Backed out changeset c3579f540cd7 (bug 1583932) for causing xpcshell failures in test_csp_reports.js CLOSED TREE
authorNoemi Erli <nerli@mozilla.com>
Thu, 26 Sep 2019 17:00:16 +0300
changeset 495200 1d189ae70326e415f8590e3aeee24885fb8418bc
parent 495199 d89319819e435d737512719f56f844e6eeeb0303
child 495201 55d7658978ed751dcb334083dedfb4e083d761cd
child 495202 14c641ae451bb5816cf3bc3049ba88817b40920c
push id114133
push usershindli@mozilla.com
push dateThu, 26 Sep 2019 21:40:49 +0000
treeherdermozilla-inbound@55d7658978ed [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
bugs1583932
milestone71.0a1
backs outc3579f540cd7c4ba60530659205675fd9aa80cc9
first release with
nightly linux32
1d189ae70326 / 71.0a1 / 20190926213542 / files
nightly linux64
1d189ae70326 / 71.0a1 / 20190926213542 / files
nightly mac
1d189ae70326 / 71.0a1 / 20190926213542 / files
nightly win32
1d189ae70326 / 71.0a1 / 20190926213542 / files
nightly win64
1d189ae70326 / 71.0a1 / 20190926213542 / files
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
releases
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Backed out changeset c3579f540cd7 (bug 1583932) for causing xpcshell failures in test_csp_reports.js CLOSED TREE
dom/interfaces/security/nsIContentSecurityPolicy.idl
dom/security/nsCSPContext.cpp
dom/security/nsCSPService.cpp
--- a/dom/interfaces/security/nsIContentSecurityPolicy.idl
+++ b/dom/interfaces/security/nsIContentSecurityPolicy.idl
@@ -324,16 +324,17 @@ interface nsIContentSecurityPolicy : nsI
    *
    * aOriginalURIIfRedirect must be passed only if this loading is the result
    * of a redirect. In this case, aOriginalURIIfRedirect must be the original
    * URL.
    */
   short shouldLoad(in nsContentPolicyType aContentType,
                    in nsICSPEventListener aCSPEventListener,
                    in nsIURI          aContentLocation,
+                   in nsIURI          aRequestOrigin,
                    in nsISupports     aContext,
                    in ACString        aMimeTypeGuess,
                    in nsIURI          aOriginalURIIfRedirect,
                    in bool            aSendViolationReports,
                    in AString         aNonce);
 
 %{ C++
 // nsIObserver topic to fire when the policy encounters a violation.
--- a/dom/security/nsCSPContext.cpp
+++ b/dom/security/nsCSPContext.cpp
@@ -112,17 +112,18 @@ static void BlockedContentSourceToString
   }
 }
 
 /* =====  nsIContentSecurityPolicy impl ====== */
 
 NS_IMETHODIMP
 nsCSPContext::ShouldLoad(nsContentPolicyType aContentType,
                          nsICSPEventListener* aCSPEventListener,
-                         nsIURI* aContentLocation, nsISupports* aRequestContext,
+                         nsIURI* aContentLocation, nsIURI* aRequestOrigin,
+                         nsISupports* aRequestContext,
                          const nsACString& aMimeTypeGuess,
                          nsIURI* aOriginalURIIfRedirect,
                          bool aSendViolationReports, const nsAString& aNonce,
                          int16_t* outDecision) {
   if (CSPCONTEXTLOGENABLED()) {
     CSPCONTEXTLOG(("nsCSPContext::ShouldLoad, aContentLocation: %s",
                    aContentLocation->GetSpecOrDefault().get()));
     CSPCONTEXTLOG((">>>>                      aContentType: %d", aContentType));
--- a/dom/security/nsCSPService.cpp
+++ b/dom/security/nsCSPService.cpp
@@ -102,16 +102,21 @@ bool subjectToCSP(nsIURI* aURI, nsConten
                                              const nsACString& aMimeTypeGuess,
                                              int16_t* aDecision) {
   if (!aContentLocation) {
     return NS_ERROR_FAILURE;
   }
 
   uint32_t contentType = aLoadInfo->InternalContentPolicyType();
   nsCOMPtr<nsISupports> requestContext = aLoadInfo->GetLoadingContext();
+  nsCOMPtr<nsIURI> requestOrigin;
+  nsCOMPtr<nsIPrincipal> loadingPrincipal = aLoadInfo->LoadingPrincipal();
+  if (loadingPrincipal) {
+    loadingPrincipal->GetURI(getter_AddRefs(requestOrigin));
+  }
 
