Backed out 4 changesets (bug 1195173) for webtest failures. r=oranges on a CLOSED TREE
authorSebastian Hengst <archaeopteryx@coole-files.de>
Wed, 27 Jan 2016 20:24:52 +0100
changeset 281939 b1001182a8a2a6b8b404cad9e6eeba2760b7e62d
parent 281938 7cd22aa3fbac29c1092b0c089dd2cabe92cf9c9c
child 281940 a41dc34511b4f0e9045503298dcc597ade118d09
push id70980
push userarchaeopteryx@coole-files.de
push dateWed, 27 Jan 2016 19:25:59 +0000
treeherdermozilla-inbound@b1001182a8a2 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersoranges
bugs1195173
milestone47.0a1
backs out92b7c3c6e875e719bca0f8ecbc5c492eaa10baf4
d026d6f185ab545ef4b243d7b8daaf7d225c07ab
3b51d7bae8e49119a4caca5e13c6bc9106a59813
a75bb8d083e8ca46eed8187946ee84fade1883db
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Backed out 4 changesets (bug 1195173) for webtest failures. r=oranges on a CLOSED TREE Backed out changeset 92b7c3c6e875 (bug 1195173) Backed out changeset d026d6f185ab (bug 1195173) Backed out changeset 3b51d7bae8e4 (bug 1195173) Backed out changeset a75bb8d083e8 (bug 1195173)
dom/security/nsContentSecurityManager.cpp
layout/style/Loader.cpp
layout/style/Loader.h
layout/style/test/mochitest.ini
layout/style/test/test_asyncopen2.html
netwerk/protocol/res/ExtensionProtocolHandler.cpp
--- a/dom/security/nsContentSecurityManager.cpp
+++ b/dom/security/nsContentSecurityManager.cpp
@@ -138,27 +138,18 @@ DoContentSecurityChecks(nsIURI* aURI, ns
     }
 
     case nsIContentPolicy::TYPE_SCRIPT: {
       mimeTypeGuess = NS_LITERAL_CSTRING("application/javascript");
       requestingContext = aLoadInfo->LoadingNode();
       break;
     }
 
-    case nsIContentPolicy::TYPE_IMAGE: {
-      MOZ_ASSERT(false, "contentPolicyType not supported yet");
-      break;
-    }
-
-    case nsIContentPolicy::TYPE_STYLESHEET: {
-      mimeTypeGuess = NS_LITERAL_CSTRING("text/css");
-      requestingContext = aLoadInfo->LoadingNode();
-      break;
-    }
-
+    case nsIContentPolicy::TYPE_IMAGE:
+    case nsIContentPolicy::TYPE_STYLESHEET:
     case nsIContentPolicy::TYPE_OBJECT:
     case nsIContentPolicy::TYPE_DOCUMENT: {
       MOZ_ASSERT(false, "contentPolicyType not supported yet");
       break;
     }
 
     case nsIContentPolicy::TYPE_SUBDOCUMENT: {
       mimeTypeGuess = NS_LITERAL_CSTRING("text/html");
--- a/layout/style/Loader.cpp
+++ b/layout/style/Loader.cpp
@@ -43,16 +43,17 @@
 #include "nsIStyleSheetLinkingElement.h"
 #include "nsICSSLoaderObserver.h"
 #include "nsCSSParser.h"
 #include "mozilla/CSSStyleSheet.h"
 #include "mozilla/css/ImportRule.h"
 #include "nsThreadUtils.h"
 #include "nsGkAtoms.h"
 #include "nsIThreadInternal.h"
+#include "nsCORSListenerProxy.h"
 #include "nsINetworkPredictor.h"
 #include "mozilla/dom/ShadowRoot.h"
 #include "mozilla/dom/URL.h"
 
 #ifdef MOZ_XUL
 #include "nsXULPrototypeCache.h"
 #endif
 
@@ -69,24 +70,26 @@ using mozilla::dom::EncodingUtils;
 using namespace mozilla::dom;
 
