Bug 1391277 - Investigative logging in CSP: log when 'upgrade-insecure-requests' CSP is added to the CSP context, r=bz

2018-01-11 10:57:00 +02:00 · 2018-01-11 10:57:00 +02:00 · c3f3b8d161
--- a/dom/html/HTMLMediaElement.cpp
+++ b/dom/html/HTMLMediaElement.cpp
@ -8086,3 +8086,6 @@ HTMLMediaElement::ReportCanPlayTelemetry()

 } // namespace dom
 } // namespace mozilla
+
+#undef LOG
+#undef LOG_EVENT
--- a/dom/html/HTMLMetaElement.cpp
+++ b/dom/html/HTMLMetaElement.cpp
@ -8,10 +8,15 @@
 #include "mozilla/dom/HTMLMetaElement.h"
 #include "mozilla/dom/HTMLMetaElementBinding.h"
 #include "mozilla/dom/nsCSPService.h"
+#include "mozilla/Logging.h"
 #include "nsContentUtils.h"
 #include "nsStyleConsts.h"
 #include "nsIContentSecurityPolicy.h"

+static mozilla::LazyLogModule gMetaElementLog("nsMetaElement");
+#define LOG(msg) MOZ_LOG(gMetaElementLog, mozilla::LogLevel::Debug, msg)
+#define LOG_ENABLED() MOZ_LOG_TEST(gMetaElementLog, mozilla::LogLevel::Debug)
+
 NS_IMPL_NS_NEW_HTML_ELEMENT(Meta)

 namespace mozilla {
@ -117,6 +122,17 @@ HTMLMetaElement::BindToTree(nsIDocument* aDocument, nsIContent* aParent,
      nsCOMPtr<nsIDOMDocument> domDoc = do_QueryInterface(aDocument);
      principal->EnsureCSP(domDoc, getter_AddRefs(csp));
      if (csp) {
+        if (LOG_ENABLED()) {
+          nsAutoCString documentURIspec;
+          nsIURI* documentURI = aDocument->GetDocumentURI();
+          if (documentURI) {
+            documentURI->GetAsciiSpec(documentURIspec);
+          }
+
+          LOG(("HTMLMetaElement %p sets CSP '%s' on document=%p, document-uri=%s",
+               this, NS_ConvertUTF16toUTF8(content).get(), aDocument, documentURIspec.get()));
+        }
+
        // Multiple CSPs (delivered through either header of meta tag) need to be
        // joined together, see:
        // https://w3c.github.io/webappsec/specs/content-security-policy/#delivery-html-meta-element
--- a/dom/security/nsCSPContext.cpp
+++ b/dom/security/nsCSPContext.cpp
@ -426,6 +426,16 @@ nsCSPContext::AppendPolicy(const nsAString& aPolicyString,
                                                                aReportOnly, this,
                                                                aDeliveredViaMetaTag);
  if (policy) {
+    if (policy->hasDirective(nsIContentSecurityPolicy::UPGRADE_IF_INSECURE_DIRECTIVE)) {
+      nsAutoCString selfURIspec, referrer;
+      if (mSelfURI) {
+        mSelfURI->GetAsciiSpec(selfURIspec);
+      }
+      referrer = NS_ConvertUTF16toUTF8(mReferrer);
+      CSPCONTEXTLOG(("nsCSPContext::AppendPolicy added UPGRADE_IF_INSECURE_DIRECTIVE self-uri=%s referrer=%s",
+                     selfURIspec.get(), referrer.get()));
+    }
+
    mPolicies.AppendElement(policy);
    // reset cache since effective policy changes
    mShouldLoadCache.Clear();