Bug 1459544: Only assert that about page has CSP if nothing stopped the load of the doc. r=smaug
authorChristoph Kerschbaumer <ckerschb@christophkerschbaumer.com>
Thu, 13 Sep 2018 14:47:24 +0200
changeset 436213 084a50d2778ae75429e21dce28e6e547951a05cd
parent 436212 cbea6ff716c9b94d7011729b4a1cd3aa6ccb12af
child 436214 aa3c5d257b1e8ddda72905e728d72d4d57762b7e
push id34631
push usernerli@mozilla.com
push dateThu, 13 Sep 2018 22:02:04 +0000
treeherdermozilla-central@e923330d5bd3 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssmaug
bugs1459544
milestone64.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1459544: Only assert that about page has CSP if nothing stopped the load of the doc. r=smaug
dom/base/nsDocument.cpp
modules/libpref/init/all.js
--- a/dom/base/nsDocument.cpp
+++ b/dom/base/nsDocument.cpp
@@ -5302,17 +5302,20 @@ AssertContentPrivilegedAboutPageHasCSP(n
     "about: page must contain a CSP including default-src");
 }
 #endif
 
 void
 nsDocument::EndLoad()
 {
 #if defined(DEBUG) && !defined(ANDROID)
-  AssertContentPrivilegedAboutPageHasCSP(mDocumentURI, NodePrincipal());
+  // only assert if nothing stopped the load on purpose
+  if (!mParserAborted) {
+    AssertContentPrivilegedAboutPageHasCSP(mDocumentURI, NodePrincipal());
+  }
 #endif
 
   // EndLoad may have been called without a matching call to BeginLoad, in the
   // case of a failed parse (for example, due to timeout). In such a case, we
   // still want to execute part of this code to do appropriate cleanup, but we
   // gate part of it because it is intended to match 1-for-1 with calls to
   // BeginLoad. We have an explicit flag bit for this purpose, since it's
   // complicated and error prone to derive this condition from other related
--- a/modules/libpref/init/all.js
+++ b/modules/libpref/init/all.js
@@ -2576,18 +2576,17 @@ pref("font.blacklist.underline_offset", 
 
 pref("security.directory",              "");
 
 // security-sensitive dialogs should delay button enabling. In milliseconds.
 pref("security.dialog_enable_delay", 1000);
 pref("security.notification_enable_delay", 500);
 
 #if defined(DEBUG) && !defined(ANDROID)
-// about:welcome has been added until Bug 1448359 is fixed at which time home, newtab, and welcome will all be removed.
-pref("csp.content_privileged_about_uris_without_csp", "blank,home,newtab,printpreview,srcdoc,welcome");
+pref("csp.content_privileged_about_uris_without_csp", "blank,printpreview,srcdoc");
 #endif
 
 // Default Content Security Policy to apply to signed contents.
 pref("security.signed_content.CSP.default", "script-src 'self'; style-src 'self'");
 
 // Mixed content blocking
 pref("security.mixed_content.block_active_content", false);
 pref("security.mixed_content.block_display_content", false);