 /**
  * OVERALL ARCHITECTURE
  *
  * The CSS Loader gets requests to load various sorts of style sheets:
  * inline style from <style> elements, linked style, @import-ed child
  * sheets, non-document sheets.  The loader handles the following tasks:
- * 1) Creation of the actual style sheet objects: CreateSheet()
- * 2) setting of the right media, title, enabled state, etc on the
+ *
+ * 1) Checking whether the load is allowed: CheckLoadAllowed()
+ * 2) Creation of the actual style sheet objects: CreateSheet()
+ * 3) setting of the right media, title, enabled state, etc on the
  *    sheet: PrepareSheet()
- * 3) Insertion of the sheet in the proper cascade order:
+ * 4) Insertion of the sheet in the proper cascade order:
  *    InsertSheetInDoc() and InsertChildSheet()
- * 4) Load of the sheet: LoadSheet() including security checks
- * 5) Parsing of the sheet: ParseSheet()
- * 6) Cleanup: SheetComplete()
+ * 5) Load of the sheet: LoadSheet()
+ * 6) Parsing of the sheet: ParseSheet()
+ * 7) Cleanup: SheetComplete()
  *
  * The detailed documentation for these functions is found with the
  * function implementations.
  *
  * The following helper object is used:
  *    SheetLoadData -- a small class that is used to store all the
  *                     information needed for the loading of a sheet;
  *                     this class handles listening for the stream
@@ -1010,40 +1013,71 @@ Loader::ObsoleteSheet(nsIURI* aURI)
     nsresult rv = sheetURI->Equals(aURI, &areEqual);
     if (NS_SUCCEEDED(rv) && areEqual) {
       iter.Remove();
     }
   }
   return NS_OK;
 }
 
+/**
+ * CheckLoadAllowed will return success if the load is allowed,
+ * failure otherwise.
+ *
+ * @param aSourcePrincipal the principal of the node or document or parent
+ *                         sheet loading the sheet
+ * @param aTargetURI the uri of the sheet to be loaded
+ * @param aContext the node owning the sheet.  This is the element or document
+ *                 owning the stylesheet (possibly indirectly, for child sheets)
+ */
 nsresult
-Loader::CheckContentPolicy(nsIPrincipal* aSourcePrincipal,
-                          nsIURI* aTargetURI,
-                          nsISupports* aContext,
-                          bool aIsPreload)
+Loader::CheckLoadAllowed(nsIPrincipal* aSourcePrincipal,
+                         nsIURI* aTargetURI,
+                         nsISupports* aContext,
+                         bool aIsPreload)
 {
-  nsContentPolicyType contentPolicyType =
-    aIsPreload ? nsIContentPolicy::TYPE_INTERNAL_STYLESHEET_PRELOAD
-               : nsIContentPolicy::TYPE_INTERNAL_STYLESHEET;
+  LOG(("css::Loader::CheckLoadAllowed"));
+
+  nsresult rv;
 
