mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 1187335 - P6 - Support script/css to set integrity metadata to serviceWorker. r=bkelly. r=francois.

This commit is contained in:
Tom Tung 2016-09-07 10:30:21 +08:00
Родитель 8b51370a4d
Коммит db38e2111a
7 изменённых файлов: 98 добавлений и 9 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

6
dom/base/nsScriptLoader.cpp
Просмотреть файл

@ -29,6 +29,7 @@
#include "nsJSPrincipals.h" #include "nsJSPrincipals.h"
#include "nsContentPolicyUtils.h" #include "nsContentPolicyUtils.h"
#include "nsIHttpChannel.h" #include "nsIHttpChannel.h"
#include "nsIHttpChannelInternal.h"
#include "nsIClassOfService.h" #include "nsIClassOfService.h"
#include "nsITimedChannel.h" #include "nsITimedChannel.h"
#include "nsIScriptElement.h" #include "nsIScriptElement.h"
@ -1267,6 +1268,11 @@ nsScriptLoader::StartLoad(nsScriptLoadRequest *aRequest, const nsAString &aType,
false); false);
httpChannel->SetReferrerWithPolicy(mDocument->GetDocumentURI(), httpChannel->SetReferrerWithPolicy(mDocument->GetDocumentURI(),
aRequest->mReferrerPolicy); aRequest->mReferrerPolicy);
nsCOMPtr<nsIHttpChannelInternal> internalChannel(do_QueryInterface(httpChannel));
if (internalChannel) {
internalChannel->SetIntegrityMetadata(aRequest->mIntegrity.GetIntegrityString());
}
} }
nsCOMPtr<nsILoadContext> loadContext(do_QueryInterface(docshell)); nsCOMPtr<nsILoadContext> loadContext(do_QueryInterface(docshell));

2
dom/security/SRICheck.cpp
Просмотреть файл

@ -160,6 +160,8 @@ SRICheck::IntegrityMetadata(const nsAString& aMetadataList,
} }
} }
outMetadata->mIntegrityString = aMetadataList;
if (MOZ_LOG_TEST(SRILogHelper::GetSriLog(), mozilla::LogLevel::Debug)) { if (MOZ_LOG_TEST(SRILogHelper::GetSriLog(), mozilla::LogLevel::Debug)) {
if (outMetadata->IsValid()) { if (outMetadata->IsValid()) {
nsAutoCString alg; nsAutoCString alg;

9
dom/security/SRIMetadata.h
Просмотреть файл

@ -9,12 +9,15 @@
#include "nsTArray.h" #include "nsTArray.h"
#include "nsString.h" #include "nsString.h"
#include "SRICheck.h"
namespace mozilla { namespace mozilla {
namespace dom { namespace dom {
class SRIMetadata final class SRIMetadata final
{ {
friend class SRICheck;
public: public:
static const uint32_t MAX_ALTERNATE_HASHES = 256; static const uint32_t MAX_ALTERNATE_HASHES = 256;
static const int8_t UNKNOWN_ALGORITHM = -1; static const int8_t UNKNOWN_ALGORITHM = -1;
@ -61,8 +64,14 @@ public:
void GetAlgorithm(nsCString* outAlg) const { *outAlg = mAlgorithm; } void GetAlgorithm(nsCString* outAlg) const { *outAlg = mAlgorithm; }
void GetHashType(int8_t* outType, uint32_t* outLength) const; void GetHashType(int8_t* outType, uint32_t* outLength) const;
const nsString& GetIntegrityString() const
{
return mIntegrityString;
}
private: private:
nsTArray<nsCString> mHashes; nsTArray<nsCString> mHashes;
nsString mIntegrityString;
nsCString mAlgorithm; nsCString mAlgorithm;
int8_t mAlgorithmType; int8_t mAlgorithmType;
bool mEmpty; bool mEmpty;

