Bug 991466 - remove the specCompliant flag from CSP since it's no longer needed. (r=ckerschb,jst)
authorSid Stamm <sstamm@mozilla.com>
Mon, 07 Jul 2014 11:59:37 -0700
changeset 192765 3a34bf944379d919f064d705b93b36aaf7df57ff
parent 192764 8face5cf2b8d25346bf8ace2c40d5b600f49150a
child 192766 5ae58efd730bdb3dffd51f2e85057000d091ca48
push id7651
push usercbook@mozilla.com
push dateTue, 08 Jul 2014 13:28:32 +0000
treeherderfx-team@05cfda67b9db [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersckerschb, jst
bugs991466
milestone33.0a1
Bug 991466 - remove the specCompliant flag from CSP since it's no longer needed. (r=ckerschb,jst)
content/base/public/nsIContentSecurityPolicy.idl
content/base/src/CSPUtils.jsm
content/base/src/contentSecurityPolicy.js
content/base/src/nsCSPContext.cpp
content/base/src/nsDocument.cpp
content/base/test/TestCSPParser.cpp
content/base/test/unit/test_cspreports.js
content/base/test/unit/test_csputils.js
--- a/content/base/public/nsIContentSecurityPolicy.idl
+++ b/content/base/public/nsIContentSecurityPolicy.idl
@@ -12,17 +12,17 @@ interface nsIPrincipal;
 
 /**
  * nsIContentSecurityPolicy
  * Describes an XPCOM component used to model and enforce CSPs.  Instances of
  * this class may have multiple policies within them, but there should only be
  * one of these per document/principal.
  */
 
-[scriptable, uuid(1ae83090-e1e1-4272-b0c4-0fbd751c1e27)]
+[scriptable, uuid(15c409c5-ebf8-457c-a8dd-5b169ca0b218)]
 interface nsIContentSecurityPolicy : nsISerializable
 {
 
   /**
    * Set to true when the CSP has been read in and parsed and is ready to
    * enforce.  This is a barrier for the nsDocument so it doesn't load any
    * sub-content until either it knows that a CSP is ready or will not be used.
    */
@@ -50,23 +50,19 @@ interface nsIContentSecurityPolicy : nsI
    * Parse and install a CSP policy.
    * @param aPolicy
    *        String representation of the policy (e.g., header value)
    * @param selfURI
    *        the URI of the protected document/principal
    * @param reportOnly
    *        Should this policy affect content, script and style processing or
    *        just send reports if it is violated?
-   * @param specCompliant
-   *        Whether or not the policy conforms to the W3C specification.
-   *        If this is false, that indicates this policy is from the older
-   *        implementation with different semantics and directive names.
    */
   void appendPolicy(in AString policyString, in nsIURI selfURI,
-                    in boolean reportOnly, in boolean specCompliant);
+                    in boolean reportOnly);
 
   /**
    * Whether this policy allows in-page script.
    * @param shouldReportViolations
    *     Whether or not the use of inline script should be reported.
    *     This function always returns "true" for report-only policies, but when
    *     any policy (report-only or otherwise) is violated,
    *     shouldReportViolations is true as well.
--- a/content/base/src/CSPUtils.jsm
+++ b/content/base/src/CSPUtils.jsm
@@ -187,27 +187,25 @@ CSPPolicyURIListener.prototype = {
     this._policy += this._wrapper.read(count);
   },
 
   onStopRequest:
   function(request, context, status) {
     if (Components.isSuccessCode(status)) {
       // send the policy we received back to the parent document's CSP
       // for parsing
-      this._csp.appendPolicy(this._policy, this._docURI,
-                             this._reportOnly, true);
+      this._csp.appendPolicy(this._policy, this._docURI, this._reportOnly);
     }
     else {
       // problem fetching policy so fail closed by appending a "block it all"
       // policy.  Also toss an error into the console so developers can see why
       // this policy is used.
       this._csp.log(WARN_FLAG, CSPLocalizer.getFormatStr("errorFetchingPolicy",
                                                          [status]));
-      this._csp.appendPolicy("default-src 'none'", this._docURI,
-                             this._reportOnly, true);
+      this._csp.appendPolicy("default-src 'none'", this._docURI, this._reportOnly);
     }
     // resume the parent document request
     this._docRequest.resume();
   }
 };
 
 //:::::::::::::::::::::::: CLASSES :::::::::::::::::::::::::://
 
@@ -223,17 +221,17 @@ this.CSPRep = function CSPRep() {
   this._allowInlineScripts = false;
   this._allowInlineStyles = false;
   this._reportOnlyMode = false;
 
   // don't auto-populate _directives, so it is easier to find bugs
   this._directives = {};
 }
 
