mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 1730494 - Add error codes for COOP and COEP errors r=necko-reviewers,dragana 

Differential Revision: https://phabricator.services.mozilla.com/D125671
This commit is contained in:
Valentin Gosu 2021-09-16 08:31:04 +00:00
Родитель 13ab902ec7
Коммит 72c414923b
5 изменённых файлов: 38 добавлений и 64 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

6
docshell/base/nsDocShell.cpp
Просмотреть файл

@ -3661,6 +3661,8 @@ nsDocShell::DisplayLoadError(nsresult aError, nsIURI* aURI,
addHostPort = true;
break;
case NS_ERROR_BLOCKED_BY_POLICY:
case NS_ERROR_DOM_COOP_FAILED:
case NS_ERROR_DOM_COEP_FAILED:
// Page blocked by policy
error = "blockedByPolicy";
break;
@ -6149,7 +6151,9 @@ nsresult nsDocShell::FilterStatusForErrorPage(
aStatus == NS_ERROR_PROXY_AUTHENTICATION_FAILED ||
aStatus == NS_ERROR_PROXY_TOO_MANY_REQUESTS ||
aStatus == NS_ERROR_MALFORMED_URI ||
aStatus == NS_ERROR_BLOCKED_BY_POLICY) &&
aStatus == NS_ERROR_BLOCKED_BY_POLICY ||
aStatus == NS_ERROR_DOM_COOP_FAILED ||
aStatus == NS_ERROR_DOM_COEP_FAILED) &&
(aIsTopFrame || aUseErrorPages)) {
return aStatus;
}

16
netwerk/protocol/http/HttpBaseChannel.cpp
Просмотреть файл

@ -2212,7 +2212,7 @@ nsresult HttpBaseChannel::ProcessCrossOriginEmbedderPolicyHeader() {
mLoadInfo->GetLoadingEmbedderPolicy() !=
nsILoadInfo::EMBEDDER_POLICY_NULL &&
resultPolicy != nsILoadInfo::EMBEDDER_POLICY_REQUIRE_CORP) {
return NS_ERROR_BLOCKED_BY_POLICY;
return NS_ERROR_DOM_COEP_FAILED;
}
return NS_OK;
@ -2440,7 +2440,7 @@ nsresult HttpBaseChannel::ComputeCrossOriginOpenerPolicyMismatch() {
LOG((
"HttpBaseChannel::ComputeCrossOriginOpenerPolicyMismatch network error "
"for non empty sandboxing and non null COOP"));
return NS_ERROR_BLOCKED_BY_POLICY;
return NS_ERROR_DOM_COOP_FAILED;
}
// In xpcshell-tests we don't always have a current window global
@ -2503,6 +2503,18 @@ nsresult HttpBaseChannel::ComputeCrossOriginOpenerPolicyMismatch() {
return NS_OK;
}
nsresult HttpBaseChannel::ProcessCrossOriginSecurityHeaders() {
nsresult rv = ProcessCrossOriginEmbedderPolicyHeader();
if (NS_FAILED(rv)) {
return rv;
}
rv = ProcessCrossOriginResourcePolicyHeader();
if (NS_FAILED(rv)) {
return rv;
}
return ComputeCrossOriginOpenerPolicyMismatch();
}
enum class Report { Error, Warning };
// Helper Function to report messages to the console when the loaded

2
netwerk/protocol/http/HttpBaseChannel.h
Просмотреть файл

@ -609,6 +609,8 @@ class HttpBaseChannel : public nsHashPropertyBag,
nsresult ComputeCrossOriginOpenerPolicyMismatch();
nsresult ProcessCrossOriginSecurityHeaders();
nsresult ValidateMIMEType();
bool EnsureOpaqueResponseIsAllowed();

