Backed out changeset 9fedba33cfa3 (bug 1514396) for causing regression Bug 1521239, requested by jkt. CLOSED TREE
authorMargareta Eliza Balazs <ebalazs@mozilla.com>
Mon, 21 Jan 2019 14:21:30 +0200
changeset 454686 2885dbea4efe7f400bef8f594c0798e8aab6bd01
parent 454685 e9570ad88e6d4ac55d26342dca0ded559b8c2ff9
child 454687 847eaa28d60b831b20b8271efb447b3887d412af
push id111317
push userrmaries@mozilla.com
push dateMon, 21 Jan 2019 18:01:55 +0000
treeherdermozilla-inbound@19db0edfbc10 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
bugs1514396, 1521239
milestone66.0a1
backs out9fedba33cfa3ceb88437433072951f26bf9f9a90
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Backed out changeset 9fedba33cfa3 (bug 1514396) for causing regression Bug 1521239, requested by jkt. CLOSED TREE
dom/security/nsMixedContentBlocker.cpp
image/imgLoader.cpp
testing/web-platform/meta/mixed-content/classic-data-worker-fetch/http-csp/cross-origin-http/top-level/keep-scheme-redirect/blockable/opt-in-blocks.https.html.ini
testing/web-platform/meta/mixed-content/classic-data-worker-fetch/http-csp/cross-origin-http/top-level/no-redirect/blockable/opt-in-blocks.https.html.ini
testing/web-platform/meta/mixed-content/classic-data-worker-fetch/http-csp/cross-origin-http/top-level/swap-scheme-redirect/blockable/opt-in-blocks.https.html.ini
testing/web-platform/meta/mixed-content/classic-data-worker-fetch/http-csp/same-host-http/top-level/keep-scheme-redirect/blockable/opt-in-blocks.https.html.ini
testing/web-platform/meta/mixed-content/classic-data-worker-fetch/http-csp/same-host-http/top-level/no-redirect/blockable/opt-in-blocks.https.html.ini
testing/web-platform/meta/mixed-content/classic-data-worker-fetch/http-csp/same-host-http/top-level/swap-scheme-redirect/blockable/opt-in-blocks.https.html.ini
testing/web-platform/meta/mixed-content/classic-data-worker-fetch/meta-csp/cross-origin-http/top-level/no-redirect/blockable/opt-in-blocks.https.html.ini
testing/web-platform/meta/mixed-content/classic-data-worker-fetch/meta-csp/same-host-http/top-level/no-redirect/blockable/opt-in-blocks.https.html.ini
testing/web-platform/meta/mixed-content/classic-data-worker-fetch/no-opt-in/cross-origin-http/top-level/keep-scheme-redirect/blockable/no-opt-in-blocks.https.html.ini
testing/web-platform/meta/mixed-content/classic-data-worker-fetch/no-opt-in/cross-origin-http/top-level/no-redirect/blockable/no-opt-in-blocks.https.html.ini
testing/web-platform/meta/mixed-content/classic-data-worker-fetch/no-opt-in/cross-origin-http/top-level/swap-scheme-redirect/blockable/no-opt-in-blocks.https.html.ini
testing/web-platform/meta/mixed-content/classic-data-worker-fetch/no-opt-in/same-host-http/top-level/keep-scheme-redirect/blockable/no-opt-in-blocks.https.html.ini
testing/web-platform/meta/mixed-content/classic-data-worker-fetch/no-opt-in/same-host-http/top-level/no-redirect/blockable/no-opt-in-blocks.https.html.ini
testing/web-platform/meta/mixed-content/classic-data-worker-fetch/no-opt-in/same-host-http/top-level/swap-scheme-redirect/blockable/no-opt-in-blocks.https.html.ini
--- a/dom/security/nsMixedContentBlocker.cpp
+++ b/dom/security/nsMixedContentBlocker.cpp
@@ -361,17 +361,17 @@ nsMixedContentBlocker::ShouldLoad(nsIURI
                                   nsILoadInfo* aLoadInfo,
                                   const nsACString& aMimeGuess,
                                   int16_t* aDecision) {
   uint32_t contentType = aLoadInfo->InternalContentPolicyType();
   nsCOMPtr<nsISupports> requestingContext = aLoadInfo->GetLoadingContext();
   nsCOMPtr<nsIPrincipal> requestPrincipal = aLoadInfo->TriggeringPrincipal();
   nsCOMPtr<nsIURI> requestingLocation;
   nsCOMPtr<nsIPrincipal> loadingPrincipal = aLoadInfo->LoadingPrincipal();
-  if (loadingPrincipal && loadingPrincipal->GetIsCodebasePrincipal()) {
+  if (loadingPrincipal) {
     loadingPrincipal->GetURI(getter_AddRefs(requestingLocation));
   }
 
   // We pass in false as the first parameter to ShouldLoad(), because the
   // callers of this method don't know whether the load went through cached
   // image redirects.  This is handled by direct callers of the static
   // ShouldLoad.
