Bug 1243178: CSP - Skip sending reports for non http schemes (r=dveditz) a=ritu
authorChristoph Kerschbaumer <mozilla@christophkerschbaumer.com>
Wed, 27 Jan 2016 15:56:39 -0800
changeset 313172 5154bb929236
parent 313171 7da232006437
child 313173 3ab828713b6a
child 326470 629b622542d0
child 326472 289c4cff2026
push id1040
push userraliiev@mozilla.com
push date2016-02-29 17:11 +0000
treeherdermozilla-release@8c3167321162 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersdveditz, ritu
bugs1243178
milestone45.0
Bug 1243178: CSP - Skip sending reports for non http schemes (r=dveditz) a=ritu
dom/security/nsCSPContext.cpp
--- a/dom/security/nsCSPContext.cpp
+++ b/dom/security/nsCSPContext.cpp
@@ -874,16 +874,17 @@ nsCSPContext::SendReports(nsISupports* a
     bool isHttpScheme =
       (NS_SUCCEEDED(reportURI->SchemeIs("http", &isHttpScheme)) && isHttpScheme) ||
       (NS_SUCCEEDED(reportURI->SchemeIs("https", &isHttpScheme)) && isHttpScheme);
 
     if (!isHttpScheme) {
       const char16_t* params[] = { reportURIs[r].get() };
       logToConsole(MOZ_UTF16("reportURInotHttpsOrHttp2"), params, ArrayLength(params),
                    aSourceFile, aScriptSample, aLineNum, 0, nsIScriptError::errorFlag);
+      continue;
     }
 
     // make sure this is an anonymous request (no cookies) so in case the
     // policy URI is injected, it can't be abused for CSRF.
     nsLoadFlags flags;
     rv = reportChannel->GetLoadFlags(&flags);
     NS_ENSURE_SUCCESS(rv, rv);
     flags |= nsIRequest::LOAD_ANONYMOUS;