-// Source directives for our CSP 1.0 spec compliant implementation.
+// Source directives for our CSP 1.0 implementation.
 CSPRep.SRC_DIRECTIVES = {
   DEFAULT_SRC:      "default-src",
   SCRIPT_SRC:       "script-src",
   STYLE_SRC:        "style-src",
   MEDIA_SRC:        "media-src",
   IMG_SRC:          "img-src",
   OBJECT_SRC:       "object-src",
   FRAME_SRC:        "frame-src",
--- a/content/base/src/contentSecurityPolicy.js
+++ b/content/base/src/contentSecurityPolicy.js
@@ -380,17 +380,17 @@ ContentSecurityPolicy.prototype = {
 
 /* ........ Methods .............. */
 
   /**
    * Adds a new policy to our list of policies for this CSP context.
    * @returns the count of policies.
    */
   appendPolicy:
-  function csp_appendPolicy(aPolicy, selfURI, aReportOnly, aSpecCompliant) {
+  function csp_appendPolicy(aPolicy, selfURI, aReportOnly) {
     return this._appendPolicyInternal(aPolicy, selfURI, aReportOnly, true);
   },
 
   /**
    * Adds a new policy to our list of policies for this CSP context.
    * Only to be called from this module (not exported)
    * @returns the count of policies.
    */
--- a/content/base/src/nsCSPContext.cpp
+++ b/content/base/src/nsCSPContext.cpp
@@ -281,18 +281,17 @@ nsCSPContext::RemovePolicy(uint32_t aInd
   // reset cache since effective policy changes
   mShouldLoadCache.Clear();
   return NS_OK;
 }
 
 NS_IMETHODIMP
 nsCSPContext::AppendPolicy(const nsAString& aPolicyString,
                            nsIURI* aSelfURI,
-                           bool aReportOnly,
-                           bool aSpecCompliant)
+                           bool aReportOnly)
 {
   CSPCONTEXTLOG(("nsCSPContext::AppendPolicy: %s",
                  NS_ConvertUTF16toUTF8(aPolicyString).get()));
 
   if (aSelfURI) {
     // aSelfURI will be disregarded since we will remove it with bug 991474
     NS_WARNING("aSelfURI should be a nullptr in AppendPolicy and removed in bug 991474");
   }
@@ -1210,26 +1209,16 @@ nsCSPContext::Read(nsIObjectInputStream*
 
     rv = aStream->ReadString(policyString);
     NS_ENSURE_SUCCESS(rv, rv);
 
     bool reportOnly = false;
     rv = aStream->ReadBoolean(&reportOnly);
     NS_ENSURE_SUCCESS(rv, rv);
 
-    bool specCompliant = false;
-    rv = aStream->ReadBoolean(&specCompliant);
-    NS_ENSURE_SUCCESS(rv, rv);
-
-    // Using the new backend, we don't support non-spec-compliant policies, so
-    // skip any of those, will be fixed in bug 991466
-    if (!specCompliant) {
-      continue;
-    }
-
     nsCSPPolicy* policy = nsCSPParser::parseContentSecurityPolicy(policyString,
                                                                   mSelfURI,
                                                                   reportOnly,
                                                                   mInnerWindowID);
     if (policy) {
       mPolicies.AppendElement(policy);
     }
   }
@@ -1249,13 +1238,11 @@ nsCSPContext::Write(nsIObjectOutputStrea
   // Serialize all the policies.
   aStream->Write32(mPolicies.Length());
 
   nsAutoString polStr;
   for (uint32_t p = 0; p < mPolicies.Length(); p++) {
     mPolicies[p]->toString(polStr);
     aStream->WriteWStringZ(polStr.get());
     aStream->WriteBoolean(mPolicies[p]->getReportOnlyFlag());
-    // Setting specCompliant boolean for backwards compatibility (fix in bug 991466)
-    aStream->WriteBoolean(true);
   }
   return NS_OK;
 }
--- a/content/base/src/nsDocument.cpp
+++ b/content/base/src/nsDocument.cpp
@@ -2635,26 +2635,26 @@ nsDocument::SendToConsole(nsCOMArray<nsI
                                     NS_ConvertUTF16toUTF8(category),
                                     this, nsContentUtils::eSECURITY_PROPERTIES,
                                     NS_ConvertUTF16toUTF8(messageTag).get());
   }
 }
 
