зеркало из https://github.com/mozilla/gecko-dev.git
1eb3c1d7cd
Previously, the WebExtension protocol used dynamic protocol flags which were based on the WebExtension policy in order to enforce things such as availability in private browsing and the accessibility of certain resources. Since the shift to MV3, these checks have required more complex checks than what was possible to specify with protocol flags, which required the addition of WEBEXT_URI_WEB_ACCESSIBLE - a security flag which would trigger further checks with the EPS to determine if the URI can be loaded. This was somewhat inefficient, as fetching the URI flags would require looking up the policy each time dynamic flags were looked up, as well as when policy specifics were being checked after loading flags. In addition, it lead to a number of flags which were very specific to extension protocols. This patch changes extensions to no longer have dynamic flags, instead specifying the static `URI_IS_WEBEXTENSION_RESOURCE` security flag. When this flag is specified, security checks are made by querying the ExtensionPolicyService to ask if the load should be permitted, combining the specific security checks for Extension resources into a simpler code-path, and avoids redundant checks. Differential Revision: https://phabricator.services.mozilla.com/D216076 |
||
---|---|---|
.. | ||
featurepolicy | ||
fuzztest | ||
sanitizer | ||
test | ||
trusted-types | ||
CSPEvalChecker.cpp | ||
CSPEvalChecker.h | ||
CSPViolationData.cpp | ||
CSPViolationData.h | ||
DOMSecurityMonitor.cpp | ||
DOMSecurityMonitor.h | ||
DomSecurityIPCUtils.h | ||
FramingChecker.cpp | ||
FramingChecker.h | ||
PolicyTokenizer.cpp | ||
PolicyTokenizer.h | ||
ReferrerInfo.cpp | ||
ReferrerInfo.h | ||
SRICheck.cpp | ||
SRICheck.h | ||
SRILogHelper.h | ||
SRIMetadata.cpp | ||
SRIMetadata.h | ||
SecFetch.cpp | ||
SecFetch.h | ||
metrics.yaml | ||
moz.build | ||
nsCSPContext.cpp | ||
nsCSPContext.h | ||
nsCSPParser.cpp | ||
nsCSPParser.h | ||
nsCSPService.cpp | ||
nsCSPService.h | ||
nsCSPUtils.cpp | ||
nsCSPUtils.h | ||
nsContentSecurityManager.cpp | ||
nsContentSecurityManager.h | ||
nsContentSecurityUtils.cpp | ||
nsContentSecurityUtils.h | ||
nsHTTPSOnlyStreamListener.cpp | ||
nsHTTPSOnlyStreamListener.h | ||
nsHTTPSOnlyUtils.cpp | ||
nsHTTPSOnlyUtils.h | ||
nsIHttpsOnlyModePermission.idl | ||
nsMixedContentBlocker.cpp | ||
nsMixedContentBlocker.h |