6
layout/style/Loader.cpp
Просмотреть файл

@ -38,6 +38,7 @@
#include "nsIScriptSecurityManager.h" #include "nsIScriptSecurityManager.h"
#include "nsContentPolicyUtils.h" #include "nsContentPolicyUtils.h"
#include "nsIHttpChannel.h" #include "nsIHttpChannel.h"
#include "nsIHttpChannelInternal.h"
#include "nsIClassOfService.h" #include "nsIClassOfService.h"
#include "nsIScriptError.h" #include "nsIScriptError.h"
#include "nsMimeTypes.h" #include "nsMimeTypes.h"
@ -1686,6 +1687,11 @@ Loader::LoadSheet(SheetLoadData* aLoadData,
httpChannel->SetReferrerWithPolicy(referrerURI, httpChannel->SetReferrerWithPolicy(referrerURI,
aLoadData->mSheet->GetReferrerPolicy()); aLoadData->mSheet->GetReferrerPolicy());
nsCOMPtr<nsIHttpChannelInternal> internalChannel = do_QueryInterface(httpChannel);
if (internalChannel) {
internalChannel->SetIntegrityMetadata(sriMetadata.GetIntegrityString());
}
// Set the initiator type // Set the initiator type
nsCOMPtr<nsITimedChannel> timedChannel(do_QueryInterface(httpChannel)); nsCOMPtr<nsITimedChannel> timedChannel(do_QueryInterface(httpChannel));
if (timedChannel) { if (timedChannel) {

65
testing/web-platform/tests/service-workers/service-worker/fetch-request-resources.https.html
Просмотреть файл

@ -8,56 +8,84 @@
var url_count = 0; var url_count = 0;
var expected_results = {}; var expected_results = {};
function image_test(frame, url, cross_origin, expexted_mode, function image_test(frame, url, cross_origin, expected_mode,
expected_credentials) { expected_credentials) {
var actual_url = url + (++url_count); var actual_url = url + (++url_count);
expected_results[actual_url] = { expected_results[actual_url] = {
cross_origin: cross_origin, cross_origin: cross_origin,
mode: expexted_mode, mode: expected_mode,
credentials: expected_credentials, credentials: expected_credentials,
integrity: '',
message: 'Image load (url:' + message: 'Image load (url:' +
actual_url + ' cross_origin:' + cross_origin + ')' actual_url + ' cross_origin:' + cross_origin + ')'
}; };
return frame.contentWindow.load_image(actual_url, cross_origin); return frame.contentWindow.load_image(actual_url, cross_origin);
} }
function script_test(frame, url, cross_origin, expexted_mode, function script_test(frame, url, cross_origin, expected_mode,
expected_credentials) { expected_credentials) {
var actual_url = url + (++url_count); var actual_url = url + (++url_count);
expected_results[actual_url] = { expected_results[actual_url] = {
cross_origin: cross_origin, cross_origin: cross_origin,
mode: expexted_mode, mode: expected_mode,
credentials: expected_credentials, credentials: expected_credentials,
integrity: '',
message: 'Script load (url:' + message: 'Script load (url:' +
actual_url + ' cross_origin:' + cross_origin + ')' actual_url + ' cross_origin:' + cross_origin + ')'
}; };
return frame.contentWindow.load_script(actual_url, cross_origin); return frame.contentWindow.load_script(actual_url, cross_origin);
} }
function css_test(frame, url, cross_origin, expexted_mode, function css_test(frame, url, cross_origin, expected_mode,
expected_credentials) { expected_credentials) {
var actual_url = url + (++url_count); var actual_url = url + (++url_count);
expected_results[actual_url] = { expected_results[actual_url] = {
cross_origin: cross_origin, cross_origin: cross_origin,
mode: expexted_mode, mode: expected_mode,
credentials: expected_credentials, credentials: expected_credentials,
integrity: '',
message: 'CSS load (url:' + message: 'CSS load (url:' +
actual_url + ' cross_origin:' + cross_origin + ')' actual_url + ' cross_origin:' + cross_origin + ')'
}; };
return frame.contentWindow.load_css(actual_url, cross_origin); return frame.contentWindow.load_css(actual_url, cross_origin);
} }
function font_face_test(frame, url, expexted_mode, expected_credentials) { function font_face_test(frame, url, expected_mode, expected_credentials) {
var actual_url = url + (++url_count); var actual_url = url + (++url_count);
expected_results[actual_url] = { expected_results[actual_url] = {
url: actual_url, url: actual_url,
mode: expexted_mode, mode: expected_mode,
credentials: expected_credentials, credentials: expected_credentials,
integrity: '',
message: 'FontFace load (url:' + actual_url + ')' message: 'FontFace load (url:' + actual_url + ')'
}; };
return frame.contentWindow.load_font(actual_url); return frame.contentWindow.load_font(actual_url);
} }
function script_integrity_test(frame, url, integrity, expected_integrity) {
var actual_url = url + (++url_count);
expected_results[actual_url] = {
url: actual_url,
mode: 'no-cors',
credentials: 'include',
integrity: expected_integrity,
message: 'Script load (url:' + actual_url + ')'
};
return frame.contentWindow.load_script_with_integrity(actual_url, integrity);
}
function css_integrity_test(frame, url, integrity, expected_integrity) {
var actual_url = url + (++url_count);
expected_results[actual_url] = {
url: actual_url,
mode: 'no-cors',
credentials: 'include',
integrity: expected_integrity,
message: 'CSS load (url:' + actual_url + ')'
};
return frame.contentWindow.load_css_with_integrity(actual_url, integrity);
}
async_test(function(t) { async_test(function(t) {
var SCOPE = 'resources/fetch-request-resources-iframe.https.html'; var SCOPE = 'resources/fetch-request-resources-iframe.https.html';
var SCRIPT = 'resources/fetch-request-resources-worker.js'; var SCRIPT = 'resources/fetch-request-resources-worker.js';
@ -94,6 +122,10 @@ async_test(function(t) {
result.credentials, expected.credentials, result.credentials, expected.credentials,
'credentials of ' + expected.message + ' must be ' + 'credentials of ' + expected.message + ' must be ' +
expected.credentials + '.'); expected.credentials + '.');
assert_equals(
result.integrity, expected.integrity,
'integrity of ' + expected.message + ' must be ' +
expected.integrity + '.');
--url_count; --url_count;
delete expected_results[result.url]; delete expected_results[result.url];
if (url_count == 0) { if (url_count == 0) {
@ -134,6 +166,23 @@ async_test(function(t) {
font_face_test(f, LOCAL_URL, 'cors', 'same-origin'); font_face_test(f, LOCAL_URL, 'cors', 'same-origin');
font_face_test(f, REMOTE_URL, 'cors', 'same-origin'); font_face_test(f, REMOTE_URL, 'cors', 'same-origin');
script_integrity_test(f, LOCAL_URL, ' ', ' ');
script_integrity_test(f, LOCAL_URL,
'This is not a valid integrity because it has no dashes',
'This is not a valid integrity because it has no dashes');
script_integrity_test(f, LOCAL_URL, 'sha256-', 'sha256-');
script_integrity_test(f, LOCAL_URL, 'sha256-foo?123', 'sha256-foo?123');
script_integrity_test(f, LOCAL_URL, 'sha256-foo sha384-abc ', 'sha256-foo sha384-abc ');
script_integrity_test(f, LOCAL_URL, 'sha256-foo sha256-abc', 'sha256-foo sha256-abc');
css_integrity_test(f, LOCAL_URL, ' ', ' ');
css_integrity_test(f, LOCAL_URL,
'This is not a valid integrity because it has no dashes',
'This is not a valid integrity because it has no dashes');
css_integrity_test(f, LOCAL_URL, 'sha256-', 'sha256-');
css_integrity_test(f, LOCAL_URL, 'sha256-foo?123', 'sha256-foo?123');
css_integrity_test(f, LOCAL_URL, 'sha256-foo sha384-abc ', 'sha256-foo sha384-abc ');
css_integrity_test(f, LOCAL_URL, 'sha256-foo sha256-abc', 'sha256-foo sha256-abc');
}) })
.catch(unreached_rejection(t)); .catch(unreached_rejection(t));
}, 'Verify FetchEvent for resources.'); }, 'Verify FetchEvent for resources.');