 static nsresult
 AppendCSPFromHeader(nsIContentSecurityPolicy* csp, const nsAString& aHeaderValue,
-                    nsIURI* aSelfURI, bool aReportOnly, bool aSpecCompliant)
+                    nsIURI* aSelfURI, bool aReportOnly)
 {
   // Need to tokenize the header value since multiple headers could be
   // concatenated into one comma-separated list of policies.
   // See RFC2616 section 4.2 (last paragraph)
   nsresult rv = NS_OK;
   nsCharSeparatedTokenizer tokenizer(aHeaderValue, ',');
   while (tokenizer.hasMoreTokens()) {
       const nsSubstring& policy = tokenizer.nextToken();
-      rv = csp->AppendPolicy(policy, aSelfURI, aReportOnly, aSpecCompliant);
+      rv = csp->AppendPolicy(policy, aSelfURI, aReportOnly);
       NS_ENSURE_SUCCESS(rv, rv);
 #ifdef PR_LOGGING
       {
         PR_LOG(gCspPRLog, PR_LOG_DEBUG,
                 ("CSP refined with policy: \"%s\"",
                 NS_ConvertUTF16toUTF8(policy).get()));
       }
 #endif
@@ -2793,34 +2793,34 @@ nsDocument::InitCSP(nsIChannel* aChannel
       appCSP = Preferences::GetString("security.apps.privileged.CSP.default");
       NS_ASSERTION(appCSP, "App, but no default CSP in security.apps.privileged.CSP.default");
     } else if (appStatus == nsIPrincipal::APP_STATUS_CERTIFIED) {
       appCSP = Preferences::GetString("security.apps.certified.CSP.default");
       NS_ASSERTION(appCSP, "App, but no default CSP in security.apps.certified.CSP.default");
     }
 
     if (appCSP) {
-      csp->AppendPolicy(appCSP, selfURI, false, true);
+      csp->AppendPolicy(appCSP, selfURI, false);
     }
   }
 
   // ----- if the doc is an app and specifies a CSP in its manifest, apply it.
   if (applyAppManifestCSP) {
-    csp->AppendPolicy(appManifestCSP, selfURI, false, true);
+    csp->AppendPolicy(appManifestCSP, selfURI, false);
   }
 
   // ----- if there's a full-strength CSP header, apply it.
   if (!cspHeaderValue.IsEmpty()) {
-    rv = AppendCSPFromHeader(csp, cspHeaderValue, selfURI, false, true);
+    rv = AppendCSPFromHeader(csp, cspHeaderValue, selfURI, false);
     NS_ENSURE_SUCCESS(rv, rv);
   }
 
   // ----- if there's a report-only CSP header, apply it.
   if (!cspROHeaderValue.IsEmpty()) {
-    rv = AppendCSPFromHeader(csp, cspROHeaderValue, selfURI, true, true);
+    rv = AppendCSPFromHeader(csp, cspROHeaderValue, selfURI, true);
     NS_ENSURE_SUCCESS(rv, rv);
   }
 
   // ----- Enforce frame-ancestor policy on any applied policies
   nsCOMPtr<nsIDocShell> docShell(mDocumentContainer);
   if (docShell) {
     bool safeAncestry = false;
 
--- a/content/base/test/TestCSPParser.cpp
+++ b/content/base/test/TestCSPParser.cpp
@@ -112,17 +112,17 @@ nsresult runTest(uint32_t aExpectedPolic
                          dummyChannel);
   NS_ENSURE_SUCCESS(rv, rv);
 
   // append a policy
   nsString policyStr;
   policyStr.AssignASCII(aPolicy);
   // Second argument in AppendPolicy needs to be a nullptr,
   // because we are using the selfURI set in SetRequestingContext
-  rv = csp->AppendPolicy(policyStr, nullptr, false, true);
+  rv = csp->AppendPolicy(policyStr, nullptr, false);
   NS_ENSURE_SUCCESS(rv, rv);
 
   // when executing fuzzy tests we do not care about the actual output
   // of the parser, we just want to make sure that the parser is not crashing.
   if (aExpectedPolicyCount == kFuzzyExpectedPolicyCount) {
     return NS_OK;
   }
 
--- a/content/base/test/unit/test_cspreports.js
+++ b/content/base/test/unit/test_cspreports.js
@@ -74,17 +74,17 @@ function makeTest(id, expectedJSON, useR
 
   dump("Created test " + id + " : " + policy + "\n\n");
 
   // make the reports seem authentic by "binding" them to a channel.
   csp.setRequestContext(selfuri, null, null, selfchan);
 
   // Load up the policy
   // set as report-only if that's the case
-  csp.appendPolicy(policy, selfuri, useReportOnlyPolicy, true);
+  csp.appendPolicy(policy, selfuri, useReportOnlyPolicy);
 
   // prime the report server
   var handler = makeReportHandler("/test" + id, "Test " + id, expectedJSON);
   httpServer.registerPathHandler("/test" + id, handler);
 
   //trigger the violation
   callback(csp);
 }
--- a/content/base/test/unit/test_csputils.js
+++ b/content/base/test/unit/test_csputils.js
@@ -495,17 +495,17 @@ test(function test_FrameAncestor_ignores
       do_check_true(cspr.permits(URI("http://self.com/foo"), SD.FRAME_ANCESTORS));
 
