[tor-commits] [tor-browser] 47/73: Bug 1770094 r=freddyb, emilio a=RyanVM
gitolite role
git at cupani.torproject.org
Wed Sep 21 20:17:40 UTC 2022
This is an automated email from the git hooks/post-receive script.
richard pushed a commit to branch geckoview-102.3.0esr-12.0-1
in repository tor-browser.
commit 4f9825634cdccde98191fede657e8be53e7451b0
Author: Tom Schuster <tschuster at mozilla.com>
AuthorDate: Mon Aug 15 14:41:10 2022 +0000
Bug 1770094 r=freddyb,emilio a=RyanVM
Differential Revision: https://phabricator.services.mozilla.com/D154518
---
dom/html/HTMLFormSubmission.cpp | 3 +-
dom/html/HTMLSharedElement.cpp | 8 ++---
.../security/nsIContentSecurityPolicy.idl | 11 +++---
dom/security/nsCSPContext.cpp | 11 +++---
parser/html/nsHtml5TreeOpExecutor.cpp | 40 +++++++++++++++++++---
5 files changed, 54 insertions(+), 19 deletions(-)
diff --git a/dom/html/HTMLFormSubmission.cpp b/dom/html/HTMLFormSubmission.cpp
index a7141c3cd9a47..4f42f19716e1c 100644
--- a/dom/html/HTMLFormSubmission.cpp
+++ b/dom/html/HTMLFormSubmission.cpp
@@ -792,7 +792,8 @@ nsresult HTMLFormSubmission::GetFromForm(HTMLFormElement* aForm,
// policy - do *not* consult default-src, see:
// http://www.w3.org/TR/CSP2/#directive-default-src
rv = csp->Permits(aForm, nullptr /* nsICSPEventListener */, actionURL,
- nsIContentSecurityPolicy::FORM_ACTION_DIRECTIVE, true,
+ nsIContentSecurityPolicy::FORM_ACTION_DIRECTIVE,
+ true /* aSpecific */, true /* aSendViolationReports */,
&permitsFormAction);
NS_ENSURE_SUCCESS(rv, rv);
if (!permitsFormAction) {
diff --git a/dom/html/HTMLSharedElement.cpp b/dom/html/HTMLSharedElement.cpp
index 4e3e1453846b6..b168f327823ed 100644
--- a/dom/html/HTMLSharedElement.cpp
+++ b/dom/html/HTMLSharedElement.cpp
@@ -155,10 +155,10 @@ static void SetBaseURIUsingFirstBaseWithHref(Document* aDocument,
// policy - do *not* consult default-src, see:
// http://www.w3.org/TR/CSP2/#directive-default-src
bool cspPermitsBaseURI = true;
- rv = csp->Permits(child->AsElement(), nullptr /* nsICSPEventListener */,
- newBaseURI,
- nsIContentSecurityPolicy::BASE_URI_DIRECTIVE, true,
- &cspPermitsBaseURI);
+ rv = csp->Permits(
+ child->AsElement(), nullptr /* nsICSPEventListener */, newBaseURI,
+ nsIContentSecurityPolicy::BASE_URI_DIRECTIVE, true /* aSpecific */,
+ true /* aSendViolationReports */, &cspPermitsBaseURI);
if (NS_FAILED(rv) || !cspPermitsBaseURI) {
newBaseURI = nullptr;
}
diff --git a/dom/interfaces/security/nsIContentSecurityPolicy.idl b/dom/interfaces/security/nsIContentSecurityPolicy.idl
index e4e5815c59f65..215e84ad32be6 100644
--- a/dom/interfaces/security/nsIContentSecurityPolicy.idl
+++ b/dom/interfaces/security/nsIContentSecurityPolicy.idl
@@ -303,11 +303,8 @@ interface nsIContentSecurityPolicy : nsISerializable
/**
* Checks if a specific directive permits loading of a URI.
*
- * NOTE: Calls to this may trigger violation reports when queried, so the
- * return value should not be cached.
- *
* @param aTriggeringElement
- * The element that triggers this CSP check. It can be null.
+ * The element that triggers this CSP check. It can be null.
* @param aURI
* The URI about to be loaded or used.
* @param aDir
@@ -319,6 +316,9 @@ interface nsIContentSecurityPolicy : nsISerializable
* "false" allows CSP to fall back to default-src. This function
* behaves the same for both values of canUseDefault when querying
* directives that don't fall-back.
+ * @param aSendViolationReports
+ * If `true` and the uri is not allowed then trigger violation reports.
+ * This should be `false` for caching or preloads.
* @return
* Whether or not the provided URI is allowed by CSP under the given
* directive. (block the pending operation if false).
