Bug 1667333: Remove unecessary prefs for mime type checking r=necko-reviewers,evilpie,valentin
authorChristoph Kerschbaumer <ckerschb@christophkerschbaumer.com>
Mon, 28 Sep 2020 06:35:10 +0000
changeset 550536 9c47bca207be7bdaf827d73a24332e1c2aec2545
parent 550535 598f3fb995df174de08d9a05098d142662a0a8a7
child 550537 1f667dc68332f50ef978cb48b913f53a51439bf3
push id127340
push usercbrindusan@mozilla.com
push dateMon, 28 Sep 2020 07:28:03 +0000
treeherderautoland@9c47bca207be [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersnecko-reviewers, evilpie, valentin
bugs1667333
milestone83.0a1
first release with
nightly linux32
9c47bca207be / 83.0a1 / 20200928094830 / files
nightly linux64
9c47bca207be / 83.0a1 / 20200928094830 / files
nightly mac
9c47bca207be / 83.0a1 / 20200928094830 / files
nightly win32
9c47bca207be / 83.0a1 / 20200928094830 / files
nightly win64
9c47bca207be / 83.0a1 / 20200928094830 / files
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
releases
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1667333: Remove unecessary prefs for mime type checking r=necko-reviewers,evilpie,valentin Differential Revision: https://phabricator.services.mozilla.com/D91406
dom/security/test/general/test_block_script_wrong_mime.html
modules/libpref/init/StaticPrefList.yaml
netwerk/protocol/http/nsHttpChannel.cpp
--- a/dom/security/test/general/test_block_script_wrong_mime.html
+++ b/dom/security/test/general/test_block_script_wrong_mime.html
@@ -74,21 +74,19 @@ function testWorkerImportScripts([mime, 
       error.preventDefault();
       resolve();
     }
     worker.postMessage("dummy");
   });
 }
 
 SimpleTest.waitForExplicitFinish();
-SpecialPowers.pushPrefEnv({set: [["security.block_script_with_wrong_mime", true]]}, function() {
-  Promise.all(MIMETypes.map(testScript)).then(() => {
-    return Promise.all(MIMETypes.map(testWorker));
-  }).then(() => {
-    return Promise.all(MIMETypes.map(testWorkerImportScripts));
-  }).then(() => {
-    return SpecialPowers.popPrefEnv();
-  }).then(SimpleTest.finish);
-});
+Promise.all(MIMETypes.map(testScript)).then(() => {
+  return Promise.all(MIMETypes.map(testWorker));
+}).then(() => {
+  return Promise.all(MIMETypes.map(testWorkerImportScripts));
+}).then(() => {
+  return SpecialPowers.popPrefEnv();
+}).then(SimpleTest.finish);
 
 </script>
 </body>
 </html>
--- a/modules/libpref/init/StaticPrefList.yaml
+++ b/modules/libpref/init/StaticPrefList.yaml
@@ -9273,28 +9273,16 @@
   mirror: always
 
 # No way to enable on Android, Bug 1552602
 - name: security.webauth.u2f
   type: bool
   value: @IS_NOT_ANDROID@
   mirror: always
 
-# Block scripts with _some_ wrong MIME types such as image/, video/ or text/csv
-- name: security.block_script_with_wrong_mime
-  type: bool
-  value: true
-  mirror: always
-
-# Block scripts with wrong MIME type when loading via importScripts().
-- name: security.block_importScripts_with_wrong_mime
-  type: bool
-  value: true
-  mirror: always
-
 # Block Worker/SharedWorker scripts with wrong MIME type.
 - name: security.block_Worker_with_wrong_mime
   type: bool
   value: true
   mirror: always
 
 # Cancel outgoing requests from SystemPrincipal
 - name: security.cancel_non_local_loads_triggered_by_systemprincipal
--- a/netwerk/protocol/http/nsHttpChannel.cpp
+++ b/netwerk/protocol/http/nsHttpChannel.cpp
@@ -1734,21 +1734,16 @@ nsresult EnsureMIMEOfScript(nsHttpChanne
   } else if (StringBeginsWith(contentType, "text/csv"_ns)) {
     // script load has type text/csv
     AccumulateCategorical(
         Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_3::text_csv);
     block = true;
   }
 
   if (block) {
-    // Do not block the load if the feature is not enabled.
-    if (!StaticPrefs::security_block_script_with_wrong_mime()) {
-      return NS_OK;
-    }
-
     ReportMimeTypeMismatch(aChannel, "BlockScriptWithWrongMimeType2", aURI,
                            contentType, Report::Error);
     return NS_ERROR_CORRUPTED_CONTENT;
   }
 
   if (StringBeginsWith(contentType, "text/plain"_ns)) {
     // script load has type text/plain
     AccumulateCategorical(
@@ -1785,21 +1780,16 @@ nsresult EnsureMIMEOfScript(nsHttpChanne
     // script load has unknown type
     AccumulateCategorical(
         Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_3::unknown);
   }
 
   // We restrict importScripts() in worker code to JavaScript MIME types.
   nsContentPolicyType internalType = aLoadInfo->InternalContentPolicyType();
   if (internalType == nsIContentPolicy::TYPE_INTERNAL_WORKER_IMPORT_SCRIPTS) {
-    // Do not block the load if the feature is not enabled.
-    if (!StaticPrefs::security_block_importScripts_with_wrong_mime()) {
-      return NS_OK;
-    }
-
     ReportMimeTypeMismatch(aChannel, "BlockImportScriptsWithWrongMimeType",
                            aURI, contentType, Report::Error);
     return NS_ERROR_CORRUPTED_CONTENT;
   }
 
   if (internalType == nsIContentPolicy::TYPE_INTERNAL_WORKER ||
       internalType == nsIContentPolicy::TYPE_INTERNAL_SHARED_WORKER) {
     // Do not block the load if the feature is not enabled.