   nsresult rv =
--- a/image/imgLoader.cpp
+++ b/image/imgLoader.cpp
@@ -679,18 +679,17 @@ static bool ShouldLoadCachedImage(imgReq
       if (document && document->GetUpgradeInsecureRequests(false)) {
         return false;
       }
     }
 
     if (!nsContentUtils::IsSystemPrincipal(aTriggeringPrincipal)) {
       // Set the requestingLocation from the aTriggeringPrincipal.
       nsCOMPtr<nsIURI> requestingLocation;
-      if (aTriggeringPrincipal &&
-          aTriggeringPrincipal->GetIsCodebasePrincipal()) {
+      if (aTriggeringPrincipal) {
         rv = aTriggeringPrincipal->GetURI(getter_AddRefs(requestingLocation));
         NS_ENSURE_SUCCESS(rv, false);
       }
 
       // reset the decision for mixed content blocker check
       decision = nsIContentPolicy::REJECT_REQUEST;
       rv = nsMixedContentBlocker::ShouldLoad(
           insecureRedirect, aPolicyType, contentLocation, requestingLocation,
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/meta/mixed-content/classic-data-worker-fetch/http-csp/cross-origin-http/top-level/keep-scheme-redirect/blockable/opt-in-blocks.https.html.ini
@@ -0,0 +1,4 @@
+[opt-in-blocks.https.html]
+  [opt_in_method: http-csp\n                                 origin: cross-origin-http\n                                 source_scheme: https\n                                 context_nesting: top-level\n                                 redirection: keep-scheme-redirect\n                                 subresource: classic-data-worker-fetch\n                                 expectation: blocked]
+    expected: FAIL
+
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/meta/mixed-content/classic-data-worker-fetch/http-csp/cross-origin-http/top-level/no-redirect/blockable/opt-in-blocks.https.html.ini
@@ -0,0 +1,4 @@
+[opt-in-blocks.https.html]
+  [opt_in_method: http-csp\n                                 origin: cross-origin-http\n                                 source_scheme: https\n                                 context_nesting: top-level\n                                 redirection: no-redirect\n                                 subresource: classic-data-worker-fetch\n                                 expectation: blocked]
+    expected: FAIL
+
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/meta/mixed-content/classic-data-worker-fetch/http-csp/cross-origin-http/top-level/swap-scheme-redirect/blockable/opt-in-blocks.https.html.ini
@@ -0,0 +1,4 @@
+[opt-in-blocks.https.html]
+  [opt_in_method: http-csp\n                                 origin: cross-origin-http\n                                 source_scheme: https\n                                 context_nesting: top-level\n                                 redirection: swap-scheme-redirect\n                                 subresource: classic-data-worker-fetch\n                                 expectation: blocked]
+    expected: FAIL
+
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/meta/mixed-content/classic-data-worker-fetch/http-csp/same-host-http/top-level/keep-scheme-redirect/blockable/opt-in-blocks.https.html.ini
@@ -0,0 +1,4 @@
+[opt-in-blocks.https.html]
+  [opt_in_method: http-csp\n                                 origin: same-host-http\n                                 source_scheme: https\n                                 context_nesting: top-level\n                                 redirection: keep-scheme-redirect\n                                 subresource: classic-data-worker-fetch\n                                 expectation: blocked]
+    expected: FAIL
+
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/meta/mixed-content/classic-data-worker-fetch/http-csp/same-host-http/top-level/no-redirect/blockable/opt-in-blocks.https.html.ini
@@ -0,0 +1,4 @@
+[opt-in-blocks.https.html]
+  [opt_in_method: http-csp\n                                 origin: same-host-http\n                                 source_scheme: https\n                                 context_nesting: top-level\n                                 redirection: no-redirect\n                                 subresource: classic-data-worker-fetch\n                                 expectation: blocked]
+    expected: FAIL
+
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/meta/mixed-content/classic-data-worker-fetch/http-csp/same-host-http/top-level/swap-scheme-redirect/blockable/opt-in-blocks.https.html.ini
@@ -0,0 +1,4 @@
+[opt-in-blocks.https.html]
+  [opt_in_method: http-csp\n                                 origin: same-host-http\n                                 source_scheme: https\n                                 context_nesting: top-level\n                                 redirection: swap-scheme-redirect\n                                 subresource: classic-data-worker-fetch\n                                 expectation: blocked]
+    expected: FAIL
+
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/meta/mixed-content/classic-data-worker-fetch/meta-csp/cross-origin-http/top-level/no-redirect/blockable/opt-in-blocks.https.html.ini
@@ -0,0 +1,4 @@
