[tor-commits] [tor-browser] 04/09: Bug 1770094 r=freddyb, emilio a=RyanVM
gitolite role
git at cupani.torproject.org
Thu Sep 22 19:17:10 UTC 2022
This is an automated email from the git hooks/post-receive script.
richard pushed a commit to branch tor-browser-91.13.0esr-11.5-1
in repository tor-browser.
commit 61fc2cfa6d994d4f41a360b9d7c1c9667626e880
Author: Tom Schuster <tschuster at mozilla.com>
AuthorDate: Mon Aug 15 14:41:10 2022 +0000
Bug 1770094 r=freddyb,emilio a=RyanVM
Differential Revision: https://phabricator.services.mozilla.com/D154518
---
dom/html/HTMLFormSubmission.cpp | 3 +-
dom/html/HTMLSharedElement.cpp | 8 ++---
.../security/nsIContentSecurityPolicy.idl | 11 +++---
dom/security/nsCSPContext.cpp | 11 +++---
parser/html/nsHtml5TreeOpExecutor.cpp | 40 +++++++++++++++++++---
5 files changed, 54 insertions(+), 19 deletions(-)
diff --git a/dom/html/HTMLFormSubmission.cpp b/dom/html/HTMLFormSubmission.cpp
index 4ea6b0b01176..82943df1ff5f 100644
--- a/dom/html/HTMLFormSubmission.cpp
+++ b/dom/html/HTMLFormSubmission.cpp
@@ -793,7 +793,8 @@ nsresult HTMLFormSubmission::GetFromForm(HTMLFormElement* aForm,
// policy - do *not* consult default-src, see:
// http://www.w3.org/TR/CSP2/#directive-default-src
rv = csp->Permits(aForm, nullptr /* nsICSPEventListener */, actionURL,
- nsIContentSecurityPolicy::FORM_ACTION_DIRECTIVE, true,
+ nsIContentSecurityPolicy::FORM_ACTION_DIRECTIVE,
+ true /* aSpecific */, true /* aSendViolationReports */,
&permitsFormAction);
NS_ENSURE_SUCCESS(rv, rv);
if (!permitsFormAction) {
diff --git a/dom/html/HTMLSharedElement.cpp b/dom/html/HTMLSharedElement.cpp
index 4e3e1453846b..b168f327823e 100644
--- a/dom/html/HTMLSharedElement.cpp
+++ b/dom/html/HTMLSharedElement.cpp
@@ -155,10 +155,10 @@ static void SetBaseURIUsingFirstBaseWithHref(Document* aDocument,
// policy - do *not* consult default-src, see:
// http://www.w3.org/TR/CSP2/#directive-default-src
bool cspPermitsBaseURI = true;
- rv = csp->Permits(child->AsElement(), nullptr /* nsICSPEventListener */,
- newBaseURI,
- nsIContentSecurityPolicy::BASE_URI_DIRECTIVE, true,
- &cspPermitsBaseURI);
+ rv = csp->Permits(
+ child->AsElement(), nullptr /* nsICSPEventListener */, newBaseURI,
+ nsIContentSecurityPolicy::BASE_URI_DIRECTIVE, true /* aSpecific */,
+ true /* aSendViolationReports */, &cspPermitsBaseURI);
if (NS_FAILED(rv) || !cspPermitsBaseURI) {
newBaseURI = nullptr;
}
diff --git a/dom/interfaces/security/nsIContentSecurityPolicy.idl b/dom/interfaces/security/nsIContentSecurityPolicy.idl
index ca4703fcd108..3f15a072441a 100644
--- a/dom/interfaces/security/nsIContentSecurityPolicy.idl
+++ b/dom/interfaces/security/nsIContentSecurityPolicy.idl
@@ -288,11 +288,8 @@ interface nsIContentSecurityPolicy : nsISerializable
/**
* Checks if a specific directive permits loading of a URI.
*
- * NOTE: Calls to this may trigger violation reports when queried, so the
- * return value should not be cached.
- *
* @param aTriggeringElement
- * The element that triggers this CSP check. It can be null.
+ * The element that triggers this CSP check. It can be null.
* @param aURI
* The URI about to be loaded or used.
* @param aDir
@@ -304,6 +301,9 @@ interface nsIContentSecurityPolicy : nsISerializable
* "false" allows CSP to fall back to default-src. This function
* behaves the same for both values of canUseDefault when querying
* directives that don't fall-back.
+ * @param aSendViolationReports
+ * If `true` and the uri is not allowed then trigger violation reports.
+ * This should be `false` for caching or preloads.
* @return
* Whether or not the provided URI is allowed by CSP under the given
* directive. (block the pending operation if false).
