKED_BY_POLICY;
|
||||
mStatus = rv;
|
||||
HandleAsyncAbort();
|
||||
return rv;
|
||||
}
|
||||
|
@ -5057,27 +5039,9 @@ nsresult nsHttpChannel::AsyncProcessRedirection(uint32_t redirectType) {
|
|||
LOG(("nsHttpChannel::AsyncProcessRedirection [this=%p type=%u]\n", this,
|
||||
redirectType));
|
||||
|
||||
nsresult rv = ProcessCrossOriginEmbedderPolicyHeader();
|
||||
nsresult rv = ProcessCrossOriginSecurityHeaders();
|
||||
if (NS_FAILED(rv)) {
|
||||
mStatus = NS_ERROR_BLOCKED_BY_POLICY;
|
||||
HandleAsyncAbort();
|
||||
return rv;
|
||||
}
|
||||
|
||||
rv = ProcessCrossOriginResourcePolicyHeader();
|
||||
if (NS_FAILED(rv)) {
|
||||
mStatus = NS_ERROR_DOM_CORP_FAILED;
|
||||
HandleAsyncAbort();
|
||||
return rv;
|
||||
}
|
||||
|
||||
// before we check for redirects, check if the load should be shifted into a
|
||||
// new process.
|
||||
rv = ComputeCrossOriginOpenerPolicyMismatch();
|
||||
|
||||
if (rv == NS_ERROR_BLOCKED_BY_POLICY) {
|
||||
// this navigates the doc's browsing context to a network error.
|
||||
mStatus = NS_ERROR_BLOCKED_BY_POLICY;
|
||||
mStatus = rv;
|
||||
HandleAsyncAbort();
|
||||
return rv;
|
||||
}
|
||||
|
@ -6897,29 +6861,11 @@ nsHttpChannel::OnStartRequest(nsIRequest* request) {
|
|||
return NS_OK;
|
||||
}
|
||||
|
||||
rv = ProcessCrossOriginEmbedderPolicyHeader();
|
||||
rv = ProcessCrossOriginSecurityHeaders();
|
||||
if (NS_FAILED(rv)) {
|
||||
mStatus = NS_ERROR_BLOCKED_BY_POLICY;
|
||||
mStatus = rv;
|
||||
HandleAsyncAbort();
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
rv = ProcessCrossOriginResourcePolicyHeader();
|
||||
if (NS_FAILED(rv)) {
|
||||
mStatus = NS_ERROR_DOM_CORP_FAILED;
|
||||
HandleAsyncAbort();
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
// before we check for redirects, check if the load should be shifted into a
|
||||
// new process.
|
||||
rv = ComputeCrossOriginOpenerPolicyMismatch();
|
||||
|
||||
if (rv == NS_ERROR_BLOCKED_BY_POLICY) {
|
||||
// this navigates the doc's browsing context to a network error.
|
||||
mStatus = NS_ERROR_BLOCKED_BY_POLICY;
|
||||
HandleAsyncAbort();
|
||||
return NS_OK;
|
||||
return rv;
|
||||
}
|
||||
|
||||
// No process change is needed, so continue on to ContinueOnStartRequest1.
|
||||
|
|
|
@ -741,6 +741,16 @@ with modules["DOM"]:
|
|||
# WebExtension content script may not load this URL.
|
||||
errors["NS_ERROR_DOM_WEBEXT_CONTENT_SCRIPT_URI"] = FAILURE(1039)
|
||||
|
||||
# Used to indicate that a resource load was blocked because of the
|
||||
# Cross-Origin-Embedder-Policy response header.
|
||||
# https://html.spec.whatwg.org/multipage/origin.html#coep
|
||||
errors["NS_ERROR_DOM_COEP_FAILED"] = FAILURE(1040)
|
||||
|
||||
# Used to indicate that a resource load was blocked because of the
|
||||
# Cross-Origin-Opener-Policy response header.
|
||||
# https://html.spec.whatwg.org/multipage/origin.html#cross-origin-opener-policies
|
||||
errors["NS_ERROR_DOM_COOP_FAILED"] = FAILURE(1041)
|
||||
|
||||
# May be used to indicate when e.g. setting a property value didn't
|
||||
# actually change the value, like for obj.foo = "bar"; obj.foo = "bar";
|
||||
# the second assignment throws NS_SUCCESS_DOM_NO_OPERATION.
|
||||
|
|
Загрузка…
Ссылка в новой задаче