+[opt-in-blocks.https.html]
+  [opt_in_method: meta-csp\n                                 origin: cross-origin-http\n                                 source_scheme: https\n                                 context_nesting: top-level\n                                 redirection: no-redirect\n                                 subresource: classic-data-worker-fetch\n                                 expectation: blocked]
+    expected: FAIL
+
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/meta/mixed-content/classic-data-worker-fetch/meta-csp/same-host-http/top-level/no-redirect/blockable/opt-in-blocks.https.html.ini
@@ -0,0 +1,4 @@
+[opt-in-blocks.https.html]
+  [opt_in_method: meta-csp\n                                 origin: same-host-http\n                                 source_scheme: https\n                                 context_nesting: top-level\n                                 redirection: no-redirect\n                                 subresource: classic-data-worker-fetch\n                                 expectation: blocked]
+    expected: FAIL
+
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/meta/mixed-content/classic-data-worker-fetch/no-opt-in/cross-origin-http/top-level/keep-scheme-redirect/blockable/no-opt-in-blocks.https.html.ini
@@ -0,0 +1,4 @@
+[no-opt-in-blocks.https.html]
+  [opt_in_method: no-opt-in\n                                 origin: cross-origin-http\n                                 source_scheme: https\n                                 context_nesting: top-level\n                                 redirection: keep-scheme-redirect\n                                 subresource: classic-data-worker-fetch\n                                 expectation: blocked]
+    expected: FAIL
+
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/meta/mixed-content/classic-data-worker-fetch/no-opt-in/cross-origin-http/top-level/no-redirect/blockable/no-opt-in-blocks.https.html.ini
@@ -0,0 +1,4 @@
+[no-opt-in-blocks.https.html]
+  [opt_in_method: no-opt-in\n                                 origin: cross-origin-http\n                                 source_scheme: https\n                                 context_nesting: top-level\n                                 redirection: no-redirect\n                                 subresource: classic-data-worker-fetch\n                                 expectation: blocked]
+    expected: FAIL
+
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/meta/mixed-content/classic-data-worker-fetch/no-opt-in/cross-origin-http/top-level/swap-scheme-redirect/blockable/no-opt-in-blocks.https.html.ini
@@ -0,0 +1,4 @@
+[no-opt-in-blocks.https.html]
+  [opt_in_method: no-opt-in\n                                 origin: cross-origin-http\n                                 source_scheme: https\n                                 context_nesting: top-level\n                                 redirection: swap-scheme-redirect\n                                 subresource: classic-data-worker-fetch\n                                 expectation: blocked]
+    expected: FAIL
+
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/meta/mixed-content/classic-data-worker-fetch/no-opt-in/same-host-http/top-level/keep-scheme-redirect/blockable/no-opt-in-blocks.https.html.ini
@@ -0,0 +1,4 @@
+[no-opt-in-blocks.https.html]
+  [opt_in_method: no-opt-in\n                                 origin: same-host-http\n                                 source_scheme: https\n                                 context_nesting: top-level\n                                 redirection: keep-scheme-redirect\n                                 subresource: classic-data-worker-fetch\n                                 expectation: blocked]
+    expected: FAIL
+
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/meta/mixed-content/classic-data-worker-fetch/no-opt-in/same-host-http/top-level/no-redirect/blockable/no-opt-in-blocks.https.html.ini
@@ -0,0 +1,4 @@
+[no-opt-in-blocks.https.html]
+  [opt_in_method: no-opt-in\n                                 origin: same-host-http\n                                 source_scheme: https\n                                 context_nesting: top-level\n                                 redirection: no-redirect\n                                 subresource: classic-data-worker-fetch\n                                 expectation: blocked]
+    expected: FAIL
+
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/meta/mixed-content/classic-data-worker-fetch/no-opt-in/same-host-http/top-level/swap-scheme-redirect/blockable/no-opt-in-blocks.https.html.ini
@@ -0,0 +1,4 @@
+[no-opt-in-blocks.https.html]
+  [opt_in_method: no-opt-in\n                                 origin: same-host-http\n                                 source_scheme: https\n                                 context_nesting: top-level\n                                 redirection: swap-scheme-redirect\n                                 subresource: classic-data-worker-fetch\n                                 expectation: blocked]
+    expected: FAIL
+