Bug 1337543 P3 Factor out code to set WorkerPrivate CSP from headers. r=baku draft
authorBen Kelly <ben@wanderview.com>
Mon, 13 Feb 2017 12:15:58 -0500
changeset 485868 7755d8b037271cf8ee0b7fd9544dca0331a36498
parent 485867 e42f752244c7dbed0f20ddb7bb2cbdec580c61f3
child 485869 2a02d5dc247039f2834ddb6764410c84d19d996a
push id45870
push userbmo:kechen@mozilla.com
push dateFri, 17 Feb 2017 09:36:54 +0000
reviewersbaku
bugs1337543
milestone54.0a1
Bug 1337543 P3 Factor out code to set WorkerPrivate CSP from headers. r=baku
dom/workers/ScriptLoader.cpp
dom/workers/WorkerPrivate.cpp
dom/workers/WorkerPrivate.h
--- a/dom/workers/ScriptLoader.cpp
+++ b/dom/workers/ScriptLoader.cpp
@@ -1129,58 +1129,19 @@ private:
       // Store the channel info if needed.
       mWorkerPrivate->InitChannelInfo(channel);
 
       MOZ_DIAGNOSTIC_ASSERT(mWorkerPrivate->FinalChannelPrincipalIsValid(channel));
 
       // We did inherit CSP in bug 1223647. If we do not already have a CSP, we
       // should get it from the HTTP headers on the worker script.
       if (!mWorkerPrivate->GetCSP() && CSPService::sCSPEnabled) {
-        NS_ConvertASCIItoUTF16 cspHeaderValue(tCspHeaderValue);
-        NS_ConvertASCIItoUTF16 cspROHeaderValue(tCspROHeaderValue);
-
-        nsIPrincipal* principal = mWorkerPrivate->GetPrincipal();
-        MOZ_ASSERT(principal, "Should not be null");
-
-        nsCOMPtr<nsIContentSecurityPolicy> csp;
-        rv = principal->EnsureCSP(nullptr, getter_AddRefs(csp));
-
-        if (csp) {
-          // If there's a CSP header, apply it.
-          if (!cspHeaderValue.IsEmpty()) {
-            rv = CSP_AppendCSPFromHeader(csp, cspHeaderValue, false);
-            NS_ENSURE_SUCCESS(rv, rv);
-          }
-          // If there's a report-only CSP header, apply it.
-          if (!cspROHeaderValue.IsEmpty()) {
-            rv = CSP_AppendCSPFromHeader(csp, cspROHeaderValue, true);
-            NS_ENSURE_SUCCESS(rv, rv);
-          }
-
-          // Set evalAllowed, default value is set in GetAllowsEval
-          bool evalAllowed = false;
-          bool reportEvalViolations = false;
-          rv = csp->GetAllowsEval(&reportEvalViolations, &evalAllowed);
-          NS_ENSURE_SUCCESS(rv, rv);
-
-          mWorkerPrivate->SetCSP(csp);
-          mWorkerPrivate->SetEvalAllowed(evalAllowed);
-          mWorkerPrivate->SetReportCSPViolations(reportEvalViolations);
-
-          // Set ReferrerPolicy, default value is set in GetReferrerPolicy
-          bool hasReferrerPolicy = false;
-          uint32_t rp = mozilla::net::RP_Unset;
-          rv = csp->GetReferrerPolicy(&rp, &hasReferrerPolicy);
-          NS_ENSURE_SUCCESS(rv, rv);
-
-
-          if (hasReferrerPolicy) { //FIXME bug 1307366: move RP out of CSP code
-            mWorkerPrivate->SetReferrerPolicy(static_cast<net::ReferrerPolicy>(rp));
-          }
-        }
+        rv = mWorkerPrivate->SetCSPFromHeaderValues(tCspHeaderValue,
+                                                    tCspROHeaderValue);
+        NS_ENSURE_SUCCESS(rv, rv);
       }
       WorkerPrivate* parent = mWorkerPrivate->GetParent();
       if (parent) {
         // XHR Params Allowed
         mWorkerPrivate->SetXHRParamsAllowed(parent->XHRParamsAllowed());
       }
     }
 
