Backed out 4 changesets (bug 1583076) for causing build bustages on nsCSPService.cpp. CLOSED TREE
authorCosmin Sabou <csabou@mozilla.com>
Wed, 25 Sep 2019 08:22:10 +0300
changeset 494874 abe671277b51e5d36e435ea9145a2510c6c5bc79
parent 494873 e3e31e1dfc13dc2af566788e1dd781f59478cb73
child 494875 992c514f7cba0e8fa5cd33ad4fc8511b5133a484
push id114131
push userdluca@mozilla.com
push dateThu, 26 Sep 2019 09:47:34 +0000
treeherdermozilla-inbound@1dc1a755079a [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
bugs1583076
milestone71.0a1
backs oute3e31e1dfc13dc2af566788e1dd781f59478cb73
97e4bfbc5578f4ea5d7a1751c039260a7d2395f2
6ccf5880c324342748d2a8c35370179065dcffe5
b4140efc183da7f2c08b00e24174eb98a97f20f2
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Backed out 4 changesets (bug 1583076) for causing build bustages on nsCSPService.cpp. CLOSED TREE Backed out changeset e3e31e1dfc13 (bug 1583076) Backed out changeset 97e4bfbc5578 (bug 1583076) Backed out changeset 6ccf5880c324 (bug 1583076) Backed out changeset b4140efc183d (bug 1583076)
dom/security/nsCSPService.cpp
dom/security/nsCSPService.h
ipc/glue/BackgroundUtils.cpp
netwerk/ipc/DocumentChannelChild.cpp
netwerk/ipc/DocumentChannelChild.h
netwerk/ipc/DocumentChannelParent.cpp
netwerk/ipc/PDocumentChannel.ipdl
--- a/dom/security/nsCSPService.cpp
+++ b/dom/security/nsCSPService.cpp
@@ -247,119 +247,116 @@ CSPService::AsyncOnChannelRedirect(nsICh
   }
 
   nsCOMPtr<nsIURI> newUri;
   nsresult rv = newChannel->GetURI(getter_AddRefs(newUri));
   NS_ENSURE_SUCCESS(rv, rv);
 
   nsCOMPtr<nsILoadInfo> loadInfo = oldChannel->LoadInfo();
 
+  // Check CSP navigate-to
+  // We need to enforce the CSP of the document that initiated the load,
+  // which is the CSP to inherit.
+  nsCOMPtr<nsIContentSecurityPolicy> cspToInherit = loadInfo->GetCspToInherit();
+  if (cspToInherit) {
+    bool allowsNavigateTo = false;
+    rv = cspToInherit->GetAllowsNavigateTo(newUri, loadInfo,
+                                           true,  /* aWasRedirected */
+                                           false, /* aEnforceWhitelist */
+                                           &allowsNavigateTo);
+    NS_ENSURE_SUCCESS(rv, rv);
+
+    if (!allowsNavigateTo) {
+      oldChannel->Cancel(NS_ERROR_CSP_NAVIGATE_TO_VIOLATION);
+      return NS_OK;
+    }
+  }
+
+  // No need to continue processing if CSP is disabled or if the protocol
+  // is *not* subject to CSP.
+  // Please note, the correct way to opt-out of CSP using a custom
+  // protocolHandler is to set one of the nsIProtocolHandler flags
+  // that are whitelistet in subjectToCSP()
+  nsContentPolicyType policyType = loadInfo->InternalContentPolicyType();
+  if (!StaticPrefs::security_csp_enable() ||
+      !subjectToCSP(newUri, policyType)) {
+    return NS_OK;
+  }
+
   /* Since redirecting channels don't call into nsIContentPolicy, we call our
    * Content Policy implementation directly when redirects occur using the
    * information set in the LoadInfo when channels are created.
    *
    * We check if the CSP permits this host for this type of load, if not,
    * we cancel the load now.
    */
   nsCOMPtr<nsIURI> originalUri;
   rv = oldChannel->GetOriginalURI(getter_AddRefs(originalUri));
   if (NS_FAILED(rv)) {
     autoCallback.DontCallback();
     oldChannel->Cancel(NS_ERROR_DOM_BAD_URI);
     return rv;
   }
 
