Bug 863878 - The CSP logging from bug 821877 should go to the new Security Pane in the Web Console. r=bzbarsky r=ddahl
authorGarrett Robinson <grobinson@mozilla.com>
Tue, 23 Apr 2013 17:39:10 -0500
changeset 129695 2f839f4b2f3218e29bb39989dcb4912249af23ae
parent 129694 659fa167a6bba070697efdd0fa81bbe3d8d66074
child 129696 e64522db8661d713d1af37abff87997d0128317c
push id24586
push userryanvm@gmail.com
push dateWed, 24 Apr 2013 12:15:57 +0000
treeherdermozilla-central@1c5977e8d52f [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbzbarsky, ddahl
bugs863878, 821877
milestone23.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 863878 - The CSP logging from bug 821877 should go to the new Security Pane in the Web Console. r=bzbarsky r=ddahl
browser/devtools/webconsole/test/browser_webconsole_bug_821877_csp_errors.js
browser/devtools/webconsole/webconsole.js
content/base/src/nsDocument.cpp
dom/locales/en-US/chrome/dom/dom.properties
dom/locales/en-US/chrome/security/security.properties
--- a/browser/devtools/webconsole/test/browser_webconsole_bug_821877_csp_errors.js
+++ b/browser/devtools/webconsole/test/browser_webconsole_bug_821877_csp_errors.js
@@ -7,19 +7,22 @@ const TEST_URI = "https://example.com/br
 const CSP_DEPRECATED_HEADER_MSG = "The X-Content-Security-Policy and X-Content-Security-Report-Only headers will be deprecated in the future. Please use the Content-Security-Policy and Content-Security-Report-Only headers with CSP spec compliant syntax instead.";
 
 function test()
 {
   addTab(TEST_URI);
   browser.addEventListener("load", function onLoad(aEvent) {
     browser.removeEventListener(aEvent.type, onLoad, true);
     openConsole(null, function testCSPErrorLogged (hud) {
-      waitForSuccess({
-        name: "CSP error displayed successfully",
-        validatorFn: function () {
-          return hud.outputNode.textContent.indexOf(CSP_DEPRECATED_HEADER_MSG) > -1;
-        },
-        successFn: finishTest,
-        failureFn: finishTest,
-      });
+      waitForMessages({
+        webconsole: hud,
+        messages: [
+          {
+            name: "Deprecated CSP header error displayed successfully",
+            text: CSP_DEPRECATED_HEADER_MSG,
+            category: CATEGORY_SECURITY,
+            severity: SEVERITY_WARNING
+          },
+        ],
+      }).then(finishTest);
     });
   }, true);
 }
--- a/browser/devtools/webconsole/webconsole.js
+++ b/browser/devtools/webconsole/webconsole.js
@@ -4273,16 +4273,17 @@ var Utils = {
   categoryForScriptError: function Utils_categoryForScriptError(aScriptError)
   {
     switch (aScriptError.category) {
       case "CSS Parser":
       case "CSS Loader":
         return CATEGORY_CSS;
 
       case "Mixed Content Blocker":
+      case "CSP":
         return CATEGORY_SECURITY;
 
       default:
         return CATEGORY_JS;
     }
   },
 
   /**
--- a/content/base/src/nsDocument.cpp
+++ b/content/base/src/nsDocument.cpp
@@ -2368,17 +2368,17 @@ CSPErrorQueue::Add(const char* aMessageN
 }
 
 void
 CSPErrorQueue::Flush(nsIDocument* aDocument)
 {
   for (uint32_t i = 0; i < mErrors.Length(); i++) {
     nsContentUtils::ReportToConsole(nsIScriptError::warningFlag,
         "CSP", aDocument,
-        nsContentUtils::eDOM_PROPERTIES,
+        nsContentUtils::eSECURITY_PROPERTIES,
         mErrors[i]);
   }
   mErrors.Clear();
 }
 
 nsresult
 nsDocument::InitCSP(nsIChannel* aChannel)
 {
@@ -2525,32 +2525,21 @@ nsDocument::InitCSP(nsIChannel* aChannel
 
   // While we are supporting both CSP 1.0 and the x- headers, the 1.0 headers
   // take priority.  If any spec-compliant headers are present, the x- headers
   // are ignored, and the spec compliant parser is used.
   bool cspSpecCompliant = (!cspHeaderValue.IsEmpty() || !cspROHeaderValue.IsEmpty());
 
