Bug 1387684 - CSP: Special case 'self' for unique opaque origins. r=dveditz

2017-08-23 10:05:12 +02:00 · 2017-08-23 10:05:12 +02:00 · 79a239cba5
--- a/dom/security/nsCSPUtils.cpp
+++ b/dom/security/nsCSPUtils.cpp
@ -281,6 +281,15 @@ CSP_CreateHostSrcFromSelfURI(nsIURI* aSelfURI)
  aSelfURI->GetScheme(scheme);
  hostsrc->setScheme(NS_ConvertUTF8toUTF16(scheme));

+  // An empty host (e.g. for data:) indicates it's effectively a unique origin.
+  // Please note that we still need to set the scheme on hostsrc (see above),
+  // because it's used for reporting.
+  if (host.EqualsLiteral("")) {
+    hostsrc->setIsUniqueOrigin();
+    // no need to query the port in that case.
+    return hostsrc;
+  }
+
  int32_t port;
  aSelfURI->GetPort(&port);
  // Only add port if it's not default port.
@ -523,6 +532,7 @@ nsCSPSchemeSrc::toString(nsAString& outStr) const
 nsCSPHostSrc::nsCSPHostSrc(const nsAString& aHost)
  : mHost(aHost)
  , mGeneratedFromSelfKeyword(false)
+  , mIsUniqueOrigin(false)
  , mWithinFrameAncstorsDir(false)
 {
  ToLowerCase(mHost);
@ -624,7 +634,7 @@ nsCSPHostSrc::permits(nsIURI* aUri, const nsAString& aNonce, bool aWasRedirected
                 aUri->GetSpecOrDefault().get()));
  }

-  if (mInvalidated) {
+  if (mInvalidated || mIsUniqueOrigin) {
    return false;
  }

--- a/dom/security/nsCSPUtils.h
+++ b/dom/security/nsCSPUtils.h
@ -259,6 +259,9 @@ class nsCSPHostSrc : public nsCSPBaseSrc {
    inline void setGeneratedFromSelfKeyword() const
      { mGeneratedFromSelfKeyword = true; }

+    inline void setIsUniqueOrigin() const
+      { mIsUniqueOrigin = true; }
+
    inline void setWithinFrameAncestorsDir(bool aValue) const
      { mWithinFrameAncstorsDir = aValue; }

@ -280,6 +283,7 @@ class nsCSPHostSrc : public nsCSPBaseSrc {
    nsString mPort;
    nsString mPath;
    mutable bool mGeneratedFromSelfKeyword;
+    mutable bool mIsUniqueOrigin;
    mutable bool mWithinFrameAncstorsDir;
 };

--- a/testing/web-platform/meta/content-security-policy/frame-src/frame-src-self-unique-origin.html.ini
+++ b/testing/web-platform/meta/content-security-policy/frame-src/frame-src-self-unique-origin.html.ini
@ -1,5 +1,5 @@
 [frame-src-self-unique-origin.html]
  type: testharness
-  expected:
-    if not e10s: CRASH
-    if e10s: CRASH
+  expected: TIMEOUT
+  [Iframe's url must not match with 'self'. It must be blocked.]
+    expected: TIMEOUT
--- a/testing/web-platform/meta/content-security-policy/img-src/img-src-self-unique-origin.html.ini
+++ b/testing/web-platform/meta/content-security-policy/img-src/img-src-self-unique-origin.html.ini
@ -1,5 +1,5 @@
 [img-src-self-unique-origin.html]
  type: testharness
-  expected:
-    if not e10s: CRASH
-    if e10s: CRASH
+  expected: TIMEOUT
+  [Image's url must not match with 'self'. Image must be blocked.]
+    expected: TIMEOUT