-  Maybe<nsresult> cancelCode;
-  rv = ConsultCSPForRedirect(originalUri, newUri, loadInfo, cancelCode);
-  if (cancelCode) {
-    oldChannel->Cancel(*cancelCode);
-  }
-  if (NS_FAILED(rv)) {
+  int16_t decision = nsIContentPolicy::ACCEPT;
+  rv = ConsultCSPForRedirect(originalUri, newUri, loadInfo, &decision);
+  if (NS_CP_REJECTED(decision)) {
     autoCallback.DontCallback();
+    oldChannel->Cancel(NS_ERROR_DOM_BAD_URI);
+    return NS_BINDING_FAILED;
   }
 
   return rv;
 }
 
 nsresult CSPService::ConsultCSPForRedirect(nsIURI* aOriginalURI,
                                            nsIURI* aNewURI,
                                            nsILoadInfo* aLoadInfo,
-                                           Maybe<nsresult>& aCancelCode) {
-  // Check CSP navigate-to
-  // We need to enforce the CSP of the document that initiated the load,
-  // which is the CSP to inherit.
-  nsCOMPtr<nsIContentSecurityPolicy> cspToInherit =
-      aLoadInfo->GetCspToInherit();
-  if (cspToInherit) {
-    bool allowsNavigateTo = false;
-    nsresult rv = cspToInherit->GetAllowsNavigateTo(
-        aNewURI, aLoadInfo, true, /* aWasRedirected */
-        false,                    /* aEnforceWhitelist */
-        &allowsNavigateTo);
-    NS_ENSURE_SUCCESS(rv, rv);
-
-    if (!allowsNavigateTo) {
-      aCancelCode = Some(NS_ERROR_CSP_NAVIGATE_TO_VIOLATION);
-      return NS_OK;
-    }
-  }
-
-  // No need to continue processing if CSP is disabled or if the protocol
-  // is *not* subject to CSP.
-  // Please note, the correct way to opt-out of CSP using a custom
-  // protocolHandler is to set one of the nsIProtocolHandler flags
-  // that are whitelistet in subjectToCSP()
-  nsContentPolicyType policyType = aLoadInfo->InternalContentPolicyType();
-  if (!StaticPrefs::security_csp_enable() ||
-      !subjectToCSP(aNewURI, policyType)) {
-    return NS_OK;
-  }
-
+                                           int16_t* aDecision) {
   nsCOMPtr<nsICSPEventListener> cspEventListener;
   nsresult rv =
       aLoadInfo->GetCspEventListener(getter_AddRefs(cspEventListener));
-  MOZ_ASSERT(NS_SUCCEEDED(rv));
+  NS_ENSURE_SUCCESS(rv, rv);
 
   nsAutoString cspNonce;
   rv = aLoadInfo->GetCspNonce(cspNonce);
-  MOZ_ASSERT(NS_SUCCEEDED(rv));
+  NS_ENSURE_SUCCESS(rv, rv);
 
+  nsContentPolicyType policyType = aLoadInfo->InternalContentPolicyType();
   bool isPreload = nsContentUtils::IsPreloadType(policyType);
 
   /* On redirect, if the content policy is a preload type, rejecting the preload
    * results in the load silently failing, so we convert preloads to the actual
    * type. See Bug 1219453.
    */
   policyType =
       nsContentUtils::InternalContentPolicyTypeToExternalOrWorker(policyType);
 
-  int16_t decision = nsIContentPolicy::ACCEPT;
   nsCOMPtr<nsISupports> requestContext = aLoadInfo->GetLoadingContext();
   // 1) Apply speculative CSP for preloads
   if (isPreload) {
     nsCOMPtr<nsIContentSecurityPolicy> preloadCsp = aLoadInfo->GetPreloadCsp();
     if (preloadCsp) {
       // Pass  originalURI to indicate the redirect
       preloadCsp->ShouldLoad(
           policyType,  // load type per nsIContentPolicy (uint32_t)
           cspEventListener,
           aNewURI,         // nsIURI
           nullptr,         // nsIURI
           requestContext,  // nsISupports
           EmptyCString(),  // ACString - MIME guess
           aOriginalURI,    // Original nsIURI
           true,            // aSendViolationReports
           cspNonce,        // nonce
-          &decision);
+          aDecision);
 
       // if the preload policy already denied the load, then there
       // is no point in checking the real policy
-      if (NS_CP_REJECTED(decision)) {
-        aCancelCode = Some(NS_ERROR_DOM_BAD_URI);
-        return NS_BINDING_FAILED;
+      if (NS_CP_REJECTED(*aDecision)) {
+        return NS_OK;
       }
     }
   }
 