-  int16_t shouldLoad = nsIContentPolicy::ACCEPT;
-  nsresult rv = NS_CheckContentLoadPolicy(contentPolicyType,
-                                          aTargetURI,
-                                          aSourcePrincipal,
-                                          aContext,
-                                          NS_LITERAL_CSTRING("text/css"),
-                                          nullptr,  //extra param
-                                          &shouldLoad,
-                                          nsContentUtils::GetContentPolicy(),
-                                          nsContentUtils::GetSecurityManager());
-   if (NS_FAILED(rv) || NS_CP_REJECTED(shouldLoad)) {
-     return NS_ERROR_CONTENT_BLOCKED;
-   }
-   return NS_OK;
+  if (aSourcePrincipal) {
+    // Check with the security manager
+    nsIScriptSecurityManager *secMan = nsContentUtils::GetSecurityManager();
+    rv =
+      secMan->CheckLoadURIWithPrincipal(aSourcePrincipal, aTargetURI,
+                                        nsIScriptSecurityManager::ALLOW_CHROME);
+    if (NS_FAILED(rv)) { // failure is normal here; don't warn
+      return rv;
+    }
+
+    LOG(("  Passed security check"));
+
+    // Check with content policy
+    nsContentPolicyType contentPolicyType =
+      aIsPreload ? nsIContentPolicy::TYPE_INTERNAL_STYLESHEET_PRELOAD
+                 : nsIContentPolicy::TYPE_INTERNAL_STYLESHEET;
+
+    int16_t shouldLoad = nsIContentPolicy::ACCEPT;
+    rv = NS_CheckContentLoadPolicy(contentPolicyType,
+                                   aTargetURI,
+                                   aSourcePrincipal,
+                                   aContext,
+                                   NS_LITERAL_CSTRING("text/css"),
+                                   nullptr,                     //extra param
+                                   &shouldLoad,
+                                   nsContentUtils::GetContentPolicy(),
+                                   nsContentUtils::GetSecurityManager());
+
+    if (NS_FAILED(rv) || NS_CP_REJECTED(shouldLoad)) {
+      LOG(("  Load blocked by content policy"));
+      return NS_ERROR_CONTENT_BLOCKED;
+    }
+  }
+
+  return NS_OK;
 }
 
 /**
  * CreateSheet() creates a CSSStyleSheet object for the given URI,
  * if any.  If there is no URI given, we just create a new style sheet
  * object.  Otherwise, we check for an existing style sheet object for
  * that uri in various caches and clone it if we find it.  Cloned
  * sheets will have the title/media/enabled state of the sheet they
@@ -1407,18 +1441,29 @@ Loader::LoadSheet(SheetLoadData* aLoadDa
 
   if (!mDocument && !aLoadData->mIsNonDocumentSheet) {
     // No point starting the load; just release all the data and such.
     LOG_WARN(("  No document and not non-document sheet; pre-dropping load"));
     SheetComplete(aLoadData, NS_BINDING_ABORTED);
     return NS_BINDING_ABORTED;
   }
 
+  bool inherit = false;
   nsIPrincipal* triggeringPrincipal = aLoadData->mLoaderPrincipal;
-  if (!triggeringPrincipal) {
+  if (triggeringPrincipal) {
+    rv = NS_URIChainHasFlags(aLoadData->mURI,
+                             nsIProtocolHandler::URI_INHERITS_SECURITY_CONTEXT,
+                             &inherit);
+    inherit =
+      ((NS_SUCCEEDED(rv) && inherit) ||
+       (nsContentUtils::URIIsLocalFile(aLoadData->mURI) &&
+        NS_SUCCEEDED(aLoadData->mLoaderPrincipal->
+                     CheckMayLoad(aLoadData->mURI, false, false))));
+  }
+  else {
     triggeringPrincipal = nsContentUtils::GetSystemPrincipal();
   }
 
   SRIMetadata sriMetadata = aLoadData->mSheet->GetIntegrity();
 
   if (aLoadData->mSyncLoad) {
     LOG(("  Synchronous load"));
     NS_ASSERTION(!aLoadData->mObserver, "Observer for a sync load?");
@@ -1437,59 +1482,47 @@ Loader::LoadSheet(SheetLoadData* aLoadDa
     }
 
     if (mDocument) {
       mozilla::net::PredictorLearn(aLoadData->mURI, mDocument->GetDocumentURI(),
                                    nsINetworkPredictor::LEARN_LOAD_SUBRESOURCE,
                                    mDocument);
     }
 
