Bug 873187 - Back out 821877 from Firefox 23. a=lsblakk
authorGarrett Robinson <grobinson@mozilla.com>
Wed, 22 May 2013 15:08:32 -0400
changeset 138529 7c7e6e87fe7675aa4c4c4ec78cbaef9eb6511aa1
parent 138528 729fb1f47da8582b0bf94c55fe33ee1a06866453
child 138530 2432964bf0be5f3d6c05f20f3e5b1bad81d7ec60
push id3779
push userryanvm@gmail.com
push dateWed, 22 May 2013 19:08:57 +0000
treeherdermozilla-aurora@7c7e6e87fe76 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerslsblakk
bugs873187, 821877
milestone23.0a2
Bug 873187 - Back out 821877 from Firefox 23. a=lsblakk
browser/devtools/webconsole/test/Makefile.in
browser/devtools/webconsole/test/browser_webconsole_bug_770099_violation.js
browser/devtools/webconsole/test/browser_webconsole_bug_821877_csp_errors.js
browser/devtools/webconsole/test/test-bug-821877-csperrors.html
browser/devtools/webconsole/test/test-bug-821877-csperrors.html^headers^
content/base/src/nsDocument.cpp
content/base/src/nsDocument.h
--- a/browser/devtools/webconsole/test/Makefile.in
+++ b/browser/devtools/webconsole/test/Makefile.in
@@ -110,17 +110,16 @@ MOCHITEST_BROWSER_FILES = \
 	browser_result_format_as_string.js \
 	browser_webconsole_bug_737873_mixedcontent.js \
 	browser_output_breaks_after_console_dir_uninspectable.js \
 	browser_console_log_inspectable_object.js \
 	browser_bug_638949_copy_link_location.js \
 	browser_output_longstring_expand.js \
 	browser_netpanel_longstring_expand.js \
 	browser_repeated_messages_accuracy.js \
-	browser_webconsole_bug_821877_csp_errors.js \
 	browser_eval_in_debugger_stackframe.js \
 	browser_console_variables_view.js \
 	browser_console_variables_view_while_debugging.js \
 	browser_console.js \
 	browser_longstring_hang.js \
 	browser_console_consolejsm_output.js \
 	browser_webconsole_bug_837351_securityerrors.js \
 	browser_bug_865871_variables_view_close_on_esc_key.js \
@@ -223,18 +222,16 @@ MOCHITEST_BROWSER_FILES += \
 	test_bug_770099_bad_policy_uri.html \
 	test_bug_770099_bad_policy_uri.html^headers^ \
 	test-result-format-as-string.html \
 	test-bug-737873-mixedcontent.html \
 	test-repeated-messages.html \
 	test-bug-766001-console-log.js \
 	test-bug-766001-js-console-links.html \
 	test-bug-766001-js-errors.js \
-	test-bug-821877-csperrors.html \
-	test-bug-821877-csperrors.html^headers^ \
 	test-eval-in-stackframe.html \
 	test-bug-859170-longstring-hang.html \
 	test-bug-837351-security-errors.html \
 	test-bug-869003-top-window.html \
 	test-bug-869003-iframe.html \
 	$(NULL)
 
 include $(topsrcdir)/config/rules.mk
--- a/browser/devtools/webconsole/test/browser_webconsole_bug_770099_violation.js
+++ b/browser/devtools/webconsole/test/browser_webconsole_bug_770099_violation.js
@@ -3,17 +3,16 @@
  * Any copyright is dedicated to the Public Domain.
  * http://creativecommons.org/publicdomain/zero/1.0/
  *
  * ***** END LICENSE BLOCK ***** */
 
