Bug 1331838 - Remove support for app URIs in CSP directives; r=ckerschb
☠☠ backed out by 1f5a359e77c4 ☠ ☠
authorEhsan Akhgari <ehsan@mozilla.com>
Tue, 17 Jan 2017 22:00:08 -0500
changeset 375032 7040329487e94de37890d010cfa9626c7b93a9b6
parent 374965 7715d62057e50fdafddeca167ecf2d1dbd79b35b
child 375033 bfcc3984fa6ccf668cc0b141e682c90b3f6b6260
push id6996
push userjlorenzo@mozilla.com
push dateMon, 06 Mar 2017 20:48:21 +0000
treeherdermozilla-beta@d89512dab048 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersckerschb
bugs1331838
milestone53.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1331838 - Remove support for app URIs in CSP directives; r=ckerschb
dom/security/test/gtest/TestCSPParser.cpp
--- a/dom/security/test/gtest/TestCSPParser.cpp
+++ b/dom/security/test/gtest/TestCSPParser.cpp
@@ -457,18 +457,16 @@ TEST(CSPParser, SimplePolicies)
     { "object-src media1.example.com media2.example.com *.cdn.example.com;",
       "object-src http://media1.example.com http://media2.example.com http://*.cdn.example.com" },
     { "script-src trustedscripts.example.com",
       "script-src http://trustedscripts.example.com" },
     { "script-src 'self' ; default-src trustedscripts.example.com",
       "script-src http://www.selfuri.com; default-src http://trustedscripts.example.com" },
     { "default-src 'none'; report-uri http://localhost:49938/test",
       "default-src 'none'; report-uri http://localhost:49938/test" },
-    { "default-src app://{app-host-is-uid}",
-      "default-src app://{app-host-is-uid}" },
     { "   ;   default-src abc",
       "default-src http://abc" },
     { " ; ; ; ;     default-src            abc    ; ; ; ;",
       "default-src http://abc" },
     { "script-src 'none' 'none' 'none';",
       "script-src 'none'" },
     { "script-src http://www.example.com/path-1//",
       "script-src http://www.example.com/path-1//" },
@@ -628,18 +626,16 @@ TEST(CSPParser, GoodGeneratedPolicies)
     { "media-src foo.bar",
       "media-src http://foo.bar" },
     { "frame-src *.bar",
       "frame-src http://*.bar" },
     { "font-src com",
       "font-src http://com" },
     { "connect-src f00b4r.com",
       "connect-src http://f00b4r.com" },
-    { "default-src {app-url-is-uid}",
-      "default-src http://{app-url-is-uid}" },
     { "script-src *.a.b.c",
       "script-src http://*.a.b.c" },
     { "object-src *.b.c",
       "object-src http://*.b.c" },
     { "style-src a.b.c",
       "style-src http://a.b.c" },
     { "img-src a.com",
       "img-src http://a.com" },
@@ -654,32 +650,26 @@ TEST(CSPParser, GoodGeneratedPolicies)
     { "default-src a.com:23",
       "default-src http://a.com:23" },
     { "script-src https://a.com:200",
       "script-src https://a.com:200" },
     { "object-src data:",
       "object-src data:" },
     { "style-src javascript:",
       "style-src javascript:" },
-    { "img-src {app-host-is-uid}",
-      "img-src http://{app-host-is-uid}" },
-    { "media-src app://{app-host-is-uid}",
-      "media-src app://{app-host-is-uid}" },
     { "frame-src https://foobar.com:443",
       "frame-src https://foobar.com:443" },
     { "font-src https://a.com:443",
       "font-src https://a.com:443" },
     { "connect-src http://a.com:80",
       "connect-src http://a.com:80" },
     { "default-src http://foobar.com",
       "default-src http://foobar.com" },
     { "script-src https://foobar.com",
       "script-src https://foobar.com" },
-    { "object-src https://{app-host-is-uid}",
-      "object-src https://{app-host-is-uid}" },
     { "style-src 'none'",
       "style-src 'none'" },
     { "img-src foo.bar:21 https://ras.bar",
       "img-src http://foo.bar:21 https://ras.bar" },
     { "media-src http://foo.bar:21 https://ras.bar:443",
       "media-src http://foo.bar:21 https://ras.bar:443" },
     { "frame-src http://self.com:80",
       "frame-src http://self.com:80" },