-    nsSecurityFlags securityFlags =
-      nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS |
-      nsILoadInfo::SEC_ALLOW_CHROME;
-
-    nsContentPolicyType contentPolicyType =
-      aIsPreload ? nsIContentPolicy::TYPE_INTERNAL_STYLESHEET_PRELOAD
-                 : nsIContentPolicy::TYPE_INTERNAL_STYLESHEET;
-
     // Just load it
     nsCOMPtr<nsIChannel> channel;
     // Note that we are calling NS_NewChannelWithTriggeringPrincipal() with both
     // a node and a principal.
     // This is because of a case where the node is the document being styled and
     // the principal is the stylesheet (perhaps from a different origin) that is
     // applying the styles.
     if (aLoadData->mRequestingNode) {
       rv = NS_NewChannelWithTriggeringPrincipal(getter_AddRefs(channel),
                                                 aLoadData->mURI,
                                                 aLoadData->mRequestingNode,
                                                 triggeringPrincipal,
-                                                securityFlags,
-                                                contentPolicyType);
+                                                nsILoadInfo::SEC_NORMAL,
+                                                nsIContentPolicy::TYPE_OTHER);
     }
     else {
       // either we are loading something inside a document, in which case
       // we should always have a requestingNode, or we are loading something
       // outside a document, in which case the triggeringPrincipal
       // should always be the systemPrincipal.
       MOZ_ASSERT(nsContentUtils::IsSystemPrincipal(triggeringPrincipal));
       rv = NS_NewChannel(getter_AddRefs(channel),
                          aLoadData->mURI,
                          triggeringPrincipal,
-                         securityFlags,
-                         contentPolicyType);
+                         nsILoadInfo::SEC_NORMAL,
+                         nsIContentPolicy::TYPE_OTHER);
     }
-    if (NS_FAILED(rv)) {
-      LOG_ERROR(("  Failed to create channel"));
-      SheetComplete(aLoadData, rv);
-      return rv;
-    }
+    NS_ENSURE_SUCCESS(rv, rv);
 
     nsCOMPtr<nsIInputStream> stream;
-    rv = channel->Open2(getter_AddRefs(stream));
+    rv = channel->Open(getter_AddRefs(stream));
 
     if (NS_FAILED(rv)) {
       LOG_ERROR(("  Failed to open URI synchronously"));
       SheetComplete(aLoadData, rv);
       return rv;
     }
 
     // Force UA sheets to be UTF-8.
@@ -1543,40 +1576,30 @@ Loader::LoadSheet(SheetLoadData* aLoadDa
       LOG(("  Forcing load of pending data"));
       return LoadSheet(existingData, eSheetNeedsParser, aIsPreload);
     }
     // All done here; once the load completes we'll be marked complete
     // automatically
     return NS_OK;
   }
 
+#ifdef DEBUG
+  mSyncCallback = true;
+#endif
   nsCOMPtr<nsILoadGroup> loadGroup;
   if (mDocument) {
     loadGroup = mDocument->GetDocumentLoadGroup();
-    // load for a document with no loadgrup indicates that something is
-    // completely bogus, let's bail out early.
-    if (!loadGroup) {
-      LOG_ERROR(("  Failed to query loadGroup from document"));
-      SheetComplete(aLoadData, NS_ERROR_UNEXPECTED);
-      return NS_ERROR_UNEXPECTED;
-    }
+    NS_ASSERTION(loadGroup,
+                 "No loadgroup for stylesheet; onload will fire early");
   }
-#ifdef DEBUG
-  mSyncCallback = true;
-#endif
 
-  CORSMode ourCORSMode = aLoadData->mSheet->GetCORSMode();
-  nsSecurityFlags securityFlags =
-    ourCORSMode == CORS_NONE
-      ? nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS
-      : nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS;
-  if (ourCORSMode == CORS_USE_CREDENTIALS) {
-    securityFlags |= nsILoadInfo::SEC_COOKIES_INCLUDE;
+  nsLoadFlags securityFlags = nsILoadInfo::SEC_NORMAL;
+  if (inherit) {
+    securityFlags |= nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL;
   }
-  securityFlags |= nsILoadInfo::SEC_ALLOW_CHROME;
 
   nsContentPolicyType contentPolicyType =
     aIsPreload ? nsIContentPolicy::TYPE_INTERNAL_STYLESHEET_PRELOAD
                : nsIContentPolicy::TYPE_INTERNAL_STYLESHEET;
 
   nsCOMPtr<nsIChannel> channel;
   // Note we are calling NS_NewChannelWithTriggeringPrincipal here with a node
   // and a principal. This is because of a case where the node is the document
@@ -1662,23 +1685,45 @@ Loader::LoadSheet(SheetLoadData* aLoadDa
 #ifdef DEBUG
     mSyncCallback = false;
 #endif
     LOG_ERROR(("  Failed to create stream loader"));
     SheetComplete(aLoadData, rv);
     return rv;
   }
 