   // 2) Apply actual CSP to all loads
   nsCOMPtr<nsIContentSecurityPolicy> csp = aLoadInfo->GetCsp();
   if (csp) {
     // Pass  originalURI to indicate the redirect
@@ -367,17 +364,13 @@ nsresult CSPService::ConsultCSPForRedire
                     cspEventListener,
                     aNewURI,         // nsIURI
                     nullptr,         // nsIURI
                     requestContext,  // nsISupports
                     EmptyCString(),  // ACString - MIME guess
                     aOriginalURI,    // Original nsIURI
                     true,            // aSendViolationReports
                     cspNonce,        // nonce
-                    &decision);
-    if (NS_CP_REJECTED(decision)) {
-      aCancelCode = Some(NS_ERROR_DOM_BAD_URI);
-      return NS_BINDING_FAILED;
-    }
+                    aDecision);
   }
 
   return NS_OK;
 }
--- a/dom/security/nsCSPService.h
+++ b/dom/security/nsCSPService.h
@@ -29,20 +29,16 @@ class CSPService : public nsIContentPoli
   CSPService();
 
   // helper function to avoid creating a new instance of the
   // cspservice everytime we call content policies.
   static nsresult ConsultCSP(nsIURI* aContentLocation, nsILoadInfo* aLoadInfo,
                              const nsACString& aMimeTypeGuess,
                              int16_t* aDecision);
 
-  // Static helper to check CSP when doing a channel redirect.
-  // Returns the results to returns from
-  // AsyncOnChannelRedirect/nsIAsyncVerifyRedirectCallback. Optionally returns
-  // an nsresult to Cancel the old channel with.
   static nsresult ConsultCSPForRedirect(nsIURI* aOriginalURI, nsIURI* aNewURI,
                                         nsILoadInfo* aLoadInfo,
-                                        Maybe<nsresult>& aCancelCode);
+                                        int16_t* aDecision);
 
  protected:
   virtual ~CSPService();
 };
 #endif /* nsCSPService_h___ */
--- a/ipc/glue/BackgroundUtils.cpp
+++ b/ipc/glue/BackgroundUtils.cpp
@@ -733,18 +733,17 @@ nsresult LoadInfoArgsToLoadInfo(
   nsCOMPtr<nsICookieSettings> cookieSettings;
   CookieSettings::Deserialize(loadInfoArgs.cookieSettings(),
                               getter_AddRefs(cookieSettings));
 
   nsCOMPtr<nsIContentSecurityPolicy> cspToInherit;
   Maybe<mozilla::ipc::CSPInfo> cspToInheritInfo =
       loadInfoArgs.cspToInheritInfo();
   if (cspToInheritInfo.isSome()) {
-    nsCOMPtr<Document> doc = do_QueryInterface(aLoadingContext);
-    cspToInherit = CSPInfoToCSP(cspToInheritInfo.ref(), doc);
+    cspToInherit = CSPInfoToCSP(cspToInheritInfo.ref(), nullptr);
   }
 
   RefPtr<mozilla::LoadInfo> loadInfo = new mozilla::LoadInfo(
       loadingPrincipal, triggeringPrincipal, principalToInherit,
       sandboxedLoadingPrincipal, topLevelPrincipal,
       topLevelStorageAreaPrincipal, resultPrincipalURI, cookieSettings,
       cspToInherit, clientInfo, reservedClientInfo, initialClientInfo,
       controller, loadInfoArgs.securityFlags(),
--- a/netwerk/ipc/DocumentChannelChild.cpp
+++ b/netwerk/ipc/DocumentChannelChild.cpp
@@ -250,18 +250,22 @@ IPCResult DocumentChannelChild::RecvRedi
     const uint32_t& aRegistrarId, nsIURI* aURI, const uint32_t& aNewLoadFlags,
     const Maybe<ReplacementChannelConfigInit>& aInit,
     const Maybe<LoadInfoArgs>& aLoadInfo,
     nsTArray<DocumentChannelRedirect>&& aRedirects, const uint64_t& aChannelId,
     nsIURI* aOriginalURI, const uint32_t& aRedirectMode,
     const uint32_t& aRedirectFlags, const Maybe<uint32_t>& aContentDisposition,
     const Maybe<nsString>& aContentDispositionFilename,
     RedirectToRealChannelResolver&& aResolve) {
+  nsCOMPtr<nsILoadInfo> originalLoadInfo;
   RefPtr<dom::Document> loadingDocument;
-  mLoadInfo->GetLoadingDocument(getter_AddRefs(loadingDocument));
+  GetLoadInfo(getter_AddRefs(originalLoadInfo));
+  if (originalLoadInfo) {
+    originalLoadInfo->GetLoadingDocument(getter_AddRefs(loadingDocument));
+  }
 