       // construct fake ancestry with CSP applied to the child.
       // [aChildUri] -> [aParentUri] -> (root/top)
       // and then test "permitsAncestry" on the child/self docshell.
       function testPermits(aChildUri, aParentUri, aContentType) {
         let cspObj = Cc["@mozilla.org/contentsecuritypolicy;1"]
                        .createInstance(Ci.nsIContentSecurityPolicy);
-        cspObj.appendPolicy(testPolicy, aChildUri, false, false);
+        cspObj.appendPolicy(testPolicy, aChildUri, false);
         let docshellparent = Cc["@mozilla.org/docshell;1"]
                                .createInstance(Ci.nsIDocShell);
         let docshellchild  = Cc["@mozilla.org/docshell;1"]
                                .createInstance(Ci.nsIDocShell);
         docshellparent.setCurrentURI(aParentUri);
         docshellchild.setCurrentURI(aChildUri);
         docshellparent.addChild(docshellchild);
         return cspObj.permitsAncestry(docshellchild);
@@ -672,19 +672,19 @@ test(
       /**
        * When a protected document has a non-standard port, other host names
        * listed as sources should inherit the scheme of the protected document
        * but NOT the port.  Other hosts should use the default port for the
        * inherited scheme.  For example, since 443 is default for HTTPS:
        *
        *   Document with CSP: https://foobar.com:4443
        *   Transmitted policy:
-       *       "allow 'self' a.com"
+       *       "default-src 'self' a.com"
        *   Explicit policy:
-       *       "allow https://foobar.com:4443 https://a.com:443"
+       *       "default-src https://foobar.com:4443 https://a.com:443"
        *
        * This test examines scheme and nonstandard port inheritance.
        */
 
       var src;
       src = CSPSource.create("a.com", undefined, "https://foobar.com:4443");
       //"src should inherit and require https scheme
       do_check_false(src.permits("http://a.com"));
@@ -711,17 +711,17 @@ test(
       do_check_false(src.permits("http://foobar.com:4443"));
       do_check_false(src.permits("http://foobar.com"));
 
     });
 
 test(
     function test_bug634773_noneAndStarAreDifferent() {
       /**
-       * Bug 634773 is that allow * and allow 'none' end up "equal" via
+       * Bug 634773 is that default-src * and default-src 'none' end up "equal" via
        * CSPSourceList.prototype.equals(), which is wrong.  This tests that
        * doesn't happen.
        */
 
       var p_none = CSPSourceList.fromString("'none'", undefined, "http://foo.com", false);
       var p_all = CSPSourceList.fromString("*", undefined, "http://foo.com", false);
       var p_one = CSPSourceList.fromString("bar.com", undefined, "http://foo.com", false);
 
@@ -743,17 +743,17 @@ test(
       var selfURI = URI("http://self.com/");
 
       function testPermits(cspObj, aUri, aContentType) {
         return cspObj.shouldLoad(aContentType, aUri, null, null, null, null)
                == Ci.nsIContentPolicy.ACCEPT;
       };
 
       const policy = "script-src 'self'";
-      cspObj.appendPolicy(policy, selfURI, false, true);
+      cspObj.appendPolicy(policy, selfURI, false);
 
       // Spec-Compliant policy default-src defaults to *.
       // This means all images are allowed, and only 'self'
       // script is allowed.
       do_check_true(testPermits(cspObj,
                                 URI("http://bar.com/foo.png"),
                                 Ci.nsIContentPolicy.TYPE_IMAGE));
       do_check_true(testPermits(cspObj,
@@ -828,23 +828,23 @@ test(function test_csp_permits_case_inse
       cspr = CSPRep.fromString(testPolicy4, URI(selfHost));
       do_check_false(cspr.permits(URI("http://foo.com"), SD.DEFAULT_SRC));
   });
 /*
 
 test(function test_CSPRep_fromPolicyURI_failswhenmixed() {
         var cspr;
         var self = "http://localhost:" + POLICY_PORT;
-        var closed_policy = CSPRep.fromString("allow 'none'");
+        var closed_policy = CSPRep.fromString("default-src 'none'");
         var my_uri_policy = "policy-uri " + POLICY_URI;
 
         //print(" --- Ignore the following two errors if they print ---");
-        cspr = CSPRep.fromString("allow *; " + my_uri_policy, URI(self));
+        cspr = CSPRep.fromString("default-src *; " + my_uri_policy, URI(self));
 
-        //"Parsing should fail when 'policy-uri' is mixed with allow directive"
+        //"Parsing should fail when 'policy-uri' is mixed with default-src directive"
         do_check_equivalent(cspr, closed_policy);
         cspr = CSPRep.fromString("img-src 'self'; " + my_uri_policy, URI(self));
 
         //"Parsing should fail when 'policy-uri' is mixed with other directives"
         do_check_equivalent(cspr, closed_policy);
         //print(" --- Stop ignoring errors that print ---\n");
 
     });