Bug 1337543 P3 Factor out code to set WorkerPrivate CSP from headers. r=baku
--- a/dom/workers/ScriptLoader.cpp
+++ b/dom/workers/ScriptLoader.cpp
@@ -1129,58 +1129,19 @@ private:
// Store the channel info if needed.
mWorkerPrivate->InitChannelInfo(channel);
MOZ_DIAGNOSTIC_ASSERT(mWorkerPrivate->FinalChannelPrincipalIsValid(channel));
// We did inherit CSP in bug 1223647. If we do not already have a CSP, we
// should get it from the HTTP headers on the worker script.
if (!mWorkerPrivate->GetCSP() && CSPService::sCSPEnabled) {
- NS_ConvertASCIItoUTF16 cspHeaderValue(tCspHeaderValue);
- NS_ConvertASCIItoUTF16 cspROHeaderValue(tCspROHeaderValue);
-
- nsIPrincipal* principal = mWorkerPrivate->GetPrincipal();
- MOZ_ASSERT(principal, "Should not be null");
-
- nsCOMPtr<nsIContentSecurityPolicy> csp;
- rv = principal->EnsureCSP(nullptr, getter_AddRefs(csp));
-
- if (csp) {
- // If there's a CSP header, apply it.
- if (!cspHeaderValue.IsEmpty()) {
- rv = CSP_AppendCSPFromHeader(csp, cspHeaderValue, false);
- NS_ENSURE_SUCCESS(rv, rv);
- }
- // If there's a report-only CSP header, apply it.
- if (!cspROHeaderValue.IsEmpty()) {
- rv = CSP_AppendCSPFromHeader(csp, cspROHeaderValue, true);
- NS_ENSURE_SUCCESS(rv, rv);
- }
-
- // Set evalAllowed, default value is set in GetAllowsEval
- bool evalAllowed = false;
- bool reportEvalViolations = false;
- rv = csp->GetAllowsEval(&reportEvalViolations, &evalAllowed);
- NS_ENSURE_SUCCESS(rv, rv);
-
- mWorkerPrivate->SetCSP(csp);
- mWorkerPrivate->SetEvalAllowed(evalAllowed);
- mWorkerPrivate->SetReportCSPViolations(reportEvalViolations);
-
- // Set ReferrerPolicy, default value is set in GetReferrerPolicy
- bool hasReferrerPolicy = false;
- uint32_t rp = mozilla::net::RP_Unset;
- rv = csp->GetReferrerPolicy(&rp, &hasReferrerPolicy);
- NS_ENSURE_SUCCESS(rv, rv);
-
-
- if (hasReferrerPolicy) { //FIXME bug 1307366: move RP out of CSP code
- mWorkerPrivate->SetReferrerPolicy(static_cast<net::ReferrerPolicy>(rp));
- }
- }
+ rv = mWorkerPrivate->SetCSPFromHeaderValues(tCspHeaderValue,
+ tCspROHeaderValue);
+ NS_ENSURE_SUCCESS(rv, rv);
}
WorkerPrivate* parent = mWorkerPrivate->GetParent();
if (parent) {
// XHR Params Allowed
mWorkerPrivate->SetXHRParamsAllowed(parent->XHRParamsAllowed());
}
}
--- a/dom/workers/WorkerPrivate.cpp
+++ b/dom/workers/WorkerPrivate.cpp
@@ -53,16 +53,17 @@
#include "mozilla/dom/Exceptions.h"
#include "mozilla/dom/ExtendableMessageEventBinding.h"
#include "mozilla/dom/FunctionBinding.h"
#include "mozilla/dom/IndexedDatabaseManager.h"
#include "mozilla/dom/MessageEvent.h"
#include "mozilla/dom/MessageEventBinding.h"
#include "mozilla/dom/MessagePort.h"
#include "mozilla/dom/MessagePortBinding.h"
+#include "mozilla/dom/nsCSPUtils.h"
#include "mozilla/dom/Performance.h"
#include "mozilla/dom/PMessagePort.h"