--- a/dom/workers/WorkerPrivate.cpp
+++ b/dom/workers/WorkerPrivate.cpp
@@ -53,16 +53,17 @@
 #include "mozilla/dom/Exceptions.h"
 #include "mozilla/dom/ExtendableMessageEventBinding.h"
 #include "mozilla/dom/FunctionBinding.h"
 #include "mozilla/dom/IndexedDatabaseManager.h"
 #include "mozilla/dom/MessageEvent.h"
 #include "mozilla/dom/MessageEventBinding.h"
 #include "mozilla/dom/MessagePort.h"
 #include "mozilla/dom/MessagePortBinding.h"
+#include "mozilla/dom/nsCSPUtils.h"
 #include "mozilla/dom/Performance.h"
 #include "mozilla/dom/PMessagePort.h"
 #include "mozilla/dom/Promise.h"
 #include "mozilla/dom/PromiseDebugging.h"
 #include "mozilla/dom/PromiseNativeHandler.h"
 #include "mozilla/dom/SimpleGlobalObject.h"
 #include "mozilla/dom/ScriptSettings.h"
 #include "mozilla/dom/StructuredCloneHolder.h"
@@ -2587,16 +2588,67 @@ WorkerPrivateParent<Derived>::GetDocumen
       return parent->mLoadInfo.mWindow->GetExtantDoc();
     }
     parent = parent->GetParent();
   }
   // couldn't query a document, give up and return nullptr
   return nullptr;
 }
 
+template <class Derived>
+nsresult
+WorkerPrivateParent<Derived>::SetCSPFromHeaderValues(const nsACString& aCSPHeaderValue,
+                                                     const nsACString& aCSPReportOnlyHeaderValue)
+{
+  AssertIsOnMainThread();
+  MOZ_DIAGNOSTIC_ASSERT(!mLoadInfo.mCSP);
+
+  NS_ConvertASCIItoUTF16 cspHeaderValue(aCSPHeaderValue);
+  NS_ConvertASCIItoUTF16 cspROHeaderValue(aCSPReportOnlyHeaderValue);
+
+  nsCOMPtr<nsIContentSecurityPolicy> csp;
+  nsresult rv = mLoadInfo.mPrincipal->EnsureCSP(nullptr, getter_AddRefs(csp));
+  if (!csp) {
+    return NS_OK;
+  }
+
+  // If there's a CSP header, apply it.
+  if (!cspHeaderValue.IsEmpty()) {
+    rv = CSP_AppendCSPFromHeader(csp, cspHeaderValue, false);
+    NS_ENSURE_SUCCESS(rv, rv);
+  }
+  // If there's a report-only CSP header, apply it.
+  if (!cspROHeaderValue.IsEmpty()) {
+    rv = CSP_AppendCSPFromHeader(csp, cspROHeaderValue, true);
+    NS_ENSURE_SUCCESS(rv, rv);
+  }
+
+  // Set evalAllowed, default value is set in GetAllowsEval
+  bool evalAllowed = false;
+  bool reportEvalViolations = false;
+  rv = csp->GetAllowsEval(&reportEvalViolations, &evalAllowed);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  // Set ReferrerPolicy, default value is set in GetReferrerPolicy
+  bool hasReferrerPolicy = false;
+  uint32_t rp = mozilla::net::RP_Unset;
+  rv = csp->GetReferrerPolicy(&rp, &hasReferrerPolicy);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  mLoadInfo.mCSP = csp;
+  mLoadInfo.mEvalAllowed = evalAllowed;
+  mLoadInfo.mReportCSPViolations = reportEvalViolations;
+
+  if (hasReferrerPolicy) {
+    mLoadInfo.mReferrerPolicy = static_cast<net::ReferrerPolicy>(rp);
+  }
+
+  return NS_OK;
+}
+
 
 // Can't use NS_IMPL_CYCLE_COLLECTION_CLASS(WorkerPrivateParent) because of the
 // templates.
 template <class Derived>
 typename WorkerPrivateParent<Derived>::cycleCollection
   WorkerPrivateParent<Derived>::_cycleCollectorGlobal =
     WorkerPrivateParent<Derived>::cycleCollection();
 
--- a/dom/workers/WorkerPrivate.h
+++ b/dom/workers/WorkerPrivate.h
@@ -655,16 +655,20 @@ public:
 
   void
   SetCSP(nsIContentSecurityPolicy* aCSP)
   {
     AssertIsOnMainThread();
     mLoadInfo.mCSP = aCSP;
   }
 
+  nsresult
+  SetCSPFromHeaderValues(const nsACString& aCSPHeaderValue,
+                         const nsACString& aCSPReportOnlyHeaderValue);
+
   net::ReferrerPolicy
   GetReferrerPolicy() const
   {
     return mLoadInfo.mReferrerPolicy;
   }
 
   void
   SetReferrerPolicy(net::ReferrerPolicy aReferrerPolicy)