mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 1476820 - Convert some VarCache prefs in dom/security/ to use StaticPrefs. r=ckerschb 

Specifically:
- "security.csp.enable"
- "security.csp.experimentalEnabled"
- "security.csp.enableStrictDynamic"
- "security.csp.reporting.script-sample.max-length"
- "security.csp.enable_violation_events"

MozReview-Commit-ID: G1ie4ut9QaK

--HG--
extra : rebase_source : d6b5a0e79eb7046a13a8b4fe957c82c11831c86c
This commit is contained in:
Nicholas Nethercote 2018-07-19 10:43:29 +10:00
Родитель 2162d78097
Коммит fc1f4bb4ae
12 изменённых файлов: 59 добавлений и 54 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

2
dom/base/nsDocument.cpp
Просмотреть файл

@ -2843,7 +2843,7 @@ nsIDocument::InitCSP(nsIChannel* aChannel)
{
MOZ_ASSERT(!mScriptGlobalObject,
"CSP must be initialized before mScriptGlobalObject is set!");
if (!CSPService::sCSPEnabled) {
if (!StaticPrefs::security_csp_enable()) {
MOZ_LOG(gCspPRLog, LogLevel::Debug,
("CSP is disabled, skipping CSP init for document %p", this));
return NS_OK;

3
dom/html/HTMLMetaElement.cpp
Просмотреть файл

@ -94,7 +94,8 @@ HTMLMetaElement::BindToTree(nsIDocument* aDocument, nsIContent* aParent,
nsContentUtils::ProcessViewportInfo(aDocument, content);
}
if (CSPService::sCSPEnabled && aDocument && !aDocument->IsLoadedAsData() &&
if (StaticPrefs::security_csp_enable() && aDocument &&
!aDocument->IsLoadedAsData() &&
AttrValueIs(kNameSpaceID_None, nsGkAtoms::httpEquiv, nsGkAtoms::headerCSP, eIgnoreCase)) {
// only accept <meta http-equiv="Content-Security-Policy" content=""> if it appears

15
dom/security/nsCSPContext.cpp
Просмотреть файл

@ -320,25 +320,12 @@ NS_IMPL_ISUPPORTS_CI(nsCSPContext,
nsIContentSecurityPolicy,
nsISerializable)
int32_t nsCSPContext::sScriptSampleMaxLength;
bool nsCSPContext::sViolationEventsEnabled = false;
nsCSPContext::nsCSPContext()
: mInnerWindowID(0)
, mLoadingContext(nullptr)
, mLoadingPrincipal(nullptr)
, mQueueUpMessages(true)
{
static bool sInitialized = false;
if (!sInitialized) {
Preferences::AddIntVarCache(&sScriptSampleMaxLength,
"security.csp.reporting.script-sample.max-length",
40);
Preferences::AddBoolVarCache(&sViolationEventsEnabled,
"security.csp.enable_violation_events");
sInitialized = true;
}
CSPCONTEXTLOG(("nsCSPContext::nsCSPContext"));
}
@ -1201,7 +1188,7 @@ nsCSPContext::FireViolationEvent(
Element* aTriggeringElement,
const mozilla::dom::SecurityPolicyViolationEventInit& aViolationEventInit)
{
if (!sViolationEventsEnabled) {
if (!StaticPrefs::security_csp_enable_violation_events()) {
return NS_OK;
}

9
dom/security/nsCSPContext.h
Просмотреть файл

@ -9,6 +9,7 @@
#include "mozilla/dom/nsCSPUtils.h"
#include "mozilla/dom/SecurityPolicyViolationEvent.h"
#include "mozilla/StaticPrefs.h"
#include "nsDataHashtable.h"
#include "nsIChannel.h"
#include "nsIChannelEventSink.h"
@ -140,7 +141,9 @@ class nsCSPContext : public nsIContentSecurityPolicy
static uint32_t ScriptSampleMaxLength()
{
return std::max(sScriptSampleMaxLength, 0);
return std::max(
mozilla::StaticPrefs::security_csp_reporting_script_sample_max_length(),
0);
}
private:
@ -165,10 +168,6 @@ class nsCSPContext : public nsIContentSecurityPolicy
uint32_t aLineNumber,
uint32_t aColumnNumber);
static int32_t sScriptSampleMaxLength;
static bool sViolationEventsEnabled;
nsString mReferrer;
uint64_t mInnerWindowID; // used for web console logging
nsTArray<nsCSPPolicy*> mPolicies;