#include "mozilla/dom/Promise.h"
#include "mozilla/dom/PromiseDebugging.h"
#include "mozilla/dom/PromiseNativeHandler.h"
#include "mozilla/dom/SimpleGlobalObject.h"
#include "mozilla/dom/ScriptSettings.h"
#include "mozilla/dom/StructuredCloneHolder.h"
@@ -2587,16 +2588,67 @@ WorkerPrivateParent<Derived>::GetDocumen
return parent->mLoadInfo.mWindow->GetExtantDoc();
}
parent = parent->GetParent();
}
// couldn't query a document, give up and return nullptr
return nullptr;
}
+template <class Derived>
+nsresult
+WorkerPrivateParent<Derived>::SetCSPFromHeaderValues(const nsACString& aCSPHeaderValue,
+ const nsACString& aCSPReportOnlyHeaderValue)
+{
+ AssertIsOnMainThread();
+ MOZ_DIAGNOSTIC_ASSERT(!mLoadInfo.mCSP);
+
+ NS_ConvertASCIItoUTF16 cspHeaderValue(aCSPHeaderValue);
+ NS_ConvertASCIItoUTF16 cspROHeaderValue(aCSPReportOnlyHeaderValue);
+
+ nsCOMPtr<nsIContentSecurityPolicy> csp;
+ nsresult rv = mLoadInfo.mPrincipal->EnsureCSP(nullptr, getter_AddRefs(csp));
+ if (!csp) {
+ return NS_OK;
+ }
+
+ // If there's a CSP header, apply it.
+ if (!cspHeaderValue.IsEmpty()) {
+ rv = CSP_AppendCSPFromHeader(csp, cspHeaderValue, false);
+ NS_ENSURE_SUCCESS(rv, rv);
+ }
+ // If there's a report-only CSP header, apply it.
+ if (!cspROHeaderValue.IsEmpty()) {
+ rv = CSP_AppendCSPFromHeader(csp, cspROHeaderValue, true);
+ NS_ENSURE_SUCCESS(rv, rv);
+ }
+
+ // Set evalAllowed, default value is set in GetAllowsEval
+ bool evalAllowed = false;
+ bool reportEvalViolations = false;
+ rv = csp->GetAllowsEval(&reportEvalViolations, &evalAllowed);
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ // Set ReferrerPolicy, default value is set in GetReferrerPolicy
+ bool hasReferrerPolicy = false;
+ uint32_t rp = mozilla::net::RP_Unset;
+ rv = csp->GetReferrerPolicy(&rp, &hasReferrerPolicy);
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ mLoadInfo.mCSP = csp;
+ mLoadInfo.mEvalAllowed = evalAllowed;
+ mLoadInfo.mReportCSPViolations = reportEvalViolations;
+
+ if (hasReferrerPolicy) {
+ mLoadInfo.mReferrerPolicy = static_cast<net::ReferrerPolicy>(rp);
+ }
+
+ return NS_OK;
+}
+
// Can't use NS_IMPL_CYCLE_COLLECTION_CLASS(WorkerPrivateParent) because of the
// templates.
template <class Derived>
typename WorkerPrivateParent<Derived>::cycleCollection
WorkerPrivateParent<Derived>::_cycleCollectorGlobal =
WorkerPrivateParent<Derived>::cycleCollection();
--- a/dom/workers/WorkerPrivate.h
+++ b/dom/workers/WorkerPrivate.h
@@ -655,16 +655,20 @@ public:
void
SetCSP(nsIContentSecurityPolicy* aCSP)
{
AssertIsOnMainThread();
mLoadInfo.mCSP = aCSP;
}
+ nsresult
+ SetCSPFromHeaderValues(const nsACString& aCSPHeaderValue,
+ const nsACString& aCSPReportOnlyHeaderValue);
+
net::ReferrerPolicy
GetReferrerPolicy() const
{
return mLoadInfo.mReferrerPolicy;
}
void
SetReferrerPolicy(net::ReferrerPolicy aReferrerPolicy)