   nsCOMPtr<nsILoadInfo> loadInfo;
   nsresult rv = LoadInfoArgsToLoadInfo(aLoadInfo, loadingDocument,
                                        getter_AddRefs(loadInfo));
   if (NS_FAILED(rv)) {
     MOZ_DIAGNOSTIC_ASSERT(false, "LoadInfoArgsToLoadInfo failed");
     return IPC_OK();
   }
@@ -395,40 +399,40 @@ DocumentChannelChild::OnRedirectVerifyCa
   if (CanSend()) {
     Send__delete__(this);
   }
 
   return NS_OK;
 }
 
 IPCResult DocumentChannelChild::RecvConfirmRedirect(
-    const LoadInfoArgs& aLoadInfo, nsIURI* aNewUri,
-    ConfirmRedirectResolver&& aResolve) {
+    nsIURI* aNewUri, ConfirmRedirectResolver&& aResolve) {
   // This is effectively the same as AsyncOnChannelRedirect, except since we're
   // not propagating the redirect into this process, we don't have an nsIChannel
   // for the redirection and we have to do the checks manually.
   // This just checks CSP thus far, hopefully there's not much else needed.
-  RefPtr<dom::Document> loadingDocument;
-  mLoadInfo->GetLoadingDocument(getter_AddRefs(loadingDocument));
-  nsCOMPtr<nsILoadInfo> loadInfo;
-  MOZ_ALWAYS_SUCCEEDS(LoadInfoArgsToLoadInfo(Some(aLoadInfo), loadingDocument,
-                                             getter_AddRefs(loadInfo)));
-
   nsCOMPtr<nsIURI> originalUri;
   nsresult rv = GetOriginalURI(getter_AddRefs(originalUri));
   if (NS_FAILED(rv)) {
-    aResolve(Tuple<const nsresult&, const Maybe<nsresult>&>(NS_BINDING_FAILED,
-                                                            Some(rv)));
+    aResolve(rv);
     return IPC_OK();
   }
 
-  Maybe<nsresult> cancelCode;
-  rv = CSPService::ConsultCSPForRedirect(originalUri, aNewUri, loadInfo,
-                                         cancelCode);
-  aResolve(Tuple<const nsresult&, const Maybe<nsresult>&>(rv, cancelCode));
+  int16_t decision = nsIContentPolicy::ACCEPT;
+  rv = CSPService::ConsultCSPForRedirect(originalUri, aNewUri, mLoadInfo,
+                                         &decision);
+  if (NS_FAILED(rv)) {
+    aResolve(rv);
+    return IPC_OK();
+  }
+  if (NS_CP_REJECTED(decision)) {
+    aResolve(NS_BINDING_FAILED);
+  } else {
+    aResolve(NS_OK);
+  }
   return IPC_OK();
 }
 
 IPCResult DocumentChannelChild::RecvNotifyChannelClassifierProtectionDisabled(
     const uint32_t& aAcceptedReason) {
   UrlClassifierCommon::NotifyChannelClassifierProtectionDisabled(
       this, aAcceptedReason);
   return IPC_OK();
--- a/netwerk/ipc/DocumentChannelChild.h
+++ b/netwerk/ipc/DocumentChannelChild.h
@@ -77,18 +77,17 @@ class DocumentChannelChild final : publi
 
   mozilla::ipc::IPCResult RecvSetClassifierMatchedInfo(
       const nsCString& aList, const nsCString& aProvider,
       const nsCString& aFullHash);
   mozilla::ipc::IPCResult RecvSetClassifierMatchedTrackingInfo(
       const nsCString& aLists, const nsCString& aFullHash);
 
   mozilla::ipc::IPCResult RecvConfirmRedirect(
-      const LoadInfoArgs& aLoadInfo, nsIURI* aNewUri,
-      ConfirmRedirectResolver&& aResolve);
+      nsIURI* aNewUri, ConfirmRedirectResolver&& aResolve);
 
   void DoFailedAsyncOpen(const nsresult& aStatusCode);
 
   const nsTArray<DocumentChannelRedirect>& GetRedirectChain() const {
     return mRedirects;
   }
 
   friend class NeckoTargetChannelEvent<DocumentChannelChild>;
--- a/netwerk/ipc/DocumentChannelParent.cpp
+++ b/netwerk/ipc/DocumentChannelParent.cpp
@@ -235,18 +235,18 @@ void DocumentChannelParent::FinishReplac
       rv = registrar->GetRegisteredChannel(mRedirectChannelId,
                                            getter_AddRefs(newChannel));
       MOZ_ASSERT(newChannel, "Already registered channel not found");
 
