Bug 1547957: Only assert explicit CSP and CSP within Principal is equal when dealing with a CodebasePrincipal. r=jkt
authorChristoph Kerschbaumer <ckerschb@christophkerschbaumer.com>
Fri, 03 May 2019 09:16:40 +0000
changeset 531276 8778ff51081f67123cb65463d27923150624dccc
parent 531259 03166449953fbcaaf6c66d2c3b358319781a0e52
child 531277 a43b68bbe67db228211e414a6e33490ce46a8ba4
push id11265
push userffxbld-merge
push dateMon, 13 May 2019 10:53:39 +0000
treeherdermozilla-beta@77e0fe8dbdd3 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjkt
bugs1547957
milestone68.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1547957: Only assert explicit CSP and CSP within Principal is equal when dealing with a CodebasePrincipal. r=jkt Differential Revision: https://phabricator.services.mozilla.com/D29380
docshell/base/nsDocShell.cpp
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@@ -9950,18 +9950,20 @@ nsresult nsDocShell::DoURILoad(nsDocShel
 
   // Navigational requests that are same origin need to be upgraded in case
   // upgrade-insecure-requests is present. Please note that in that case
   // the triggeringPrincipal is holding the CSP that potentially
   // holds upgrade-insecure-requests.
   nsCOMPtr<nsIContentSecurityPolicy> csp;
   aLoadState->TriggeringPrincipal()->GetCsp(getter_AddRefs(csp));
 #ifdef DEBUG
-  if (!aLoadState->TriggeringPrincipal()->GetIsNullPrincipal()) {
-    // After Bug 965637 we can remove that assertion anyway.
+  // We only serialize the CSP within CodebasePrincipals hence
+  // lets only assert if the load is triggered by a CodebesPrincipal.
+  // After Bug 965637 we can remove that assertion anyway.
+  if (aLoadState->TriggeringPrincipal()->GetIsCodebasePrincipal()) {
     nsCOMPtr<nsIContentSecurityPolicy> argsCSP = aLoadState->Csp();
     MOZ_ASSERT(nsCSPContext::Equals(csp, argsCSP));
   }
 #endif
 
   if (csp) {
     bool upgradeInsecureRequests = false;
     csp->GetUpgradeInsecureRequests(&upgradeInsecureRequests);