Bug 1571415 - Add a Console Message for XTCO-Nosniff r=ckerschb
authorSebastian Streich <sstreich@mozilla.com>
Wed, 14 Aug 2019 12:44:08 +0000
changeset 487909 15846b81170a0c7cdeee4f72695e6543fbfe8362
parent 487908 b3ee5fed44ec711f79202150223cda9397c6ed80
child 487910 e7de86d5d8e41a3b9c89b06632a033a566fc2b7e
push id36433
push userbtara@mozilla.com
push dateWed, 14 Aug 2019 21:57:52 +0000
treeherdermozilla-central@7d9a2196d313 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersckerschb
bugs1571415
milestone70.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1571415 - Add a Console Message for XTCO-Nosniff r=ckerschb Differential Revision: https://phabricator.services.mozilla.com/D41550
dom/locales/en-US/chrome/security/security.properties
netwerk/base/nsNetUtil.cpp
--- a/dom/locales/en-US/chrome/security/security.properties
+++ b/dom/locales/en-US/chrome/security/security.properties
@@ -80,16 +80,18 @@ WeakCipherSuiteWarning=This site uses th
 
 DeprecatedTLSVersion=This site uses a deprecated version of TLS that will be disabled in March 2020. Please upgrade to TLS 1.2 or 1.3.
 
 #XCTO: nosniff
 # LOCALIZATION NOTE: Do not translate "X-Content-Type-Options: nosniff".
 MimeTypeMismatch2=The resource from “%1$S” was blocked due to MIME type (“%2$S”) mismatch (X-Content-Type-Options: nosniff).
 # LOCALIZATION NOTE: Do not translate "X-Content-Type-Options" and also do not translate "nosniff".
 XCTOHeaderValueMissing=X-Content-Type-Options header warning: value was “%1$S”; did you mean to send “nosniff”?
+# LOCALIZATION NOTE: Do not translate "X-Content-Type-Options" and also do not translate "nosniff".
+XTCOWithMIMEValueMissing=The resource from “%1$S” was not rendered due to an unknown, incorrect or missing MIME type (X-Content-Type-Options: nosniff).
 
 BlockScriptWithWrongMimeType2=Script from “%1$S” was blocked because of a disallowed MIME type (“%2$S”).
 WarnScriptWithWrongMimeType=The script from “%1$S” was loaded even though its MIME type (“%2$S”) is not a valid JavaScript MIME type.
 # LOCALIZATION NOTE: Do not translate "importScripts()"
 BlockImportScriptsWithWrongMimeType=Loading script from “%1$S” with importScripts() was blocked because of a disallowed MIME type (“%2$S”).
 BlockWorkerWithWrongMimeType=Loading Worker from “%1$S” was blocked because of a disallowed MIME type (“%2$S”).
 BlockModuleWithWrongMimeType=Loading module from “%1$S” was blocked because of a disallowed MIME type (“%2$S”).
 
--- a/netwerk/base/nsNetUtil.cpp
+++ b/netwerk/base/nsNetUtil.cpp
@@ -2720,16 +2720,45 @@ void NS_SniffContent(const char* aSniffe
     nsresult rv = sniffers[i]->GetMIMETypeFromContent(aRequest, aData, aLength,
                                                       aSniffedType);
     if (NS_SUCCEEDED(rv) && !aSniffedType.IsEmpty()) {
       return;
     }
   }
 
   aSniffedType.Truncate();
+
+  // If the Sniffers did not hit and NoSniff is set
+  // Check if we have any MIME Type at all or report an
+  // Error to the Console
+  nsCOMPtr<nsIHttpChannel> channel = do_QueryInterface(aRequest);
+  if (channel) {
+    nsCOMPtr<nsILoadInfo> loadInfo = channel->LoadInfo();
+
+    if (loadInfo->GetSkipContentSniffing()) {
+      nsAutoCString type;
+      channel->GetContentType(type);
+
+      if (type.Equals(nsCString("application/x-unknown-content-type"))) {
+        nsCOMPtr<nsIURI> requestUri;
+        channel->GetURI(getter_AddRefs(requestUri));
+        nsAutoCString spec;
+        requestUri->GetSpec(spec);
+        if (spec.Length() > 50) {
+          spec.Truncate(50);
+          spec.AppendLiteral("...");
+        }
+        channel->LogMimeTypeMismatch(
+            nsCString("XTCOWithMIMEValueMissing"), false,
+            NS_ConvertUTF8toUTF16(spec),
+            // Type is not used in the Error Message but required
+            NS_ConvertUTF8toUTF16(type));
+      }
+    }
+  }
 }
 
 bool NS_IsSrcdocChannel(nsIChannel* aChannel) {
   bool isSrcdoc;
   nsCOMPtr<nsIInputStreamChannel> isr = do_QueryInterface(aChannel);
   if (isr) {
     isr->GetIsSrcdocChannel(&isSrcdoc);
     return isSrcdoc;