13
dom/security/nsCSPParser.cpp
Просмотреть файл

@ -6,6 +6,7 @@
#include "mozilla/ArrayUtils.h"
#include "mozilla/Preferences.h"
#include "mozilla/StaticPrefs.h"
#include "nsCOMPtr.h"
#include "nsContentUtils.h"
#include "nsCSPParser.h"
@ -61,8 +62,6 @@ static const char* const kStyle = "style";
static const char* const kScript = "script";
/* ===== nsCSPParser ==================== */
bool nsCSPParser::sCSPExperimentalEnabled = false;
bool nsCSPParser::sStrictDynamicEnabled = false;
nsCSPParser::nsCSPParser(policyTokens& aTokens,
nsIURI* aSelfURI,
@ -84,12 +83,6 @@ nsCSPParser::nsCSPParser(policyTokens& aTokens,
, mCSPContext(aCSPContext)
, mDeliveredViaMetaTag(aDeliveredViaMetaTag)
{
static bool initialized = false;
if (!initialized) {
initialized = true;
Preferences::AddBoolVarCache(&sCSPExperimentalEnabled, "security.csp.experimentalEnabled");
Preferences::AddBoolVarCache(&sStrictDynamicEnabled, "security.csp.enableStrictDynamic");
}
CSPPARSERLOG(("nsCSPParser::nsCSPParser"));
}
@ -488,7 +481,7 @@ nsCSPParser::keywordSource()
if (CSP_IsKeyword(mCurToken, CSP_STRICT_DYNAMIC)) {
// make sure strict dynamic is enabled
if (!sStrictDynamicEnabled) {
if (!StaticPrefs::security_csp_enableStrictDynamic()) {
return nullptr;
}
if (!CSP_IsDirective(mCurDir[0], nsIContentSecurityPolicy::SCRIPT_SRC_DIRECTIVE)) {
@ -968,7 +961,7 @@ nsCSPParser::directiveName()
// Check if it is a valid directive
if (!CSP_IsValidDirective(mCurToken) ||
(!sCSPExperimentalEnabled &&
(!StaticPrefs::security_csp_experimentalEnabled() &&
CSP_IsDirective(mCurToken, nsIContentSecurityPolicy::REQUIRE_SRI_FOR))) {
const char16_t* params[] = { mCurToken.get() };
logWarningErrorToConsole(nsIScriptError::warningFlag, "couldNotProcessUnknownDirective",

3
dom/security/nsCSPParser.h
Просмотреть файл

@ -33,9 +33,6 @@ class nsCSPParser {
nsCSPContext* aCSPContext,
bool aDeliveredViaMetaTag);
static bool sCSPExperimentalEnabled;
static bool sStrictDynamicEnabled;
~nsCSPParser();

13
dom/security/nsCSPService.cpp
Просмотреть файл

@ -5,6 +5,8 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "mozilla/Logging.h"
#include "mozilla/Preferences.h"
#include "mozilla/StaticPrefs.h"
#include "nsString.h"
#include "nsCOMPtr.h"
#include "nsIURI.h"
@ -16,21 +18,16 @@
#include "nsError.h"
#include "nsIAsyncVerifyRedirectCallback.h"
#include "nsAsyncRedirectVerifyHelper.h"
#include "mozilla/Preferences.h"
#include "nsIScriptError.h"
#include "nsContentUtils.h"
#include "nsContentPolicyUtils.h"
using namespace mozilla;
/* Keeps track of whether or not CSP is enabled */
bool CSPService::sCSPEnabled = true;
static LazyLogModule gCspPRLog("CSP");
CSPService::CSPService()
{
Preferences::AddBoolVarCache(&sCSPEnabled, "security.csp.enable");
}
CSPService::~CSPService()
@ -152,7 +149,8 @@ CSPService::ShouldLoad(nsIURI *aContentLocation,
// Please note, the correct way to opt-out of CSP using a custom
// protocolHandler is to set one of the nsIProtocolHandler flags
// that are whitelistet in subjectToCSP()
if (!sCSPEnabled || !subjectToCSP(aContentLocation, contentType)) {
if (!StaticPrefs::security_csp_enable() ||
!subjectToCSP(aContentLocation, contentType)) {
return NS_OK;
}
@ -282,7 +280,8 @@ CSPService::AsyncOnChannelRedirect(nsIChannel *oldChannel,
// protocolHandler is to set one of the nsIProtocolHandler flags
// that are whitelistet in subjectToCSP()
nsContentPolicyType policyType = loadInfo->InternalContentPolicyType();
if (!sCSPEnabled || !subjectToCSP(newUri, policyType)) {
if (!StaticPrefs::security_csp_enable() ||
!subjectToCSP(newUri, policyType)) {
return NS_OK;
}