+  nsCOMPtr<nsIStreamListener> channelListener;
+  CORSMode ourCORSMode = aLoadData->mSheet->GetCORSMode();
+  if (ourCORSMode != CORS_NONE) {
+    bool withCredentials = (ourCORSMode == CORS_USE_CREDENTIALS);
+    LOG(("  Doing CORS-enabled load; credentials %d", withCredentials));
+    RefPtr<nsCORSListenerProxy> corsListener =
+      new nsCORSListenerProxy(streamLoader, aLoadData->mLoaderPrincipal,
+			      withCredentials);
+    rv = corsListener->Init(channel, DataURIHandling::Allow);
+    if (NS_FAILED(rv)) {
+#ifdef DEBUG
+      mSyncCallback = false;
+#endif
+      LOG_ERROR(("  Initial CORS check failed"));
+      SheetComplete(aLoadData, rv);
+      return rv;
+    }
+    channelListener = corsListener;
+  } else {
+    channelListener = streamLoader;
+  }
+
   if (mDocument) {
     mozilla::net::PredictorLearn(aLoadData->mURI, mDocument->GetDocumentURI(),
                                  nsINetworkPredictor::LEARN_LOAD_SUBRESOURCE,
                                  mDocument);
   }
 
-  rv = channel->AsyncOpen2(streamLoader);
+  rv = channel->AsyncOpen(channelListener, nullptr);
 
 #ifdef DEBUG
   mSyncCallback = false;
 #endif
 
   if (NS_FAILED(rv)) {
     LOG_ERROR(("  Failed to create stream loader"));
     SheetComplete(aLoadData, rv);
@@ -2011,19 +2056,20 @@ Loader::LoadStyleLink(nsIContent* aEleme
 
   nsIPrincipal* principal =
     aElement ? aElement->NodePrincipal() : mDocument->NodePrincipal();
 
   nsISupports* context = aElement;
   if (!context) {
     context = mDocument;
   }
+  nsresult rv = CheckLoadAllowed(principal, aURL, context, false);
+  if (NS_FAILED(rv)) return rv;
 
-  nsresult rv = CheckContentPolicy(principal, aURL, context, false);
-  NS_ENSURE_SUCCESS(rv, rv);
+  LOG(("  Passed load check"));
 
   StyleSheetState state;
   RefPtr<CSSStyleSheet> sheet;
   rv = CreateSheet(aURL, aElement, principal, aCORSMode,
                    aReferrerPolicy, aIntegrity, false,
                    aHasAlternateRel, aTitle, state, aIsAlternate,
                    getter_AddRefs(sheet));
   NS_ENSURE_SUCCESS(rv, rv);
@@ -2145,18 +2191,20 @@ Loader::LoadChildSheet(CSSStyleSheet* aP
   }
 
   nsISupports* context = owningNode;
   if (!context) {
     context = mDocument;
   }
 
   nsIPrincipal* principal = aParentSheet->Principal();
-  nsresult rv = CheckContentPolicy(principal, aURL, context, false);
-  NS_ENSURE_SUCCESS(rv, rv);
+  nsresult rv = CheckLoadAllowed(principal, aURL, context, false);
+  if (NS_FAILED(rv)) return rv;
+
+  LOG(("  Passed load check"));
 