 // Tests that the Web Console CSP messages are displayed
 
 const TEST_VIOLATION = "https://example.com/browser/browser/devtools/webconsole/test/test_bug_770099_violation.html";
-const CSP_VIOLATION_MSG = "CSP WARN:  Directive default-src https://example.com:443 violated by http://some.example.com/test.png"
 
 let hud = undefined;
 
 function test() {
   addTab("data:text/html;charset=utf8,Web Console CSP violation test");
   browser.addEventListener("load", function _onLoad() {
     browser.removeEventListener("load", _onLoad, true);
     openConsole(null, loadDocument);
@@ -30,17 +29,27 @@ function loadDocument(theHud){
 function onLoad(aEvent) {
   browser.removeEventListener("load", onLoad, true);
   testViolationMessage();
 }
 
 function testViolationMessage(){
   let aOutputNode = hud.outputNode;
 
-  waitForSuccess({
+  waitForSuccess(
+    {
       name: "CSP policy URI warning displayed successfully",
       validatorFn: function() {
-        return hud.outputNode.textContent.indexOf(CSP_VIOLATION_MSG) > -1;
+        return aOutputNode.querySelector(".webconsole-msg-warn");
       },
-      successFn: finishTest,
+
+      successFn: function() {
+        //tests on the urlnode
+        let node = aOutputNode.querySelector(".webconsole-msg-warn");
+        isnot(node.textContent.indexOf("violated"), -1,
+                                       "CSP violation message found");
+        finishTest();
+      },
+
       failureFn: finishTest,
-    });
+    }
+  );
 }
deleted file mode 100644
--- a/browser/devtools/webconsole/test/browser_webconsole_bug_821877_csp_errors.js
+++ /dev/null
@@ -1,28 +0,0 @@
-// Tests that CSP errors from nsDocument::InitCSP are logged to the Web Console
-
-/* Any copyright is dedicated to the Public Domain.
- * http://creativecommons.org/publicdomain/zero/1.0/ */
-
-const TEST_URI = "https://example.com/browser/browser/devtools/webconsole/test/test-bug-821877-csperrors.html";
-const CSP_DEPRECATED_HEADER_MSG = "The X-Content-Security-Policy and X-Content-Security-Report-Only headers will be deprecated in the future. Please use the Content-Security-Policy and Content-Security-Report-Only headers with CSP spec compliant syntax instead.";
-
-function test()
-{
-  addTab(TEST_URI);
-  browser.addEventListener("load", function onLoad(aEvent) {
-    browser.removeEventListener(aEvent.type, onLoad, true);
-    openConsole(null, function testCSPErrorLogged (hud) {
-      waitForMessages({
-        webconsole: hud,
-        messages: [
-          {
-            name: "Deprecated CSP header error displayed successfully",
-            text: CSP_DEPRECATED_HEADER_MSG,
-            category: CATEGORY_SECURITY,
-            severity: SEVERITY_WARNING
-          },
-        ],
-      }).then(finishTest);
-    });
-  }, true);
-}
deleted file mode 100644
--- a/browser/devtools/webconsole/test/test-bug-821877-csperrors.html
+++ /dev/null
@@ -1,12 +0,0 @@
-<!doctype html>
-<html>
-  <head>
-    <meta charset="utf8">
-    <title>Bug 821877 - Log CSP Errors to Web Console</title>
-    <!-- Any copyright is dedicated to the Public Domain.
-       - http://creativecommons.org/publicdomain/zero/1.0/ -->
-  </head>
-  <body>
-    <p>This page is served with a deprecated CSP header.</p>
-  </body>
-</html>
deleted file mode 100644
--- a/browser/devtools/webconsole/test/test-bug-821877-csperrors.html^headers^
+++ /dev/null
@@ -1,1 +0,0 @@
-X-Content-Security-Policy: default-src *; options inline-script
--- a/content/base/src/nsDocument.cpp
+++ b/content/base/src/nsDocument.cpp
@@ -2399,34 +2399,16 @@ nsDocument::StartDocumentLoad(const char
   }
 
   nsresult rv = InitCSP(aChannel);
   NS_ENSURE_SUCCESS(rv, rv);
 