16
testing/web-platform/tests/service-workers/service-worker/resources/fetch-request-resources-iframe.https.html
Просмотреть файл

@ -47,5 +47,21 @@ function load_css_image_set(url, type) {
div.style[type] = '-webkit-image-set(url(' + url + ') 1x)'; div.style[type] = '-webkit-image-set(url(' + url + ') 1x)';
} }
function load_script_with_integrity(url, integrity) {
var script = document.createElement('script');
script.src = url;
script.integrity = integrity;
document.body.appendChild(script);
}
function load_css_with_integrity(url, integrity) {
var link = document.createElement('link');
link.rel = 'stylesheet'
link.href = url;
link.type = 'text/css';
link.integrity = integrity;
document.body.appendChild(link);
}
</script> </script>
</body> </body>

3
testing/web-platform/tests/service-workers/service-worker/resources/fetch-request-resources-worker.js
Просмотреть файл

@ -17,7 +17,8 @@ self.addEventListener('fetch', function(event) {
port.postMessage({ port.postMessage({
url: url, url: url,
mode: event.request.mode, mode: event.request.mode,
credentials: event.request.credentials credentials: event.request.credentials,
integrity: event.request.integrity
}); });
event.respondWith(Promise.reject()); event.respondWith(Promise.reject());
}); });