Bug 1330383 - fetch original style sheet text using TYPE_OTHER; r=gl
authorTom Tromey <tom@tromey.com>
Wed, 13 Sep 2017 13:36:50 -0600
changeset 430392 90bdf871a8d1fa732bbbfed1ebcb3e1fca64611c
parent 430391 270740992bc6efc61b25eef182f59570ccec7c86
child 430393 18a13126bd54093373d78e7e9b7583e5ee23e2de
push id7761
push userjlund@mozilla.com
push dateFri, 15 Sep 2017 00:19:52 +0000
treeherdermozilla-beta@c38455951db4 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersgl
bugs1330383
milestone57.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1330383 - fetch original style sheet text using TYPE_OTHER; r=gl Using TYPE_INTERNAL_STYLESHEET here is incorrect because we're not necessarily fetching style sheets -- just some text. This may run afoul of X-Content-Type-Options. MozReview-Commit-ID: HB7YfWwq6CI
devtools/client/styleeditor/test/browser.ini
devtools/client/styleeditor/test/sourcemap-sass/sourcemaps.scss^headers^
devtools/server/actors/stylesheets.js
--- a/devtools/client/styleeditor/test/browser.ini
+++ b/devtools/client/styleeditor/test/browser.ini
@@ -33,16 +33,17 @@ support-files =
   sourcemap-css/contained.css
   sourcemap-css/sourcemaps.css
   sourcemap-css/sourcemaps.css.map
   sourcemap-css/media-rules.css
   sourcemap-css/media-rules.css.map
   sourcemap-css/test-bootstrap-scss.css
   sourcemap-css/test-stylus.css
   sourcemap-sass/sourcemaps.scss
+  sourcemap-sass/sourcemaps.scss^headers^
   sourcemap-sass/media-rules.scss
   sourcemap-styl/test-stylus.styl
   sourcemaps.html
   sourcemaps-inline.html
   sourcemaps-large.html
   sourcemaps-watching.html
   test_private.css
   test_private.html
new file mode 100644
--- /dev/null
+++ b/devtools/client/styleeditor/test/sourcemap-sass/sourcemaps.scss^headers^
@@ -0,0 +1,2 @@
+X-Content-Type-Options: nosniff
+Content-Type: text/plain
--- a/devtools/server/actors/stylesheets.js
+++ b/devtools/server/actors/stylesheets.js
@@ -83,17 +83,22 @@ var OriginalSourceActor = protocol.Actor
       return promise.resolve(this.text);
     }
     let content = this.sourceMap.sourceContentFor(this.url);
     if (content) {
       this.text = content;
       return promise.resolve(content);
     }
     let options = {
-      policy: Ci.nsIContentPolicy.TYPE_INTERNAL_STYLESHEET,
+      // Make sure to use TYPE_OTHER - we are not fetching necessarily
+      // even fetching a style sheet, and anyway we're not planning to
+      // use it as a style sheet per se but rather just for its text;
+      // and this avoids problems with X-Content-Type-Options:
+      // nosniff.  See bug 1330383.
+      policy: Ci.nsIContentPolicy.TYPE_OTHER,
       window: this.window
     };
     return fetch(this.url, options).then(({content: text}) => {
       this.text = text;
       return text;
     });
   },