Bug 1303682 - Add deprecation warning before removing 'referrer' directive from CSP. r=ckerschb
authorSamriddhi Jain <j.samriddhi13@gmail.com>
Wed, 28 Sep 2016 20:17:18 +0530
changeset 315870 64465dd73b9751efed80449c38f82770bd0693b9
parent 315869 cce196d1d7b48958abcb1b23bc3afce6f223f074
child 315871 77a8d7d6a0fb5fb4cdce1c9edf68a573f7d3de55
push id20634
push usercbook@mozilla.com
push dateFri, 30 Sep 2016 10:10:13 +0000
treeherderfx-team@afe79b010d13 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersckerschb
bugs1303682
milestone52.0a1
Bug 1303682 - Add deprecation warning before removing 'referrer' directive from CSP. r=ckerschb
dom/locales/en-US/chrome/security/csp.properties
dom/security/nsCSPParser.cpp
--- a/dom/locales/en-US/chrome/security/csp.properties
+++ b/dom/locales/en-US/chrome/security/csp.properties
@@ -72,16 +72,19 @@ notSupportingDirective = Not supporting directive ‘%1$S’. Directive and values will be ignored.
 # %1$S is the URL of the blocked resource load.
 blockAllMixedContent = Blocking insecure request ‘%1$S’.
 # LOCALIZATION NOTE (ignoringDirectiveWithNoValues):
 # %1$S is the name of a CSP directive that requires additional values (e.g., 'require-sri-for')
 ignoringDirectiveWithNoValues = Ignoring ‘%1$S’ since it does not contain any parameters.
 # LOCALIZATION NOTE (ignoringReportOnlyDirective):
 # %1$S is the directive that is ignored in report-only mode.
 ignoringReportOnlyDirective = Ignoring sandbox directive when delivered in a report-only policy ‘%1$S’
+# LOCALIZATION NOTE (deprecatedReferrerDirective):
+# %1$S is the value of the deprecated Referrer Directive.
+deprecatedReferrerDirective = Referrer Directive ‘%1$S’ has been deprecated. Please use the Referrer-Policy header instead.
 
 # CSP Errors:
 # LOCALIZATION NOTE (couldntParseInvalidSource):
 # %1$S is the source that could not be parsed
 couldntParseInvalidSource = Couldn’t parse invalid source %1$S
 # LOCALIZATION NOTE (couldntParseInvalidHost):
 # %1$S is the host that's invalid
 couldntParseInvalidHost = Couldn’t parse invalid host %1$S
--- a/dom/security/nsCSPParser.cpp
+++ b/dom/security/nsCSPParser.cpp
@@ -860,16 +860,21 @@ nsCSPParser::referrerDirectiveValue(nsCS
 
   if (!mozilla::net::IsValidReferrerPolicy(mCurDir[1])) {
     CSPPARSERLOG(("invalid value for referrer directive: %s",
                   NS_ConvertUTF16toUTF8(mCurDir[1]).get()));
     delete aDir;
     return;
   }
 
+  //referrer-directive deprecation warning
+  const char16_t* params[] = { mCurDir[1].get() };
+  logWarningErrorToConsole(nsIScriptError::warningFlag, "deprecatedReferrerDirective",
+                             params, ArrayLength(params));
+
   // the referrer policy is valid, so go ahead and use it.
   mPolicy->setReferrerPolicy(&mCurDir[1]);
   mPolicy->addDirective(aDir);
 }
 
 void
 nsCSPParser::requireSRIForDirectiveValue(nsRequireSRIForDirective* aDir)
 {