зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1617789 - Don't require loadInfo for navigate-to. r=nika
Differential Revision: https://phabricator.services.mozilla.com/D63995 --HG-- extra : moz-landing-system : lando
This commit is contained in:
Родитель
78a45f7c57
Коммит
7600457773
|
@ -9946,7 +9946,8 @@ nsresult nsDocShell::DoURILoad(nsDocShellLoadState* aLoadState,
|
|||
|
||||
// Check CSP navigate-to
|
||||
bool allowsNavigateTo = false;
|
||||
rv = csp->GetAllowsNavigateTo(aLoadState->URI(), loadInfo,
|
||||
rv = csp->GetAllowsNavigateTo(aLoadState->URI(),
|
||||
aLoadState->IsFormSubmission(),
|
||||
false, /* aWasRedirected */
|
||||
false, /* aEnforceWhitelist */
|
||||
&allowsNavigateTo);
|
||||
|
|
|
@ -3140,7 +3140,7 @@ nsresult Document::StartDocumentLoad(const char* aCommand, nsIChannel* aChannel,
|
|||
if (cspToInherit) {
|
||||
bool allowsNavigateTo = false;
|
||||
rv = cspToInherit->GetAllowsNavigateTo(
|
||||
mDocumentURI, loadInfo,
|
||||
mDocumentURI, loadInfo->GetIsFormSubmission(),
|
||||
!loadInfo->RedirectChain().IsEmpty(), /* aWasRedirected */
|
||||
true, /* aEnforceWhitelist */
|
||||
&allowsNavigateTo);
|
||||
|
|
|
@ -150,7 +150,7 @@ interface nsIContentSecurityPolicy : nsISerializable
|
|||
* Whether this policy allows a navigation subject to the navigate-to
|
||||
* policy.
|
||||
* @param aURI The target URI
|
||||
* @param aLoadInfo used to check if the navigation was initiated by a form submission. This
|
||||
* @param aIsFormSubmission True if the navigation was initiated by a form submission. This
|
||||
* is important since the form-action directive overrides navigate-to in that case.
|
||||
* @param aWasRedirect True if a redirect has happened. Important for path-sensitivity.
|
||||
* @param aEnforceWhitelist True if the whitelist of allowed targets must be enforced. If
|
||||
|
@ -160,7 +160,7 @@ interface nsIContentSecurityPolicy : nsISerializable
|
|||
* Whether or not the effects of the navigation is allowed
|
||||
*/
|
||||
boolean getAllowsNavigateTo(in nsIURI aURI,
|
||||
in nsILoadInfo aLoadInfo,
|
||||
in boolean aIsFormSubmission,
|
||||
in boolean aWasRedirected,
|
||||
in boolean aEnforceWhitelist);
|
||||
|
||||
|
|
|
@ -597,7 +597,7 @@ nsCSPContext::GetAllowsInline(nsContentPolicyType aContentType,
|
|||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCSPContext::GetAllowsNavigateTo(nsIURI* aURI, nsILoadInfo* aLoadInfo,
|
||||
nsCSPContext::GetAllowsNavigateTo(nsIURI* aURI, bool aIsFormSubmission,
|
||||
bool aWasRedirected, bool aEnforceWhitelist,
|
||||
bool* outAllowsNavigateTo) {
|
||||
/*
|
||||
|
@ -617,7 +617,7 @@ nsCSPContext::GetAllowsNavigateTo(nsIURI* aURI, nsILoadInfo* aLoadInfo,
|
|||
// So in case this is a form submission and the directive 'form-action' is
|
||||
// present then there is nothing for us to do here, see: 6.3.3.1.2
|
||||
// https://www.w3.org/TR/CSP3/#navigate-to-pre-navigate
|
||||
if (aLoadInfo->GetIsFormSubmission()) {
|
||||
if (aIsFormSubmission) {
|
||||
for (unsigned long i = 0; i < mPolicies.Length(); i++) {
|
||||
if (mPolicies[i]->hasDirective(
|
||||
nsIContentSecurityPolicy::FORM_ACTION_DIRECTIVE)) {
|
||||
|
|
|
@ -283,8 +283,8 @@ nsresult CSPService::ConsultCSPForRedirect(nsIURI* aOriginalURI,
|
|||
if (cspToInherit) {
|
||||
bool allowsNavigateTo = false;
|
||||
nsresult rv = cspToInherit->GetAllowsNavigateTo(
|
||||
aNewURI, aLoadInfo, true, /* aWasRedirected */
|
||||
false, /* aEnforceWhitelist */
|
||||
aNewURI, aLoadInfo->GetIsFormSubmission(), true, /* aWasRedirected */
|
||||
false, /* aEnforceWhitelist */
|
||||
&allowsNavigateTo);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
|
|
Загрузка…
Ссылка в новой задаче