mozilla
/
pjs
зеркало из https://github.com/mozilla/pjs.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 712859 - show CSP policy violation messages in the web developer console. r=bz

This commit is contained in:
Mark Goodwin 2012-06-26 13:34:41 -07:00
Родитель 1041c09ce9
Коммит a6ed5cc930
2 изменённых файлов: 38 добавлений и 9 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

12
content/base/src/CSPUtils.jsm
Просмотреть файл

@ -52,27 +52,27 @@ var gPrefObserver = {
}; };
function CSPWarning(aMsg, aSource, aScriptSample, aLineNum) { function CSPWarning(aMsg, aWindowID, aSource, aScriptSample, aLineNum) {
var textMessage = 'CSP WARN: ' + aMsg + "\n"; var textMessage = 'CSP WARN: ' + aMsg + "\n";
var consoleMsg = Components.classes["@mozilla.org/scripterror;1"] var consoleMsg = Components.classes["@mozilla.org/scripterror;1"]
.createInstance(Components.interfaces.nsIScriptError); .createInstance(Components.interfaces.nsIScriptError);
consoleMsg.init(textMessage, aSource, aScriptSample, aLineNum, 0, consoleMsg.initWithWindowID(textMessage, aSource, aScriptSample, aLineNum, 0,
Components.interfaces.nsIScriptError.warningFlag, Components.interfaces.nsIScriptError.warningFlag,
"Content Security Policy"); "Content Security Policy", aWindowID);
Components.classes["@mozilla.org/consoleservice;1"] Components.classes["@mozilla.org/consoleservice;1"]
.getService(Components.interfaces.nsIConsoleService) .getService(Components.interfaces.nsIConsoleService)
.logMessage(consoleMsg); .logMessage(consoleMsg);
} }
function CSPError(aMsg) { function CSPError(aMsg, aWindowID) {
var textMessage = 'CSP ERROR: ' + aMsg + "\n"; var textMessage = 'CSP ERROR: ' + aMsg + "\n";
var consoleMsg = Components.classes["@mozilla.org/scripterror;1"] var consoleMsg = Components.classes["@mozilla.org/scripterror;1"]
.createInstance(Components.interfaces.nsIScriptError); .createInstance(Components.interfaces.nsIScriptError);
consoleMsg.init(textMessage, null, null, 0, 0, consoleMsg.initWithWindowID(textMessage, null, null, 0, 0,
Components.interfaces.nsIScriptError.errorFlag, Components.interfaces.nsIScriptError.errorFlag,
"Content Security Policy"); "Content Security Policy", aWindowID);
Components.classes["@mozilla.org/consoleservice;1"] Components.classes["@mozilla.org/consoleservice;1"]
.getService(Components.interfaces.nsIConsoleService) .getService(Components.interfaces.nsIConsoleService)
.logMessage(consoleMsg); .logMessage(consoleMsg);

35
content/base/src/contentSecurityPolicy.js
Просмотреть файл

@ -103,6 +103,34 @@ ContentSecurityPolicy.prototype = {
return this._reportOnlyMode || this._policy.allowsEvalInScripts; return this._reportOnlyMode || this._policy.allowsEvalInScripts;
}, },
get innerWindowID() {
let win = null;
let loadContext = null;
try {
loadContext = this._docRequest
.notificationCallbacks.getInterface(Ci.nsILoadContext);
} catch (ex) {
try {
loadContext = this._docRequest.loadGroup
.notificationCallbacks.getInterface(Ci.nsILoadContext);
} catch (ex) {
}
}
if (loadContext) {
win = loadContext.associatedWindow;
}
if (win) {
try {
let winUtils = win.QueryInterface(Ci.nsIInterfaceRequestor).getInterface(Ci.nsIDOMWindowUtils);
return winUtils.currentInnerWindowID;
} catch (ex) {
}
}
return null;
},
/** /**
* Log policy violation on the Error Console and send a report if a report-uri * Log policy violation on the Error Console and send a report if a report-uri
* is present in the policy * is present in the policy
@ -258,6 +286,7 @@ ContentSecurityPolicy.prototype = {
CSPWarning("Directive \"" + violatedDirective + "\" violated" CSPWarning("Directive \"" + violatedDirective + "\" violated"
+ (blockedUri['asciiSpec'] ? " by " + blockedUri.asciiSpec : ""), + (blockedUri['asciiSpec'] ? " by " + blockedUri.asciiSpec : ""),
this.innerWindowID,
(aSourceFile) ? aSourceFile : null, (aSourceFile) ? aSourceFile : null,
(aScriptSample) ? decodeURIComponent(aScriptSample) : null, (aScriptSample) ? decodeURIComponent(aScriptSample) : null,
(aLineNum) ? aLineNum : null); (aLineNum) ? aLineNum : null);
@ -318,8 +347,8 @@ ContentSecurityPolicy.prototype = {
} catch(e) { } catch(e) {
// it's possible that the URI was invalid, just log a // it's possible that the URI was invalid, just log a
// warning and skip over that. // warning and skip over that.
CSPWarning("Tried to send report to invalid URI: \"" + uris[i] + "\""); CSPWarning("Tried to send report to invalid URI: \"" + uris[i] + "\"", this.innerWindowID);
CSPWarning("error was: \"" + e + "\""); CSPWarning("error was: \"" + e + "\"", this.innerWindowID);
} }
} }
} }
@ -522,7 +551,7 @@ CSPReportRedirectSink.prototype = {
asyncOnChannelRedirect: function channel_redirect(oldChannel, newChannel, asyncOnChannelRedirect: function channel_redirect(oldChannel, newChannel,
flags, callback) { flags, callback) {
CSPWarning("Post of violation report to " + oldChannel.URI.asciiSpec + CSPWarning("Post of violation report to " + oldChannel.URI.asciiSpec +
" failed, as a redirect occurred"); " failed, as a redirect occurred", this.innerWindowID);
// cancel the old channel so XHR failure callback happens // cancel the old channel so XHR failure callback happens
oldChannel.cancel(Cr.NS_ERROR_ABORT); oldChannel.cancel(Cr.NS_ERROR_ABORT);