Bug 1456151 - Apply Meta CSP to Content Privileged about:cache. r=ckerschb, r=Gijs
authorvinoth <cegvinoth@gmail.com>
Sat, 28 Apr 2018 09:50:45 -0400
changeset 416200 3565b2cec52c2f5f89a990452c02e847d5a03084
parent 416199 128fff8050cc13ebcddbc1adab9eae0a6f8057cf
child 416201 f9abb3479fdd7127f6e9be4c1638f88ef47240d0
push id33919
push usernerli@mozilla.com
push dateSun, 29 Apr 2018 09:48:23 +0000
treeherdermozilla-central@c552490c8659 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersckerschb, Gijs
bugs1456151
milestone61.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1456151 - Apply Meta CSP to Content Privileged about:cache. r=ckerschb, r=Gijs Differential Revision: https://phabricator.services.mozilla.com/D1013
modules/libpref/init/all.js
netwerk/protocol/about/nsAboutCache.cpp
toolkit/components/aboutcache/content/aboutCache.js
--- a/modules/libpref/init/all.js
+++ b/modules/libpref/init/all.js
@@ -2462,17 +2462,17 @@ pref("security.directory",              
 pref("security.dialog_enable_delay", 1000);
 pref("security.notification_enable_delay", 500);
 
 pref("security.csp.enable", true);
 pref("security.csp.experimentalEnabled", false);
 pref("security.csp.enableStrictDynamic", true);
 
 #if defined(DEBUG) && !defined(ANDROID)
-pref("csp.content_privileged_about_uris_without_csp", "blank,cache,credits,home,logo,newtab,printpreview,srcdoc,studies");
+pref("csp.content_privileged_about_uris_without_csp", "blank,credits,home,logo,newtab,printpreview,srcdoc,studies");
 #endif
 
 #ifdef NIGHTLY_BUILD
 pref("security.csp.enable_violation_events", true);
 #else
 pref("security.csp.enable_violation_events", false);
 #endif
 
--- a/netwerk/protocol/about/nsAboutCache.cpp
+++ b/netwerk/protocol/about/nsAboutCache.cpp
@@ -87,19 +87,19 @@ nsAboutCache::Channel::Init(nsIURI* aURI
     if (NS_FAILED(rv)) return rv;
 
     mBuffer.AssignLiteral(
         "<!DOCTYPE html>\n"
         "<html>\n"
         "<head>\n"
         "  <title>Network Cache Storage Information</title>\n"
         "  <meta charset=\"utf-8\">\n"
+        "  <meta http-equiv=\"Content-Security-Policy\" content=\"default-src chrome:\"/>\n"
         "  <link rel=\"stylesheet\" href=\"chrome://global/skin/about.css\"/>\n"
         "  <link rel=\"stylesheet\" href=\"chrome://global/skin/aboutCache.css\"/>\n"
-        "  <script src=\"chrome://global/content/aboutCache.js\"></script>"
         "</head>\n"
         "<body class=\"aboutPageWideContainer\">\n"
         "<h1>Information about the Network Cache Storage Service</h1>\n");
 
     // Add the context switch controls
     mBuffer.AppendLiteral(
         "<label><input id='priv' type='checkbox'/> Private</label>\n"
         "<label><input id='anon' type='checkbox'/> Anonymous</label>\n"
@@ -110,17 +110,17 @@ nsAboutCache::Channel::Init(nsIURI* aURI
     // The appid/inbrowser entries are already mixed in the default
     // view anyway.
     mBuffer.AppendLiteral(
         "<label><input id='appid' type='text' size='6'/> AppID</label>\n"
         "<label><input id='inbrowser' type='checkbox'/> In Browser Element</label>\n"
     );
 
     mBuffer.AppendLiteral(
-        "<label><input id='submit' type='button' value='Update' onclick='navigate()'/></label>\n"
+        "<label><input id='submit' type='button' value='Update'/></label>\n"
     );
 
     if (!mOverview) {
         mBuffer.AppendLiteral("<a href=\"about:cache?storage=&amp;context=");
         nsAppendEscapedHTML(mContextString, mBuffer);
         mBuffer.AppendLiteral("\">Back to overview</a>");
     }
 
@@ -529,16 +529,18 @@ nsAboutCache::Channel::OnCacheEntryVisit
         if (NS_SUCCEEDED(rv)) {
             // Expecting new round of OnCache* calls.
             return NS_OK;
         }
     }
 
     // We are done!
     mBuffer.AppendLiteral("</body>\n"
+                          "<script src=\"chrome://global/content/aboutCache.js\">"
+                          "</script>\n"
                           "</html>\n");
     nsresult rv = FlushBuffer();
     if (NS_FAILED(rv)) {
         NS_WARNING("Failed to flush buffer");
     }
     mStream->Close();
 
     return NS_OK;
--- a/toolkit/components/aboutcache/content/aboutCache.js
+++ b/toolkit/components/aboutcache/content/aboutCache.js
@@ -36,8 +36,11 @@ function navigate() {
     context += "b,";
   if ($("appid").value)
     context += "i" + $("appid").value + ",";
   if ($("priv").checked)
     context += "p,";
 
   window.location.href = "about:cache?storage=" + storage + "&context=" + context;
 }
+
+let submitButton = document.getElementById("submit");
+submitButton.addEventListener("click", navigate);