1
dom/security/nsCSPService.h
Просмотреть файл

@ -26,7 +26,6 @@ public:
NS_DECL_NSICHANNELEVENTSINK
CSPService();
static bool sCSPEnabled;
protected:
virtual ~CSPService();

2
dom/workers/ScriptLoader.cpp
Просмотреть файл

@ -1259,7 +1259,7 @@ private:
nsCOMPtr<nsIContentSecurityPolicy> csp = mWorkerPrivate->GetCSP();
// We did inherit CSP in bug 1223647. If we do not already have a CSP, we
// should get it from the HTTP headers on the worker script.
if (CSPService::sCSPEnabled) {
if (StaticPrefs::security_csp_enable()) {
if (!csp) {
rv = mWorkerPrivate->SetCSPFromHeaderValues(tCspHeaderValue,
tCspROHeaderValue);

40
modules/libpref/init/StaticPrefList.h
Просмотреть файл

@ -1163,6 +1163,46 @@ VARCACHE_PREF(
uint32_t, 2592000 // 30 days (in seconds)
)
//---------------------------------------------------------------------------
// Security prefs
//---------------------------------------------------------------------------
VARCACHE_PREF(
"security.csp.enable",
security_csp_enable,
bool, true
)
VARCACHE_PREF(
"security.csp.experimentalEnabled",
security_csp_experimentalEnabled,
bool, false
)
VARCACHE_PREF(
"security.csp.enableStrictDynamic",
security_csp_enableStrictDynamic,
bool, true
)
#ifdef NIGHTLY_BUILD
# define PREF_VALUE true
#else
# define PREF_VALUE false
#endif
VARCACHE_PREF(
"security.csp.enable_violation_events",
security_csp_enable_violation_events,
bool, PREF_VALUE
)
#undef PREF_VALUE
VARCACHE_PREF(
"security.csp.reporting.script-sample.max-length",
security_csp_reporting_script_sample_max_length,
int32_t, 40
)
//---------------------------------------------------------------------------
// View source prefs
//---------------------------------------------------------------------------

10
modules/libpref/init/all.js
Просмотреть файл

@ -2518,21 +2518,11 @@ pref("security.directory", "");
pref("security.dialog_enable_delay", 1000);
pref("security.notification_enable_delay", 500);
pref("security.csp.enable", true);
pref("security.csp.experimentalEnabled", false);
pref("security.csp.enableStrictDynamic", true);
#if defined(DEBUG) && !defined(ANDROID)
// about:welcome has been added until Bug 1448359 is fixed at which time home, newtab, and welcome will all be removed.
pref("csp.content_privileged_about_uris_without_csp", "blank,home,newtab,printpreview,srcdoc,welcome");
#endif
#ifdef NIGHTLY_BUILD
pref("security.csp.enable_violation_events", true);
#else
pref("security.csp.enable_violation_events", false);
#endif
// Default Content Security Policy to apply to signed contents.
pref("security.signed_content.CSP.default", "script-src 'self'; style-src 'self'");

2
parser/html/nsHtml5TreeOpExecutor.cpp
Просмотреть файл

@ -1135,7 +1135,7 @@ nsHtml5TreeOpExecutor::SetSpeculationReferrerPolicy(
void
nsHtml5TreeOpExecutor::AddSpeculationCSP(const nsAString& aCSP)
{
if (!CSPService::sCSPEnabled) {
if (!StaticPrefs::security_csp_enable()) {
return;
}