   SheetLoadData* parentData = nullptr;
   nsCOMPtr<nsICSSLoaderObserver> observer;
 
   int32_t count = mParsingDatas.Length();
   if (count > 0) {
     LOG(("  Have a parent load"));
     parentData = mParsingDatas.ElementAt(count - 1);
@@ -2298,18 +2346,20 @@ Loader::InternalLoadNonDocumentSheet(nsI
     *aSheet = nullptr;
   }
 
   if (!mEnabled) {
     LOG_WARN(("  Not enabled"));
     return NS_ERROR_NOT_AVAILABLE;
   }
 
-  nsresult rv = CheckContentPolicy(aOriginPrincipal, aURL, mDocument, aIsPreload);
-  NS_ENSURE_SUCCESS(rv, rv);
+  nsresult rv = CheckLoadAllowed(aOriginPrincipal, aURL, mDocument, aIsPreload);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
 
   StyleSheetState state;
   bool isAlternate;
   RefPtr<CSSStyleSheet> sheet;
   bool syncLoad = (aObserver == nullptr);
   const nsSubstring& empty = EmptyString();
 
   rv = CreateSheet(aURL, nullptr, aOriginPrincipal, aCORSMode,
--- a/layout/style/Loader.h
+++ b/layout/style/Loader.h
@@ -441,20 +441,25 @@ public:
 private:
   friend class SheetLoadData;
 
   static PLDHashOperator
   RemoveEntriesWithURI(URIPrincipalReferrerPolicyAndCORSModeHashKey* aKey,
                        RefPtr<CSSStyleSheet>& aSheet,
                        void* aUserData);
 
-  nsresult CheckContentPolicy(nsIPrincipal* aSourcePrincipal,
-                              nsIURI* aTargetURI,
-                              nsISupports* aContext,
-                              bool aIsPreload);
+  // Note: null aSourcePrincipal indicates that the content policy and
+  // CheckLoadURI checks should be skipped.
+  // aIsPreload indicates whether the html parser preloads that
+  // stylesheet or if it is a regular load.
+  nsresult CheckLoadAllowed(nsIPrincipal* aSourcePrincipal,
+                            nsIURI* aTargetURI,
+                            nsISupports* aContext,
+                            bool aIsPreload);
+
 
   // For inline style, the aURI param is null, but the aLinkingContent
   // must be non-null then.  The loader principal must never be null
   // if aURI is not null.
   // *aIsAlternate is set based on aTitle and aHasAlternateRel.
   nsresult CreateSheet(nsIURI* aURI,
                        nsIContent* aLinkingContent,
                        nsIPrincipal* aLoaderPrincipal,
--- a/layout/style/test/mochitest.ini
+++ b/layout/style/test/mochitest.ini
@@ -288,9 +288,8 @@ skip-if = buildapp == 'b2g' || toolkit =
 [test_visited_lying.html]
 skip-if = buildapp == 'b2g' || toolkit == 'android' #TIMED_OUT # b2g(bug 870262, :visited support) b2g-debug(bug 870262, :visited support) b2g-desktop(bug 870262, :visited support)
 [test_visited_pref.html]
 skip-if = buildapp == 'b2g' || toolkit == 'android' #TIMED_OUT # b2g(bug 870262, :visited support) b2g-debug(bug 870262, :visited support) b2g-desktop(bug 870262, :visited support)
 [test_visited_reftests.html]
 skip-if = buildapp == 'b2g' || toolkit == 'android' #TIMED_OUT # b2g(bug 870262, :visited support) b2g-debug(bug 870262, :visited support) b2g-desktop(bug 870262, :visited support)
 [test_webkit_box_orient.html]
 [test_webkit_device_pixel_ratio.html]
-[test_asyncopen2.html]
deleted file mode 100644
--- a/layout/style/test/test_asyncopen2.html
+++ /dev/null
@@ -1,54 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<!--
-https://bugzilla.mozilla.org/show_bug.cgi?id=1195173
--->
-<head>
-  <title>Bug 1195173 - Test asyncOpen2 security exception</title>
-  <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
-  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
-
-  <!-- Note: the following stylesheet does not exist -->
-  <link rel="stylesheet" id="myCSS" type="text/css" href="file:///home/foo/bar.css">
-
-</head>
-<body onload="checkCSS()">
-<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1195173">Mozilla Bug 1195173</a>
-<p id="display"></p>
-<div id="content" style="display: none"></div>
-
-<script type="application/javascript">
-/*
- * Description of the test:
- * Accessing a stylesheet that got blocked by asyncOpen2 should
- * throw an exception.
- */
-
-SimpleTest.waitForExplicitFinish();
-
-function checkCSS()
-{
-  try {
-    // accessing tests/SimpleTest/test.css should not throw
-    var goodCSS = document.styleSheets[0].cssRules
-    ok(true, "accessing test.css should be allowed");
-  }
-  catch(e) {
-    ok(false, "accessing test.css should be allowed");
-  }
-
-  try {
-    // accessing file:///home/foo/bar.css should throw
-    var badCSS = document.styleSheets[1].cssRules
-    ok(false, "accessing bar.css should throw");
-  }
-  catch(e) {
-    ok(true, "accessing bar.css should throw");
-  }
-
-  SimpleTest.finish();
-}
-
-</script>
-</body>
-</html>
--- a/netwerk/protocol/res/ExtensionProtocolHandler.cpp
+++ b/netwerk/protocol/res/ExtensionProtocolHandler.cpp
@@ -99,19 +99,18 @@ ExtensionProtocolHandler::SubstituteChan
   nsCOMPtr<nsIStreamConverterService> convService =
     do_GetService(NS_STREAMCONVERTERSERVICE_CONTRACTID, &rv);
   NS_ENSURE_SUCCESS(rv, rv);
 