@@ -327,7 +327,8 @@ interface nsIContentSecurityPolicy : nsISerializable
in nsICSPEventListener aCSPEventListener,
in nsIURI aURI,
in nsIContentSecurityPolicy_CSPDirective aDir,
- in boolean aSpecific);
+ in boolean aSpecific,
+ in boolean aSendViolationReports);
/**
* Delegate method called by the service when sub-elements of the protected
diff --git a/dom/security/nsCSPContext.cpp b/dom/security/nsCSPContext.cpp
index f9f6073e1eaeb..3c655e5267398 100644
--- a/dom/security/nsCSPContext.cpp
+++ b/dom/security/nsCSPContext.cpp
@@ -1675,7 +1675,8 @@ nsCSPContext::PermitsAncestry(nsILoadInfo* aLoadInfo,
NS_IMETHODIMP
nsCSPContext::Permits(Element* aTriggeringElement,
nsICSPEventListener* aCSPEventListener, nsIURI* aURI,
- CSPDirective aDir, bool aSpecific, bool* outPermits) {
+ CSPDirective aDir, bool aSpecific,
+ bool aSendViolationReports, bool* outPermits) {
// Can't perform check without aURI
if (aURI == nullptr) {
return NS_ERROR_FAILURE;
@@ -1697,14 +1698,14 @@ nsCSPContext::Permits(Element* aTriggeringElement,
permitsInternal(aDir, aTriggeringElement, aCSPEventListener, aURI,
nullptr, // no original (pre-redirect) URI
u""_ns, // no nonce
- aSpecific,
- true, // send violation reports
+ aSpecific, aSendViolationReports,
true, // send blocked URI in violation reports
false); // not parser created
if (CSPCONTEXTLOGENABLED()) {
- CSPCONTEXTLOG(("nsCSPContext::Permits, aUri: %s, aDir: %d, isAllowed: %s",
- aURI->GetSpecOrDefault().get(), aDir,
+ CSPCONTEXTLOG(("nsCSPContext::Permits, aUri: %s, aDir: %s, isAllowed: %s",
+ aURI->GetSpecOrDefault().get(),
+ CSP_CSPDirectiveToString(aDir),
*outPermits ? "allow" : "deny"));
}
diff --git a/parser/html/nsHtml5TreeOpExecutor.cpp b/parser/html/nsHtml5TreeOpExecutor.cpp
index d956b3b5c6ecf..55c7dbe1ae90d 100644
--- a/parser/html/nsHtml5TreeOpExecutor.cpp
+++ b/parser/html/nsHtml5TreeOpExecutor.cpp
@@ -1314,11 +1314,44 @@ void nsHtml5TreeOpExecutor::SetSpeculationBase(const nsAString& aURL) {
// the first one wins
return;
}
+
auto encoding = mDocument->GetDocumentCharacterSet();
- DebugOnly<nsresult> rv = NS_NewURI(getter_AddRefs(mSpeculationBaseURI), aURL,
- encoding, mDocument->GetDocumentURI());
+ nsCOMPtr<nsIURI> newBaseURI;
+ DebugOnly<nsresult> rv = NS_NewURI(getter_AddRefs(newBaseURI), aURL, encoding,
+ mDocument->GetDocumentURI());
NS_WARNING_ASSERTION(NS_SUCCEEDED(rv), "Failed to create a URI");
+ if (!newBaseURI) {
+ return;
+ }
+
+ // Check the document's CSP usually delivered via the CSP header.
+ if (nsCOMPtr<nsIContentSecurityPolicy> csp = mDocument->GetCsp()) {
+ // base-uri should not fallback to the default-src and preloads should not
+ // trigger violation reports.
+ bool cspPermitsBaseURI = true;
+ nsresult rv = csp->Permits(
+ nullptr, nullptr, newBaseURI,
+ nsIContentSecurityPolicy::BASE_URI_DIRECTIVE, true /* aSpecific */,
+ false /* aSendViolationReports */, &cspPermitsBaseURI);
+ if (NS_FAILED(rv) || !cspPermitsBaseURI) {
+ return;
+ }
+ }
+
+ // Also check the CSP discovered from the <meta> tag during speculative
+ // parsing.
+ if (nsCOMPtr<nsIContentSecurityPolicy> csp = mDocument->GetPreloadCsp()) {
+ bool cspPermitsBaseURI = true;
+ nsresult rv = csp->Permits(
+ nullptr, nullptr, newBaseURI,
+ nsIContentSecurityPolicy::BASE_URI_DIRECTIVE, true /* aSpecific */,
+ false /* aSendViolationReports */, &cspPermitsBaseURI);
+ if (NS_FAILED(rv) || !cspPermitsBaseURI) {
+ return;
+ }
+ }
+ mSpeculationBaseURI = newBaseURI;
mDocument->Preloads().SetSpeculationBase(mSpeculationBaseURI);
}
@@ -1338,8 +1371,7 @@ void nsHtml5TreeOpExecutor::AddSpeculationCSP(const nsAString& aCSP) {
NS_ENSURE_SUCCESS_VOID(rv);
}
- // please note that meta CSPs and CSPs delivered through a header need
- // to be joined together.
+ // Please note that multiple meta CSPs need to be joined together.
rv = preloadCsp->AppendPolicy(
aCSP,
false, // csp via meta tag can not be report only
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the tor-commits
mailing list