   return NS_OK;
 }
 
-void
-CSPErrorQueue::Add(const char* aMessageName)
-{
-  mErrors.AppendElement(aMessageName);
-}
-
-void
-CSPErrorQueue::Flush(nsIDocument* aDocument)
-{
-  for (uint32_t i = 0; i < mErrors.Length(); i++) {
-    nsContentUtils::ReportToConsole(nsIScriptError::warningFlag,
-        "CSP", aDocument,
-        nsContentUtils::eSECURITY_PROPERTIES,
-        mErrors[i]);
-  }
-  mErrors.Clear();
-}
-
 nsresult
 nsDocument::InitCSP(nsIChannel* aChannel)
 {
   nsCOMPtr<nsIContentSecurityPolicy> csp;
   if (!CSPService::sCSPEnabled) {
 #ifdef PR_LOGGING
     PR_LOG(gCspPRLog, PR_LOG_DEBUG,
            ("CSP is disabled, skipping CSP init for document %p", this));
@@ -2568,22 +2550,28 @@ nsDocument::InitCSP(nsIChannel* aChannel
 
   // While we are supporting both CSP 1.0 and the x- headers, the 1.0 headers
   // take priority.  If any spec-compliant headers are present, the x- headers
   // are ignored, and the spec compliant parser is used.
   bool cspSpecCompliant = (!cspHeaderValue.IsEmpty() || !cspROHeaderValue.IsEmpty());
 
   // If the old header is present, warn that it will be deprecated.
   if (!cspOldHeaderValue.IsEmpty() || !cspOldROHeaderValue.IsEmpty()) {
-    mCSPWebConsoleErrorQueue.Add("OldCSPHeaderDeprecated");
+    nsContentUtils::ReportToConsole(nsIScriptError::warningFlag,
+                                    "CSP", this,
+                                    nsContentUtils::eSECURITY_PROPERTIES,
+                                    "OldCSPHeaderDeprecated");
 
     // Also, if the new headers AND the old headers were present, warn
     // that the old headers will be ignored.
     if (cspSpecCompliant) {
-      mCSPWebConsoleErrorQueue.Add("BothCSPHeadersPresent");
+      nsContentUtils::ReportToConsole(nsIScriptError::warningFlag,
+                                      "CSP", this,
+                                      nsContentUtils::eSECURITY_PROPERTIES,
+                                      "BothCSPHeadersPresent");
     }
   }
 
   // ----- if there's a full-strength CSP header, apply it.
   bool applyCSPFromHeader =
     (( cspSpecCompliant && !cspHeaderValue.IsEmpty()) ||
      (!cspSpecCompliant && !cspOldHeaderValue.IsEmpty()));
 
@@ -2609,17 +2597,20 @@ nsDocument::InitCSP(nsIChannel* aChannel
 
   // ----- if there's a report-only CSP header, apply it
   if (( cspSpecCompliant && !cspROHeaderValue.IsEmpty()) ||
       (!cspSpecCompliant && !cspOldROHeaderValue.IsEmpty())) {
     // post a warning and skip report-only CSP when both read only and regular
     // CSP policies are present since CSP only allows one policy and it can't
     // be partially report-only.
     if (applyAppDefaultCSP || applyCSPFromHeader) {
-      mCSPWebConsoleErrorQueue.Add("ReportOnlyCSPIgnored");
+      nsContentUtils::ReportToConsole(nsIScriptError::warningFlag,
+                                      "CSP", this,
+                                      nsContentUtils::eSECURITY_PROPERTIES,
+                                      "ReportOnlyCSPIgnored");
 #ifdef PR_LOGGING
       PR_LOG(gCspPRLog, PR_LOG_DEBUG,
               ("Skipped report-only CSP init for document %p because another, enforced policy is set", this));
 #endif
     } else {
       // we can apply the report-only policy because there's no other CSP
       // applied.
       csp->SetReportOnlyMode(true);
@@ -4193,20 +4184,16 @@ nsDocument::SetScriptGlobalObject(nsIScr
     MaybeRescheduleAnimationFrameNotifications();
   }
 
