Backed out changeset 9c1069e2a42e (bug 1236222) for failing xpcshell test test_csp_reports.js. r=backout
authorSebastian Hengst <archaeopteryx@coole-files.de>
Wed, 09 Nov 2016 11:31:38 +0100
changeset 351857 eac5fd08280a9cfa83925050cd70facc8252eac9
parent 351856 b86094c4eafc59ef953655fa6996ca242bd55320
child 351858 336759fad4621dfcd0a3293840edbed67018accd
child 351927 bb7b525fe7e74b3d672fe3ee448c37dad5c345f1
push id6795
push userjlund@mozilla.com
push dateMon, 23 Jan 2017 14:19:46 +0000
treeherdermozilla-esr52@76101b503191 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbackout
bugs1236222
milestone52.0a1
backs out9c1069e2a42e1f296ff040694da3e712ec449ab6
Backed out changeset 9c1069e2a42e (bug 1236222) for failing xpcshell test test_csp_reports.js. r=backout
dom/security/nsCSPContext.cpp
dom/security/nsCSPContext.h
dom/security/test/csp/test_report.html
--- a/dom/security/nsCSPContext.cpp
+++ b/dom/security/nsCSPContext.cpp
@@ -792,17 +792,17 @@ StripURIForReporting(nsIURI* aURI,
  * @param aSourceFile
  *        name of the file containing the inline script violation
  * @param aScriptSample
  *        a sample of the violating inline script
  * @param aLineNum
  *        source line number of the violation (if available)
  */
 nsresult
-nsCSPContext::SendReports(nsIURI* aBlockedURI,
+nsCSPContext::SendReports(nsISupports* aBlockedContentSource,
                           nsIURI* aOriginalURI,
                           nsAString& aViolatedDirective,
                           uint32_t aViolatedPolicyIndex,
                           nsAString& aSourceFile,
                           nsAString& aScriptSample,
                           uint32_t aLineNum)
 {
   NS_ENSURE_ARG_MAX(aViolatedPolicyIndex, mPolicies.Length() - 1);
@@ -815,21 +815,36 @@ nsCSPContext::SendReports(nsIURI* aBlock
     return NS_ERROR_FAILURE;
   }
 #endif
 
   dom::CSPReport report;
   nsresult rv;
 
   // blocked-uri
-  if (aBlockedURI) {
+  if (aBlockedContentSource) {
     nsAutoCString reportBlockedURI;
-    StripURIForReporting(aBlockedURI, mSelfURI, reportBlockedURI);
+    nsCOMPtr<nsIURI> uri = do_QueryInterface(aBlockedContentSource);
+    // could be a string or URI
+    if (uri) {
+      StripURIForReporting(uri, mSelfURI, reportBlockedURI);
+    } else {
+      nsCOMPtr<nsISupportsCString> cstr = do_QueryInterface(aBlockedContentSource);
+      if (cstr) {
+        cstr->GetData(reportBlockedURI);
+      }
+    }
+    if (reportBlockedURI.IsEmpty()) {
+      // this can happen for frame-ancestors violation where the violating
+      // ancestor is cross-origin.
+      NS_WARNING("No blocked URI (null aBlockedContentSource) for CSP violation report.");
+    }
     report.mCsp_report.mBlocked_uri = NS_ConvertUTF8toUTF16(reportBlockedURI);
   }
+
   // document-uri
   nsAutoCString reportDocumentURI;
   StripURIForReporting(mSelfURI, mSelfURI, reportDocumentURI);
   report.mCsp_report.mDocument_uri = NS_ConvertUTF8toUTF16(reportDocumentURI);
 
   // original-policy
   nsAutoString originalPolicy;
   rv = this->GetPolicyString(aViolatedPolicyIndex, originalPolicy);
@@ -1056,24 +1071,23 @@ class CSPReportSenderRunnable final : pu
       nsCOMPtr<nsIObserverService> observerService = mozilla::services::GetObserverService();
       NS_ASSERTION(observerService, "needs observer service");
       nsresult rv = observerService->NotifyObservers(mObserverSubject,
                                                      CSP_VIOLATION_TOPIC,
                                                      mViolatedDirective.get());
       NS_ENSURE_SUCCESS(rv, rv);
 
       // 2) send reports for the policy that was violated
-      nsCOMPtr<nsIURI> blockedURI = do_QueryInterface(mBlockedContentSource);
-      mCSPContext->SendReports(blockedURI, mOriginalURI,
+      mCSPContext->SendReports(mBlockedContentSource, mOriginalURI,
                                mViolatedDirective, mViolatedPolicyIndex,
                                mSourceFile, mScriptSample, mLineNum);
 
       // 3) log to console (one per policy violation)
       // mBlockedContentSource could be a URI or a string.
-
+      nsCOMPtr<nsIURI> blockedURI = do_QueryInterface(mBlockedContentSource);
       // if mBlockedContentSource is not a URI, it could be a string
       nsCOMPtr<nsISupportsCString> blockedString = do_QueryInterface(mBlockedContentSource);
 
       nsCString blockedDataStr;
 
       if (blockedURI) {
         blockedURI->GetSpec(blockedDataStr);
         bool isData = false;
--- a/dom/security/nsCSPContext.h
+++ b/dom/security/nsCSPContext.h
@@ -52,17 +52,17 @@ class nsCSPContext : public nsIContentSe
                       const char16_t** aParams,
                       uint32_t aParamsLength,
                       const nsAString& aSourceName,
                       const nsAString& aSourceLine,
                       uint32_t aLineNumber,
                       uint32_t aColumnNumber,
                       uint32_t aSeverityFlag);
 
-    nsresult SendReports(nsIURI* aBlockedURI,
+    nsresult SendReports(nsISupports* aBlockedContentSource,
                          nsIURI* aOriginalURI,
                          nsAString& aViolatedDirective,
                          uint32_t aViolatedPolicyIndex,
                          nsAString& aSourceFile,
                          nsAString& aScriptSample,
                          uint32_t aLineNum);
 
     nsresult AsyncReportViolation(nsISupports* aBlockedContentSource,
--- a/dom/security/test/csp/test_report.html
+++ b/dom/security/test/csp/test_report.html
@@ -43,17 +43,17 @@ window.checkResults = function(reportObj
   //    * source-file
   // see http://www.w3.org/TR/CSP11/#violation-reports
   is(cspReport["document-uri"], docUri, "Incorrect document-uri");
 
   // we can not test for the whole referrer since it includes platform specific information
   ok(cspReport["referrer"].startsWith("http://mochi.test:8888/tests/dom/security/test/csp/test_report.html"),
      "Incorrect referrer");
 
-  is(cspReport["blocked-uri"], "", "Incorrect blocked-uri");
+  is(cspReport["blocked-uri"], "self", "Incorrect blocked-uri");
 
   is(cspReport["violated-directive"], "default-src 'none'", "Incorrect violated-directive");
 
   is(cspReport["original-policy"], "default-src 'none'; report-uri http://mochi.test:8888/foo.sjs",
      "Incorrect original-policy");
 
   is(cspReport["source-file"], docUri, "Incorrect source-file");