Bug 1469150 - CSP: Scripts with valid nonce get blocked if URL redirects is fixed r=ckerschb
authorvinoth <cegvinoth@gmail.com>
Fri, 22 Jun 2018 20:35:14 +0300
changeset 423386 4b1d446faee677ac36221b66a3c13baa980cceda
parent 423385 20ca7307d1bb3dfab8f93ab482db89cae54ef1e2
child 423387 ce98fd40ce8214571163674970ccdb167a1b241b
push id34174
push userapavel@mozilla.com
push dateFri, 22 Jun 2018 21:50:06 +0000
treeherdermozilla-central@16a043079689 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersckerschb
bugs1469150
milestone62.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1469150 - CSP: Scripts with valid nonce get blocked if URL redirects is fixed r=ckerschb Reviewers: ckerschb Reviewed By: ckerschb Subscribers: ckerschb Bug #: 1469150 Differential Revision: https://phabricator.services.mozilla.com/D1720
dom/security/nsCSPService.cpp
--- a/dom/security/nsCSPService.cpp
+++ b/dom/security/nsCSPService.cpp
@@ -308,27 +308,28 @@ CSPService::AsyncOnChannelRedirect(nsICh
   /* On redirect, if the content policy is a preload type, rejecting the preload
    * results in the load silently failing, so we convert preloads to the actual
    * type. See Bug 1219453.
    */
   policyType =
     nsContentUtils::InternalContentPolicyTypeToExternalOrWorker(policyType);
 
   int16_t aDecision = nsIContentPolicy::ACCEPT;
+  nsCOMPtr<nsISupports> requestContext = loadInfo->GetLoadingContext();
   // 1) Apply speculative CSP for preloads
   if (isPreload) {
     nsCOMPtr<nsIContentSecurityPolicy> preloadCsp;
     loadInfo->LoadingPrincipal()->GetPreloadCsp(getter_AddRefs(preloadCsp));
 
     if (preloadCsp) {
       // Pass  originalURI as aExtra to indicate the redirect
       preloadCsp->ShouldLoad(policyType,     // load type per nsIContentPolicy (uint32_t)
                              newUri,         // nsIURI
                              nullptr,        // nsIURI
-                             nullptr,        // nsISupports
+                             requestContext, // nsISupports
                              EmptyCString(), // ACString - MIME guess
                              originalUri,    // aExtra
                              &aDecision);
 
       // if the preload policy already denied the load, then there
       // is no point in checking the real policy
       if (NS_CP_REJECTED(aDecision)) {
         autoCallback.DontCallback();
@@ -342,17 +343,17 @@ CSPService::AsyncOnChannelRedirect(nsICh
   nsCOMPtr<nsIContentSecurityPolicy> csp;
   loadInfo->LoadingPrincipal()->GetCsp(getter_AddRefs(csp));
 
   if (csp) {
     // Pass  originalURI as aExtra to indicate the redirect
     csp->ShouldLoad(policyType,     // load type per nsIContentPolicy (uint32_t)
                     newUri,         // nsIURI
                     nullptr,        // nsIURI
-                    nullptr,        // nsISupports
+                    requestContext, // nsISupports
                     EmptyCString(), // ACString - MIME guess
                     originalUri,    // aExtra
                     &aDecision);
   }
 
   // if ShouldLoad doesn't accept the load, cancel the request
   if (!NS_CP_ACCEPTED(aDecision)) {
     autoCallback.DontCallback();