зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1569122 - Use StaticPrefs for our MIME type script blocking prefs. r=ckerschb
Differential Revision: https://phabricator.services.mozilla.com/D39634 --HG-- extra : moz-landing-system : lando
This commit is contained in:
Родитель
c757d8208f
Коммит
bc9bb616f7
|
@ -5594,6 +5594,24 @@
|
|||
#endif
|
||||
mirror: always
|
||||
|
||||
# Block scripts with _some_ wrong MIME types such as image/, video/ or text/csv
|
||||
- name: security.block_script_with_wrong_mime
|
||||
type: bool
|
||||
value: true
|
||||
mirror: always
|
||||
|
||||
# Block scripts with wrong MIME type when loading via importScripts().
|
||||
- name: security.block_importScripts_with_wrong_mime
|
||||
type: bool
|
||||
value: true
|
||||
mirror: always
|
||||
|
||||
# Block Worker/SharedWorker scripts with wrong MIME type.
|
||||
- name: security.block_Worker_with_wrong_mime
|
||||
type: bool
|
||||
value: true
|
||||
mirror: always
|
||||
|
||||
#---------------------------------------------------------------------------
|
||||
# Prefs starting with "slider."
|
||||
#---------------------------------------------------------------------------
|
||||
|
|
|
@ -2473,15 +2473,6 @@ pref("security.mixed_content.block_object_subrequest", false);
|
|||
// Sub-resource integrity
|
||||
pref("security.sri.enable", true);
|
||||
|
||||
// Block scripts with wrong MIME type such as image/ or video/.
|
||||
pref("security.block_script_with_wrong_mime", true);
|
||||
|
||||
// Block scripts with wrong MIME type when loading via importScripts() in workers.
|
||||
pref("security.block_importScripts_with_wrong_mime", true);
|
||||
|
||||
// Block Worker scripts with wrong MIME type.
|
||||
pref("security.block_Worker_with_wrong_mime", true);
|
||||
|
||||
// OCSP must-staple
|
||||
pref("security.ssl.enable_ocsp_must_staple", true);
|
||||
|
||||
|
|
|
@ -64,6 +64,7 @@
|
|||
#include "mozilla/StaticPrefs_browser.h"
|
||||
#include "mozilla/StaticPrefs_network.h"
|
||||
#include "mozilla/StaticPrefs_privacy.h"
|
||||
#include "mozilla/StaticPrefs_security.h"
|
||||
#include "nsISSLSocketControl.h"
|
||||
#include "sslt.h"
|
||||
#include "nsContentUtils.h"
|
||||
|
@ -1572,19 +1573,8 @@ nsresult EnsureMIMEOfScript(nsHttpChannel* aChannel, nsIURI* aURI,
|
|||
}
|
||||
|
||||
if (block) {
|
||||
// Instead of consulting Preferences::GetBool() all the time we
|
||||
// can cache the result to speed things up.
|
||||
static bool sCachedBlockScriptWithWrongMime = false;
|
||||
static bool sIsInited = false;
|
||||
if (!sIsInited) {
|
||||
sIsInited = true;
|
||||
Preferences::AddBoolVarCache(&sCachedBlockScriptWithWrongMime,
|
||||
"security.block_script_with_wrong_mime",
|
||||
true);
|
||||
}
|
||||
|
||||
// Do not block the load if the feature is not enabled.
|
||||
if (!sCachedBlockScriptWithWrongMime) {
|
||||
if (!StaticPrefs::security_block_script_with_wrong_mime()) {
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
|
@ -1637,19 +1627,8 @@ nsresult EnsureMIMEOfScript(nsHttpChannel* aChannel, nsIURI* aURI,
|
|||
// We restrict importScripts() in worker code to JavaScript MIME types.
|
||||
nsContentPolicyType internalType = aLoadInfo->InternalContentPolicyType();
|
||||
if (internalType == nsIContentPolicy::TYPE_INTERNAL_WORKER_IMPORT_SCRIPTS) {
|
||||
// Instead of consulting Preferences::GetBool() all the time we
|
||||
// can cache the result to speed things up.
|
||||
static bool sCachedBlockImportScriptsWithWrongMime = false;
|
||||
static bool sIsInited = false;
|
||||
if (!sIsInited) {
|
||||
sIsInited = true;
|
||||
Preferences::AddBoolVarCache(
|
||||
&sCachedBlockImportScriptsWithWrongMime,
|
||||
"security.block_importScripts_with_wrong_mime", true);
|
||||
}
|
||||
|
||||
// Do not block the load if the feature is not enabled.
|
||||
if (!sCachedBlockImportScriptsWithWrongMime) {
|
||||
if (!StaticPrefs::security_block_importScripts_with_wrong_mime()) {
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
|
@ -1660,19 +1639,8 @@ nsresult EnsureMIMEOfScript(nsHttpChannel* aChannel, nsIURI* aURI,
|
|||
|
||||
if (internalType == nsIContentPolicy::TYPE_INTERNAL_WORKER ||
|
||||
internalType == nsIContentPolicy::TYPE_INTERNAL_SHARED_WORKER) {
|
||||
// Instead of consulting Preferences::GetBool() all the time we
|
||||
// can cache the result to speed things up.
|
||||
static bool sCachedBlockWorkerWithWrongMime = false;
|
||||
static bool sIsInited = false;
|
||||
if (!sIsInited) {
|
||||
sIsInited = true;
|
||||
Preferences::AddBoolVarCache(&sCachedBlockWorkerWithWrongMime,
|
||||
"security.block_Worker_with_wrong_mime",
|
||||
true);
|
||||
}
|
||||
|
||||
// Do not block the load if the feature is not enabled.
|
||||
if (!sCachedBlockWorkerWithWrongMime) {
|
||||
if (!StaticPrefs::security_block_Worker_with_wrong_mime()) {
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
|
|
Загрузка…
Ссылка в новой задаче