   // If the old header is present, warn that it will be deprecated.
   if (!cspOldHeaderValue.IsEmpty() || !cspOldROHeaderValue.IsEmpty()) {
-    nsContentUtils::ReportToConsole(nsIScriptError::warningFlag,
-                                    "CSP", this,
-                                    nsContentUtils::eDOM_PROPERTIES,
-                                    "OldCSPHeaderDeprecated");
-
-    // Additionally log deprecated warning to Web Console.
     mCSPWebConsoleErrorQueue.Add("OldCSPHeaderDeprecated");
 
     // Also, if the new headers AND the old headers were present, warn
     // that the old headers will be ignored.
     if (cspSpecCompliant) {
-      nsContentUtils::ReportToConsole(nsIScriptError::warningFlag,
-                                      "CSP", this,
-                                      nsContentUtils::eDOM_PROPERTIES,
-                                      "BothCSPHeadersPresent");
-      // Additionally log to Web Console.
       mCSPWebConsoleErrorQueue.Add("BothCSPHeadersPresent");
     }
   }
 
   // ----- if there's a full-strength CSP header, apply it.
   bool applyCSPFromHeader =
     (( cspSpecCompliant && !cspHeaderValue.IsEmpty()) ||
      (!cspSpecCompliant && !cspOldHeaderValue.IsEmpty()));
@@ -2577,21 +2566,16 @@ nsDocument::InitCSP(nsIChannel* aChannel
 