   nsCOMPtr<nsICSPEventListener> cspEventListener;
   nsresult rv =
       aLoadInfo->GetCspEventListener(getter_AddRefs(cspEventListener));
   NS_ENSURE_SUCCESS(rv, rv);
 
   if (MOZ_LOG_TEST(gCspPRLog, LogLevel::Debug)) {
     MOZ_LOG(gCspPRLog, LogLevel::Debug,
@@ -139,18 +144,18 @@ bool subjectToCSP(nsIURI* aURI, nsConten
   // 1) Apply speculate CSP for preloads
   bool isPreload = nsContentUtils::IsPreloadType(contentType);
 
   if (isPreload) {
     nsCOMPtr<nsIContentSecurityPolicy> preloadCsp = aLoadInfo->GetPreloadCsp();
     if (preloadCsp) {
       // obtain the enforcement decision
       rv = preloadCsp->ShouldLoad(
-          contentType, cspEventListener, aContentLocation, requestContext,
-          aMimeTypeGuess,
+          contentType, cspEventListener, aContentLocation, requestOrigin,
+          requestContext, aMimeTypeGuess,
           nullptr,  // no redirect, aOriginal URL is null.
           aLoadInfo->GetSendCSPViolationEvents(), cspNonce, aDecision);
       NS_ENSURE_SUCCESS(rv, rv);
 
       // if the preload policy already denied the load, then there
       // is no point in checking the real policy
       if (NS_CP_REJECTED(*aDecision)) {
         NS_SetRequestBlockingReason(
@@ -165,17 +170,17 @@ bool subjectToCSP(nsIURI* aURI, nsConten
   // the csp should be overruled (e.g. by an ExpandedPrincipal)
   // then loadinfo->GetCSP() returns that CSP instead of the
   // document's CSP.
   nsCOMPtr<nsIContentSecurityPolicy> csp = aLoadInfo->GetCsp();
 
   if (csp) {
     // obtain the enforcement decision
     rv = csp->ShouldLoad(contentType, cspEventListener, aContentLocation,
-                         requestContext, aMimeTypeGuess,
+                         requestOrigin, requestContext, aMimeTypeGuess,
                          nullptr,  // no redirect, aOriginal URL is null.
                          aLoadInfo->GetSendCSPViolationEvents(), cspNonce,
                          aDecision);
 
     if (NS_CP_REJECTED(*aDecision)) {
       NS_SetRequestBlockingReason(
           aLoadInfo, nsILoadInfo::BLOCKING_REASON_CONTENT_POLICY_GENERAL);
     }
@@ -332,16 +337,17 @@ nsresult CSPService::ConsultCSPForRedire
   if (isPreload) {
     nsCOMPtr<nsIContentSecurityPolicy> preloadCsp = aLoadInfo->GetPreloadCsp();
     if (preloadCsp) {
       // Pass  originalURI to indicate the redirect
       preloadCsp->ShouldLoad(
           policyType,  // load type per nsIContentPolicy (uint32_t)
           cspEventListener,
           aNewURI,         // nsIURI
+          nullptr,         // nsIURI
           requestContext,  // nsISupports
           EmptyCString(),  // ACString - MIME guess
           aOriginalURI,    // Original nsIURI
           true,            // aSendViolationReports
           cspNonce,        // nonce
           &decision);
 
       // if the preload policy already denied the load, then there
@@ -355,16 +361,17 @@ nsresult CSPService::ConsultCSPForRedire
 
   // 2) Apply actual CSP to all loads
   nsCOMPtr<nsIContentSecurityPolicy> csp = aLoadInfo->GetCsp();
   if (csp) {
     // Pass  originalURI to indicate the redirect
     csp->ShouldLoad(policyType,  // load type per nsIContentPolicy (uint32_t)
                     cspEventListener,
                     aNewURI,         // nsIURI
+                    nullptr,         // nsIURI
                     requestContext,  // nsISupports
                     EmptyCString(),  // ACString - MIME guess
                     aOriginalURI,    // Original nsIURI
                     true,            // aSendViolationReports
                     cspNonce,        // nonce
                     &decision);
     if (NS_CP_REJECTED(decision)) {
       aCancelCode = Some(NS_ERROR_DOM_BAD_URI);