   const char* kFromType = "application/vnd.mozilla.webext.unlocalized";
   const char* kToType = "text/css";
 
   nsCOMPtr<nsIInputStream> inputStream;
-  if (aLoadInfo &&
-      aLoadInfo->GetSecurityMode() == nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS) {
-    // If the channel needs to enforce CORS, we need to open the channel async.
+  if (aLoadInfo && aLoadInfo->GetSecurityMode()) {
+    // Certain security checks require an async channel.
 
     nsCOMPtr<nsIOutputStream> outputStream;
     rv = NS_NewPipe(getter_AddRefs(inputStream), getter_AddRefs(outputStream),
                     0, UINT32_MAX, true, false);
     NS_ENSURE_SUCCESS(rv, rv);
 
     nsCOMPtr<nsIStreamListener> listener;
     nsCOMPtr<nsIRequestObserver> observer = new PipeCloser(outputStream);
@@ -124,24 +123,21 @@ ExtensionProtocolHandler::SubstituteChan
     NS_ENSURE_SUCCESS(rv, rv);
 
     nsCOMPtr<nsILoadInfo> loadInfo =
       static_cast<mozilla::LoadInfo*>(aLoadInfo)->CloneForNewRequest();
     (*result)->SetLoadInfo(loadInfo);
 
     rv = (*result)->AsyncOpen2(converter);
   } else {
-    // Stylesheet loads for extension content scripts require a sync channel.
+    // Stylesheet loads for extension content scripts require a sync channel,
+    // but fortunately do not invoke security checks.
 
     nsCOMPtr<nsIInputStream> sourceStream;
-    if (aLoadInfo && aLoadInfo->GetEnforceSecurity()) {
-      rv = (*result)->Open2(getter_AddRefs(sourceStream));
-    } else {
-      rv = (*result)->Open(getter_AddRefs(sourceStream));
-    }
+    rv = (*result)->Open(getter_AddRefs(sourceStream));
     NS_ENSURE_SUCCESS(rv, rv);
 
     rv = convService->Convert(sourceStream, kFromType, kToType,
                               aURI, getter_AddRefs(inputStream));
   }
   NS_ENSURE_SUCCESS(rv, rv);
 
   nsCOMPtr<nsIChannel> channel;