@@ -312,7 +312,8 @@ interface nsIContentSecurityPolicy : nsISerializable
in nsICSPEventListener aCSPEventListener,
in nsIURI aURI,
in nsIContentSecurityPolicy_CSPDirective aDir,
- in boolean aSpecific);
+ in boolean aSpecific,
+ in boolean aSendViolationReports);
/**
* Delegate method called by the service when sub-elements of the protected
diff --git a/dom/security/nsCSPContext.cpp b/dom/security/nsCSPContext.cpp
index 113ee2cf95a1..9b7a99f272c3 100644
--- a/dom/security/nsCSPContext.cpp
+++ b/dom/security/nsCSPContext.cpp
@@ -1632,7 +1632,8 @@ nsCSPContext::PermitsAncestry(nsILoadInfo* aLoadInfo,
NS_IMETHODIMP
nsCSPContext::Permits(Element* aTriggeringElement,
nsICSPEventListener* aCSPEventListener, nsIURI* aURI,
- CSPDirective aDir, bool aSpecific, bool* outPermits) {
+ CSPDirective aDir, bool aSpecific,
+ bool aSendViolationReports, bool* outPermits) {
// Can't perform check without aURI
if (aURI == nullptr) {
return NS_ERROR_FAILURE;
@@ -1654,14 +1655,14 @@ nsCSPContext::Permits(Element* aTriggeringElement,
permitsInternal(aDir, aTriggeringElement, aCSPEventListener, aURI,
nullptr, // no original (pre-redirect) URI
u""_ns, // no nonce
- aSpecific,
- true, // send violation reports
+ aSpecific, aSendViolationReports,
true, // send blocked URI in violation reports
false); // not parser created
if (CSPCONTEXTLOGENABLED()) {
- CSPCONTEXTLOG(("nsCSPContext::Permits, aUri: %s, aDir: %d, isAllowed: %s",
- aURI->GetSpecOrDefault().get(), aDir,
+ CSPCONTEXTLOG(("nsCSPContext::Permits, aUri: %s, aDir: %s, isAllowed: %s",
+ aURI->GetSpecOrDefault().get(),
+ CSP_CSPDirectiveToString(aDir),
*outPermits ? "allow" : "deny"));
}
diff --git a/parser/html/nsHtml5TreeOpExecutor.cpp b/parser/html/nsHtml5TreeOpExecutor.cpp
index dd865ee6eb22..484aeb68635c 100644
--- a/parser/html/nsHtml5TreeOpExecutor.cpp
+++ b/parser/html/nsHtml5TreeOpExecutor.cpp
@@ -1262,11 +1262,44 @@ void nsHtml5TreeOpExecutor::SetSpeculationBase(const nsAString& aURL) {
// the first one wins
return;
}
+
auto encoding = mDocument->GetDocumentCharacterSet();
- DebugOnly<nsresult> rv = NS_NewURI(getter_AddRefs(mSpeculationBaseURI), aURL,
- encoding, mDocument->GetDocumentURI());
+ nsCOMPtr<nsIURI> newBaseURI;
+ DebugOnly<nsresult> rv = NS_NewURI(getter_AddRefs(newBaseURI), aURL, encoding,
+ mDocument->GetDocumentURI());
NS_WARNING_ASSERTION(NS_SUCCEEDED(rv), "Failed to create a URI");
+ if (!newBaseURI) {
+ return;
+ }
+
+ // Check the document's CSP usually delivered via the CSP header.
+ if (nsCOMPtr<nsIContentSecurityPolicy> csp = mDocument->GetCsp()) {
+ // base-uri should not fallback to the default-src and preloads should not
+ // trigger violation reports.
+ bool cspPermitsBaseURI = true;
+ nsresult rv = csp->Permits(
+ nullptr, nullptr, newBaseURI,
+ nsIContentSecurityPolicy::BASE_URI_DIRECTIVE, true /* aSpecific */,
+ false /* aSendViolationReports */, &cspPermitsBaseURI);
+ if (NS_FAILED(rv) || !cspPermitsBaseURI) {
+ return;
+ }
+ }
+
+ // Also check the CSP discovered from the <meta> tag during speculative
+ // parsing.
+ if (nsCOMPtr<nsIContentSecurityPolicy> csp = mDocument->GetPreloadCsp()) {
+ bool cspPermitsBaseURI = true;
+ nsresult rv = csp->Permits(
+ nullptr, nullptr, newBaseURI,
+ nsIContentSecurityPolicy::BASE_URI_DIRECTIVE, true /* aSpecific */,
+ false /* aSendViolationReports */, &cspPermitsBaseURI);
+ if (NS_FAILED(rv) || !cspPermitsBaseURI) {
+ return;
+ }
+ }
+ mSpeculationBaseURI = newBaseURI;
mDocument->Preloads().SetSpeculationBase(mSpeculationBaseURI);
}
@@ -1290,8 +1323,7 @@ void nsHtml5TreeOpExecutor::AddSpeculationCSP(const nsAString& aCSP) {
NS_ENSURE_SUCCESS_VOID(rv);
}
- // please note that meta CSPs and CSPs delivered through a header need
- // to be joined together.
+ // Please note that multiple meta CSPs need to be joined together.
rv = preloadCsp->AppendPolicy(
aCSP,
false, // csp via meta tag can not be report only
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the tor-commits
mailing list