       if (NS_SUCCEEDED(rv)) {
         newChannel->Cancel(NS_BINDING_ABORTED);
       }
     }
-    // Release all previously registered channels, they are no longer needed to
-    // be kept in the registrar from this moment.
+    // Release all previously registered channels, they are no longer needed to be
+    // kept in the registrar from this moment.
     registrar->DeregisterChannels(mRedirectChannelId);
 
     mRedirectChannelId = 0;
   }
 
   if (!redirectChannel) {
     aSucceeded = false;
   }
@@ -796,41 +796,34 @@ DocumentChannelParent::AsyncOnChannelRed
   if (!CanSend()) {
     return NS_BINDING_ABORTED;
   }
 
   // Currently the CSP code expects to run in the content
   // process so that it can send events. Send a message to
   // our content process to ask CSP if we should allow this
   // redirect, and wait for confirmation.
-  nsCOMPtr<nsILoadInfo> loadInfo = aOldChannel->LoadInfo();
-  Maybe<LoadInfoArgs> loadInfoArgs;
-  MOZ_ALWAYS_SUCCEEDS(ipc::LoadInfoToLoadInfoArgs(loadInfo, &loadInfoArgs));
-  MOZ_ASSERT(loadInfoArgs.isSome());
-
   nsCOMPtr<nsIURI> newUri;
   nsresult rv = aNewChannel->GetURI(getter_AddRefs(newUri));
   NS_ENSURE_SUCCESS(rv, rv);
 
   nsCOMPtr<nsIAsyncVerifyRedirectCallback> callback(aCallback);
   nsCOMPtr<nsIChannel> oldChannel(aOldChannel);
-  SendConfirmRedirect(*loadInfoArgs, newUri)
-      ->Then(
-          GetCurrentThreadSerialEventTarget(), __func__,
-          [callback,
-           oldChannel](const Tuple<nsresult, Maybe<nsresult>>& aResult) {
-            if (Get<1>(aResult)) {
-              oldChannel->Cancel(*Get<1>(aResult));
-            }
-            callback->OnRedirectVerifyCallback(Get<0>(aResult));
-          },
-          [callback, oldChannel](const mozilla::ipc::ResponseRejectReason) {
-            oldChannel->Cancel(NS_ERROR_DOM_BAD_URI);
-            callback->OnRedirectVerifyCallback(NS_BINDING_ABORTED);
-          });
+  SendConfirmRedirect(newUri)->Then(
+      GetCurrentThreadSerialEventTarget(), __func__,
+      [callback, oldChannel](nsresult aRv) {
+        if (NS_FAILED(aRv)) {
+          oldChannel->Cancel(NS_ERROR_DOM_BAD_URI);
+        }
+        callback->OnRedirectVerifyCallback(aRv);
+      },
+      [callback, oldChannel](const mozilla::ipc::ResponseRejectReason) {
+        oldChannel->Cancel(NS_ERROR_DOM_BAD_URI);
+        callback->OnRedirectVerifyCallback(NS_BINDING_ABORTED);
+      });
 
   // Clear out our nsIParentChannel functions, since a normal parent
   // channel would actually redirect and not have those values on the new one.
   // We expect the URI classifier to run on the redirected channel with
   // the new URI and set these again.
   mIParentChannelFunctions.Clear();
   return NS_OK;
 }
--- a/netwerk/ipc/PDocumentChannel.ipdl
+++ b/netwerk/ipc/PDocumentChannel.ipdl
@@ -70,17 +70,17 @@ child:
                               DocumentChannelRedirect[] aRedirects,
                               uint64_t aChannelId,
                               nsIURI aOriginalURI,
                               uint32_t aRedirectMode,
                               uint32_t aRedirectFlags,
                               uint32_t? aContentDisposition,
                               nsString? aContentDispositionFilename) returns(nsresult rv);
 
-  async ConfirmRedirect(LoadInfoArgs aLoadInfo, nsIURI aNewURI) returns(nsresult rv, nsresult? cancelCode);
+  async ConfirmRedirect(nsIURI aNewURI) returns(nsresult rv);
 
   // Tell child to delete channel (all IPDL deletes must be done from child to
   // avoid races: see bug 591708).
   async DeleteSelf();
 
 };
 
 } // namespace net