   // Remember the pointer to our window (or lack there of), to avoid
   // having to QI every time it's asked for.
   nsCOMPtr<nsPIDOMWindow> window = do_QueryInterface(mScriptGlobalObject);
   mWindow = window;
 
-  // Now that we know what our window is, we can flush the CSP errors to the
-  // Web Console.
-  FlushCSPWebConsoleErrorQueue();
-
   // Set our visibility state, but do not fire the event.  This is correct
   // because either we're coming out of bfcache (in which case IsVisible() will
   // still test false at this point and no state change will happen) or we're
   // doing the initial document load and don't want to fire the event for this
   // change.
   mVisibilityState = GetVisibilityState();
 }
 
--- a/content/base/src/nsDocument.h
+++ b/content/base/src/nsDocument.h
@@ -458,39 +458,16 @@ protected:
                                nsILoadGroup* aLoadGroup,
                                nsIDocument* aDisplayDocument);
   
   nsClassHashtable<nsURIHashKey, ExternalResource> mMap;
   nsRefPtrHashtable<nsURIHashKey, PendingLoad> mPendingLoads;
   bool mHaveShutDown;
 };
 
-class CSPErrorQueue
-{
-  public:
-    /**
-     * Note this was designed to be passed string literals. If you give it
-     * a dynamically allocated string, it is your responsibility to make sure
-     * it never dies and is properly freed!
-     */
-    void Add(const char* aMessageName);
-    void Flush(nsIDocument* aDocument);
-
-    CSPErrorQueue()
-    {
-    }
-
-    ~CSPErrorQueue()
-    {
-    }
-
-  private:
-    nsAutoTArray<const char*,5> mErrors;
-};
-
 // Base class for our document implementations.
 //
 // Note that this class *implements* nsIDOMXMLDocument, but it's not
 // really an nsIDOMXMLDocument. The reason for implementing
 // nsIDOMXMLDocument on this class is to avoid having to duplicate all
 // its inherited methods on document classes that *are*
 // nsIDOMXMLDocument's. nsDocument's QI should *not* claim to support
 // nsIDOMXMLDocument unless someone writes a real implementation of
@@ -1335,21 +1312,16 @@ private:
   void NotifyStyleSheetRemoved(nsIStyleSheet* aSheet, bool aDocumentSheet);
 
   void PostUnblockOnloadEvent();
   void DoUnblockOnload();
 
   nsresult CheckFrameOptions();
   nsresult InitCSP(nsIChannel* aChannel);
 
-  void FlushCSPWebConsoleErrorQueue()
-  {
-    mCSPWebConsoleErrorQueue.Flush(this);
-  }
-
   /**
    * Find the (non-anonymous) content in this document for aFrame. It will
    * be aFrame's content node if that content is in this document and not
    * anonymous. Otherwise, when aFrame is in a subdocument, we use the frame
    * element containing the subdocument containing aFrame, and/or find the
    * nearest non-anonymous ancestor in this document.
    * Returns null if there is no such element.
    */
@@ -1438,18 +1410,16 @@ private:
   bool mValidWidth, mValidHeight;
   float mScaleMinFloat, mScaleMaxFloat, mScaleFloat, mPixelRatio;
   bool mAutoSize, mAllowZoom, mValidScaleFloat, mValidMaxScale, mScaleStrEmpty, mWidthStrEmpty;
   uint32_t mViewportWidth, mViewportHeight;
 
   nsrefcnt mStackRefCnt;
   bool mNeedsReleaseAfterStackRefCntRelease;
 
-  CSPErrorQueue mCSPWebConsoleErrorQueue;
-
 #ifdef DEBUG
 protected:
   bool mWillReparent;
 #endif
 };
 
 class nsDocumentOnStack
 {