   // ----- if there's a report-only CSP header, apply it
   if (( cspSpecCompliant && !cspROHeaderValue.IsEmpty()) ||
       (!cspSpecCompliant && !cspOldROHeaderValue.IsEmpty())) {
     // post a warning and skip report-only CSP when both read only and regular
     // CSP policies are present since CSP only allows one policy and it can't
     // be partially report-only.
     if (applyAppDefaultCSP || applyCSPFromHeader) {
-      nsContentUtils::ReportToConsole(nsIScriptError::warningFlag,
-                                      "CSP", this,
-                                      nsContentUtils::eDOM_PROPERTIES,
-                                      "ReportOnlyCSPIgnored");
-      // Additionally log to Web Console.
       mCSPWebConsoleErrorQueue.Add("ReportOnlyCSPIgnored");
 #ifdef PR_LOGGING
       PR_LOG(gCspPRLog, PR_LOG_DEBUG,
               ("Skipped report-only CSP init for document %p because another, enforced policy is set", this));
 #endif
     } else {
       // we can apply the report-only policy because there's no other CSP
       // applied.
--- a/dom/locales/en-US/chrome/dom/dom.properties
+++ b/dom/locales/en-US/chrome/dom/dom.properties
@@ -78,17 +78,16 @@ FullScreenDeniedLostWindow=Request for f
 FullScreenDeniedSubDocFullScreen=Request for full-screen was denied because a subdocument of the document requesting full-screen is already full-screen.
 FullScreenDeniedNotDescendant=Request for full-screen was denied because requesting element is not a descendant of the current full-screen element.
 FullScreenDeniedNotFocusedTab=Request for full-screen was denied because requesting element is not in the currently focused tab.
 FullScreenDeniedContentOnly=Request for full-screen was denied because requesting element is in the chrome document and the fullscreen API is configured for content only.
 RemovedFullScreenElement=Exited full-screen because full-screen element was removed from document.
 FocusedWindowedPluginWhileFullScreen=Exited full-screen because windowed plugin was focused.
 HTMLSyncXHRWarning=HTML parsing in XMLHttpRequest is not supported in the synchronous mode.
 InvalidRedirectChannelWarning=Unable to redirect to %S because the channel doesn't implement nsIWritablePropertyBag2.
-ReportOnlyCSPIgnored=Report-only CSP policy will be ignored because there are other non-report-only CSP policies applied.
 ResponseTypeSyncXHRWarning=Use of XMLHttpRequest's responseType attribute is no longer supported in the synchronous mode in window context.
 WithCredentialsSyncXHRWarning=Use of XMLHttpRequest's withCredentials attribute is no longer supported in the synchronous mode in window context.
 TimeoutSyncXHRWarning=Use of XMLHttpRequest's timeout attribute is not supported in the synchronous mode in window context.
 JSONCharsetWarning=An attempt was made to declare a non-UTF-8 encoding for JSON retrieved using XMLHttpRequest. Only UTF-8 is supported for decoding JSON.
 # LOCALIZATION NOTE: Do not translate AudioBufferSourceNode
 MediaBufferSourceNodeResampleOutOfMemory=Insufficient memory to resample the AudioBufferSourceNode for playback.
 # LOCALIZATION NOTE: Do not translate decodeAudioData.
 MediaDecodeAudioDataUnknownContentType=The buffer passed to decodeAudioData contains an unknown content type.
@@ -123,18 +122,14 @@ MozSliceWarning=Use of mozSlice on the B
 # LOCALIZATION NOTE: Do not translate "Components"
 ComponentsWarning=The Components object is deprecated. It will soon be removed.
 PluginHangUITitle=Warning: Unresponsive plugin
 PluginHangUIMessage=%S may be busy, or it may have stopped responding. You can stop the plugin now, or you can continue to see if the plugin will complete.
 PluginHangUIWaitButton=Continue
 PluginHangUIStopButton=Stop plugin
 # LOCALIZATION NOTE: Do not translate "mozHidden", "mozVisibilityState", "hidden", or "visibilityState"
 PrefixedVisibilityApiWarning='mozHidden' and 'mozVisibilityState' are deprecated.  Please use the unprefixed 'hidden' and 'visibilityState' instead.
-# LOCALIZATION NOTE: Do not translate "X-Content-Security-Policy", "X-Content-Security-Policy-Report-Only",  "Content-Security-Policy" or "Content-Security-Policy-Report-Only"
-OldCSPHeaderDeprecated=The X-Content-Security-Policy and X-Content-Security-Report-Only headers will be deprecated in the future. Please use the Content-Security-Policy and Content-Security-Report-Only headers with CSP spec compliant syntax instead.
-# LOCALIZATION NOTE: Do not translate "X-Content-Security-Policy/Report-Only" or "Content-Security-Policy/Report-Only"
-BothCSPHeadersPresent=This site specified both an X-Content-Security-Policy/Report-Only header and a Content-Security-Policy/Report-Only header. The X-Content-Security-Policy/Report-Only header(s) will be ignored.
 # LOCALIZATION NOTE: Do not translate "NodeIterator" or "detach()".
 NodeIteratorDetachWarning=Calling detach() on a NodeIterator no longer has an effect.
 # LOCALIZATION NOTE: Do not translate "Mozilla Audio Data API" and "Web Audio API".
 MozAudioDataWarning=The Mozilla Audio Data API is deprecated.  Please use the Web Audio API instead.
 # LOCALIZATION NOTE: Do not translate "LenientThis" and "this"
 LenientThisWarning=Ignoring get or set of property that has [LenientThis] because the "this" object is incorrect.
--- a/dom/locales/en-US/chrome/security/security.properties
+++ b/dom/locales/en-US/chrome/security/security.properties
@@ -1,2 +1,10 @@
+# Mixed Content Blocker
 BlockMixedDisplayContent = Blocked loading mixed display content "%1$S"
 BlockMixedActiveContent = Blocked loading mixed active content "%1$S"
+
+# CSP
+ReportOnlyCSPIgnored=Report-only CSP policy will be ignored because there are other non-report-only CSP policies applied.
+# LOCALIZATION NOTE: Do not translate "X-Content-Security-Policy", "X-Content-Security-Policy-Report-Only",  "Content-Security-Policy" or "Content-Security-Policy-Report-Only"
+OldCSPHeaderDeprecated=The X-Content-Security-Policy and X-Content-Security-Report-Only headers will be deprecated in the future. Please use the Content-Security-Policy and Content-Security-Report-Only headers with CSP spec compliant syntax instead.
+# LOCALIZATION NOTE: Do not translate "X-Content-Security-Policy/Report-Only" or "Content-Security-Policy/Report-Only"
+BothCSPHeadersPresent=This site specified both an X-Content-Security-Policy/Report-Only header and a Content-Security-Policy/Report-Only header. The X-Content-Security-Policy/Report-Only header(s) will be ignored.