68
netwerk/protocol/http/nsHttpChannel.cpp
Просмотреть файл

@ -2525,27 +2525,9 @@ nsresult nsHttpChannel::ContinueProcessNormal(nsresult rv) {
return rv;
}
rv = ProcessCrossOriginEmbedderPolicyHeader();
rv = ProcessCrossOriginSecurityHeaders();
if (NS_FAILED(rv)) {
mStatus = NS_ERROR_BLOCKED_BY_POLICY;
HandleAsyncAbort();
return rv;
}
rv = ProcessCrossOriginResourcePolicyHeader();
if (NS_FAILED(rv)) {
mStatus = NS_ERROR_DOM_CORP_FAILED;
HandleAsyncAbort();
return rv;
}
// before we check for redirects, check if the load should be shifted into a
// new process.
rv = ComputeCrossOriginOpenerPolicyMismatch();
if (rv == NS_ERROR_BLOCKED_BY_POLICY) {
// this navigates the doc's browsing context to a network error.
mStatus = NS_ERROR_BLOCKED_BY_POLICY;
mStatus = rv;
HandleAsyncAbort();
return rv;
}
@ -5057,27 +5039,9 @@ nsresult nsHttpChannel::AsyncProcessRedirection(uint32_t redirectType) {
LOG(("nsHttpChannel::AsyncProcessRedirection [this=%p type=%u]\n", this,
redirectType));
nsresult rv = ProcessCrossOriginEmbedderPolicyHeader();
nsresult rv = ProcessCrossOriginSecurityHeaders();
if (NS_FAILED(rv)) {
mStatus = NS_ERROR_BLOCKED_BY_POLICY;
HandleAsyncAbort();
return rv;
}
rv = ProcessCrossOriginResourcePolicyHeader();
if (NS_FAILED(rv)) {
mStatus = NS_ERROR_DOM_CORP_FAILED;
HandleAsyncAbort();
return rv;
}
// before we check for redirects, check if the load should be shifted into a
// new process.
rv = ComputeCrossOriginOpenerPolicyMismatch();
if (rv == NS_ERROR_BLOCKED_BY_POLICY) {
// this navigates the doc's browsing context to a network error.
mStatus = NS_ERROR_BLOCKED_BY_POLICY;
mStatus = rv;
HandleAsyncAbort();
return rv;
}
@ -6897,29 +6861,11 @@ nsHttpChannel::OnStartRequest(nsIRequest* request) {
return NS_OK;
}
rv = ProcessCrossOriginEmbedderPolicyHeader();
rv = ProcessCrossOriginSecurityHeaders();
if (NS_FAILED(rv)) {
mStatus = NS_ERROR_BLOCKED_BY_POLICY;
mStatus = rv;
HandleAsyncAbort();
return NS_OK;
}
rv = ProcessCrossOriginResourcePolicyHeader();
if (NS_FAILED(rv)) {
mStatus = NS_ERROR_DOM_CORP_FAILED;
HandleAsyncAbort();
return NS_OK;
}
// before we check for redirects, check if the load should be shifted into a
// new process.
rv = ComputeCrossOriginOpenerPolicyMismatch();
if (rv == NS_ERROR_BLOCKED_BY_POLICY) {
// this navigates the doc's browsing context to a network error.
mStatus = NS_ERROR_BLOCKED_BY_POLICY;
HandleAsyncAbort();
return NS_OK;
return rv;
}
// No process change is needed, so continue on to ContinueOnStartRequest1.

10
xpcom/base/ErrorList.py
Просмотреть файл

@ -741,6 +741,16 @@ with modules["DOM"]:
# WebExtension content script may not load this URL.
errors["NS_ERROR_DOM_WEBEXT_CONTENT_SCRIPT_URI"] = FAILURE(1039)
# Used to indicate that a resource load was blocked because of the
# Cross-Origin-Embedder-Policy response header.
# https://html.spec.whatwg.org/multipage/origin.html#coep
errors["NS_ERROR_DOM_COEP_FAILED"] = FAILURE(1040)
# Used to indicate that a resource load was blocked because of the
# Cross-Origin-Opener-Policy response header.
# https://html.spec.whatwg.org/multipage/origin.html#cross-origin-opener-policies
errors["NS_ERROR_DOM_COOP_FAILED"] = FAILURE(1041)
# May be used to indicate when e.g. setting a property value didn't
# actually change the value, like for obj.foo = "bar"; obj.foo = "bar";
# the second assignment throws NS_SUCCESS_DOM_NO_OPERATION.