From a6ed5cc930aaffa724d888f08288498d6d189232 Mon Sep 17 00:00:00 2001 From: Mark Goodwin Date: Tue, 26 Jun 2012 13:34:41 -0700 Subject: [PATCH] Bug 712859 - show CSP policy violation messages in the web developer console. r=bz --- content/base/src/CSPUtils.jsm | 12 ++++---- content/base/src/contentSecurityPolicy.js | 35 +++++++++++++++++++++-- 2 files changed, 38 insertions(+), 9 deletions(-) diff --git a/content/base/src/CSPUtils.jsm b/content/base/src/CSPUtils.jsm index a6589a43410..c7bd89fb1e1 100644 --- a/content/base/src/CSPUtils.jsm +++ b/content/base/src/CSPUtils.jsm @@ -52,27 +52,27 @@ var gPrefObserver = { }; -function CSPWarning(aMsg, aSource, aScriptSample, aLineNum) { +function CSPWarning(aMsg, aWindowID, aSource, aScriptSample, aLineNum) { var textMessage = 'CSP WARN: ' + aMsg + "\n"; var consoleMsg = Components.classes["@mozilla.org/scripterror;1"] .createInstance(Components.interfaces.nsIScriptError); - consoleMsg.init(textMessage, aSource, aScriptSample, aLineNum, 0, + consoleMsg.initWithWindowID(textMessage, aSource, aScriptSample, aLineNum, 0, Components.interfaces.nsIScriptError.warningFlag, - "Content Security Policy"); + "Content Security Policy", aWindowID); Components.classes["@mozilla.org/consoleservice;1"] .getService(Components.interfaces.nsIConsoleService) .logMessage(consoleMsg); } -function CSPError(aMsg) { +function CSPError(aMsg, aWindowID) { var textMessage = 'CSP ERROR: ' + aMsg + "\n"; var consoleMsg = Components.classes["@mozilla.org/scripterror;1"] .createInstance(Components.interfaces.nsIScriptError); - consoleMsg.init(textMessage, null, null, 0, 0, + consoleMsg.initWithWindowID(textMessage, null, null, 0, 0, Components.interfaces.nsIScriptError.errorFlag, - "Content Security Policy"); + "Content Security Policy", aWindowID); Components.classes["@mozilla.org/consoleservice;1"] .getService(Components.interfaces.nsIConsoleService) .logMessage(consoleMsg); diff --git a/content/base/src/contentSecurityPolicy.js b/content/base/src/contentSecurityPolicy.js index f3060646200..f3059aa960e 100644 --- a/content/base/src/contentSecurityPolicy.js +++ b/content/base/src/contentSecurityPolicy.js @@ -103,6 +103,34 @@ ContentSecurityPolicy.prototype = { return this._reportOnlyMode || this._policy.allowsEvalInScripts; }, + get innerWindowID() { + let win = null; + let loadContext = null; + + try { + loadContext = this._docRequest + .notificationCallbacks.getInterface(Ci.nsILoadContext); + } catch (ex) { + try { + loadContext = this._docRequest.loadGroup + .notificationCallbacks.getInterface(Ci.nsILoadContext); + } catch (ex) { + } + } + + if (loadContext) { + win = loadContext.associatedWindow; + } + if (win) { + try { + let winUtils = win.QueryInterface(Ci.nsIInterfaceRequestor).getInterface(Ci.nsIDOMWindowUtils); + return winUtils.currentInnerWindowID; + } catch (ex) { + } + } + return null; + }, + /** * Log policy violation on the Error Console and send a report if a report-uri * is present in the policy @@ -258,6 +286,7 @@ ContentSecurityPolicy.prototype = { CSPWarning("Directive \"" + violatedDirective + "\" violated" + (blockedUri['asciiSpec'] ? " by " + blockedUri.asciiSpec : ""), + this.innerWindowID, (aSourceFile) ? aSourceFile : null, (aScriptSample) ? decodeURIComponent(aScriptSample) : null, (aLineNum) ? aLineNum : null); @@ -318,8 +347,8 @@ ContentSecurityPolicy.prototype = { } catch(e) { // it's possible that the URI was invalid, just log a // warning and skip over that. - CSPWarning("Tried to send report to invalid URI: \"" + uris[i] + "\""); - CSPWarning("error was: \"" + e + "\""); + CSPWarning("Tried to send report to invalid URI: \"" + uris[i] + "\"", this.innerWindowID); + CSPWarning("error was: \"" + e + "\"", this.innerWindowID); } } } @@ -522,7 +551,7 @@ CSPReportRedirectSink.prototype = { asyncOnChannelRedirect: function channel_redirect(oldChannel, newChannel, flags, callback) { CSPWarning("Post of violation report to " + oldChannel.URI.asciiSpec + - " failed, as a redirect occurred"); + " failed, as a redirect occurred", this.innerWindowID); // cancel the old channel so XHR failure callback happens oldChannel.cancel(Cr.NS_ERROR_ABORT);