Bug 1030936 - [CSP] remove fast-path for certified apps once the C++ backend is activated. r=ckerschb
authorEthan Tseng <ettseng@mozilla.com>
Thu, 17 Dec 2015 12:07:37 +0800
changeset 316129 257051f3218b135671c7a21708d6af85b36515f7
parent 316005 4db9a94f362b3b12fb92f739f7841b39a5d60283
child 316130 9b7df7c7adc159676b893127d14ab9bc256a6a85
push id8516
push userjlund@mozilla.com
push dateFri, 18 Dec 2015 00:52:34 +0000
reviewersckerschb
bugs1030936
milestone46.0a1
Bug 1030936 - [CSP] remove fast-path for certified apps once the C++ backend is activated. r=ckerschb
dom/security/nsCSPService.cpp
--- a/dom/security/nsCSPService.cpp
+++ b/dom/security/nsCSPService.cpp
@@ -134,72 +134,16 @@ CSPService::ShouldLoad(uint32_t aContent
   // TYPE_REFRESH    -- never passed to ShouldLoad (see nsIContentPolicy.idl)
   // TYPE_DOCUMENT   -- used for frame-ancestors
   if (aContentType == nsIContentPolicy::TYPE_CSP_REPORT ||
     aContentType == nsIContentPolicy::TYPE_REFRESH ||
     aContentType == nsIContentPolicy::TYPE_DOCUMENT) {
     return NS_OK;
   }
 
-  // ----- THIS IS A TEMPORARY FAST PATH FOR CERTIFIED APPS. -----
-  // ----- PLEASE REMOVE ONCE bug 925004 LANDS.              -----
-
-  // Cache the app status for this origin.
-  uint16_t status = nsIPrincipal::APP_STATUS_NOT_INSTALLED;
-  nsAutoCString sourceOrigin;
-  if (aRequestPrincipal && aRequestOrigin) {
-    aRequestOrigin->GetPrePath(sourceOrigin);
-    if (!mAppStatusCache.Get(sourceOrigin, &status)) {
-      aRequestPrincipal->GetAppStatus(&status);
-      mAppStatusCache.Put(sourceOrigin, status);
-    }
-  }
-
-  if (status == nsIPrincipal::APP_STATUS_CERTIFIED) {
-    // The CSP for certified apps is :
-    // "default-src * data: blob:; script-src 'self'; object-src 'none'; style-src 'self' app://theme.gaiamobile.org:*"
-    // That means we can optimize for this case by:
-    // - loading same origin scripts and stylesheets, and stylesheets from the
-    //   theme url space.
-    // - never loading objects.
-    // - accepting everything else.
-
-    switch (aContentType) {
-      case nsIContentPolicy::TYPE_SCRIPT:
-      case nsIContentPolicy::TYPE_STYLESHEET:
-        {
-          // Whitelist the theme resources.
-          auto themeOrigin = Preferences::GetCString("b2g.theme.origin");
-          nsAutoCString contentOrigin;
-          aContentLocation->GetPrePath(contentOrigin);
-
-          if (!(sourceOrigin.Equals(contentOrigin) ||
-                (themeOrigin && themeOrigin.Equals(contentOrigin)))) {
-            *aDecision = nsIContentPolicy::REJECT_SERVER;
-          }
-        }
-        break;
-
-      case nsIContentPolicy::TYPE_OBJECT:
-        *aDecision = nsIContentPolicy::REJECT_SERVER;
-        break;
-
-      default:
-        *aDecision = nsIContentPolicy::ACCEPT;
-    }
-
-    // Only cache and return if we are successful. If not, we want the error
-    // to be reported, and thus fallback to the slow path.
-    if (*aDecision == nsIContentPolicy::ACCEPT) {
-      return NS_OK;
-    }
-  }
-
-  // ----- END OF TEMPORARY FAST PATH FOR CERTIFIED APPS. -----
-
   // query the principal of the document; if no document is passed, then
   // fall back to using the requestPrincipal (e.g. service workers do not
   // pass a document).
   nsCOMPtr<nsINode> node(do_QueryInterface(aRequestContext));
   nsCOMPtr<nsIPrincipal> principal = node ? node->NodePrincipal()
                                           : aRequestPrincipal;
   if (!principal) {
     // if we can't query a principal, then there is nothing to do.