зеркало из https://github.com/mozilla/gecko-dev.git
96 строки
3.4 KiB
C++
96 строки
3.4 KiB
C++
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
|
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
/* A namespace class for static content security utilities. */
|
|
|
|
#include "nsContentSecurityUtils.h"
|
|
|
|
#include "nsIContentSecurityPolicy.h"
|
|
#include "nsIURI.h"
|
|
|
|
#include "mozilla/dom/Document.h"
|
|
|
|
#if defined(DEBUG)
|
|
/* static */
|
|
void nsContentSecurityUtils::AssertAboutPageHasCSP(Document* aDocument) {
|
|
// We want to get to a point where all about: pages ship with a CSP. This
|
|
// assertion ensures that we can not deploy new about: pages without a CSP.
|
|
// Please note that any about: page should not use inline JS or inline CSS,
|
|
// and instead should load JS and CSS from an external file (*.js, *.css)
|
|
// which allows us to apply a strong CSP omitting 'unsafe-inline'. Ideally,
|
|
// the CSP allows precisely the resources that need to be loaded; but it
|
|
// should at least be as strong as:
|
|
// <meta http-equiv="Content-Security-Policy" content="default-src chrome:"/>
|
|
|
|
// Check if we should skip the assertion
|
|
if (Preferences::GetBool("csp.skip_about_page_has_csp_assert")) {
|
|
return;
|
|
}
|
|
|
|
// Check if we are loading an about: URI at all
|
|
nsCOMPtr<nsIURI> documentURI = aDocument->GetDocumentURI();
|
|
if (!documentURI->SchemeIs("about")) {
|
|
return;
|
|
}
|
|
|
|
nsCOMPtr<nsIContentSecurityPolicy> csp = aDocument->GetCsp();
|
|
bool foundDefaultSrc = false;
|
|
if (csp) {
|
|
uint32_t policyCount = 0;
|
|
csp->GetPolicyCount(&policyCount);
|
|
nsAutoString parsedPolicyStr;
|
|
for (uint32_t i = 0; i < policyCount; ++i) {
|
|
csp->GetPolicyString(i, parsedPolicyStr);
|
|
if (parsedPolicyStr.Find("default-src") >= 0) {
|
|
foundDefaultSrc = true;
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
|
|
// Check if we should skip the allowlist and assert right away. Please note
|
|
// that this pref can and should only be set for automated testing.
|
|
if (Preferences::GetBool("csp.skip_about_page_csp_allowlist_and_assert")) {
|
|
NS_ASSERTION(foundDefaultSrc, "about: page must have a CSP");
|
|
return;
|
|
}
|
|
|
|
nsAutoCString aboutSpec;
|
|
documentURI->GetSpec(aboutSpec);
|
|
ToLowerCase(aboutSpec);
|
|
|
|
// This allowlist contains about: pages that are permanently allowed to
|
|
// render without a CSP applied.
|
|
static nsLiteralCString sAllowedAboutPagesWithNoCSP[] = {
|
|
// about:blank is a special about page -> no CSP
|
|
NS_LITERAL_CSTRING("about:blank"),
|
|
// about:srcdoc is a special about page -> no CSP
|
|
NS_LITERAL_CSTRING("about:srcdoc"),
|
|
// about:sync-log displays plain text only -> no CSP
|
|
NS_LITERAL_CSTRING("about:sync-log"),
|
|
// about:printpreview displays plain text only -> no CSP
|
|
NS_LITERAL_CSTRING("about:printpreview"),
|
|
// Bug 1497200: Apply Meta CSP to about:downloads
|
|
NS_LITERAL_CSTRING("about:downloads"),
|
|
# if defined(ANDROID)
|
|
NS_LITERAL_CSTRING("about:config"),
|
|
# endif
|
|
};
|
|
|
|
for (const nsLiteralCString& allowlistEntry : sAllowedAboutPagesWithNoCSP) {
|
|
// please note that we perform a substring match here on purpose,
|
|
// so we don't have to deal and parse out all the query arguments
|
|
// the various about pages rely on.
|
|
if (StringBeginsWith(aboutSpec, allowlistEntry)) {
|
|
return;
|
|
}
|
|
}
|
|
|
|
MOZ_ASSERT(foundDefaultSrc,
|
|
"about: page must contain a CSP including default-src");
|
|
}
|
|
#endif
|