Bug 1219931 - CSP: Don't allow removing a policy (r=sicking)
authorChristoph Kerschbaumer <mozilla@christophkerschbaumer.com>
Mon, 02 Nov 2015 08:04:15 -0800
changeset 308163 bfe8a49ff8808fd20f6432ee4294bcf7ad6640c6
parent 308162 573a41d3890e2f7a38c30ba7f484099c0bb930b4
child 308164 fe8c4e0c7ef0ae8a9add40d1b3bc127ed90ebeb2
push id1040
push userraliiev@mozilla.com
push dateMon, 29 Feb 2016 17:11:22 +0000
treeherdermozilla-release@8c3167321162 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssicking
bugs1219931
milestone45.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1219931 - CSP: Don't allow removing a policy (r=sicking)
dom/interfaces/security/nsIContentSecurityPolicy.idl
dom/security/nsCSPContext.cpp
--- a/dom/interfaces/security/nsIContentSecurityPolicy.idl
+++ b/dom/interfaces/security/nsIContentSecurityPolicy.idl
@@ -16,17 +16,17 @@ interface nsIURI;
  * nsIContentSecurityPolicy
  * Describes an XPCOM component used to model and enforce CSPs.  Instances of
  * this class may have multiple policies within them, but there should only be
  * one of these per document/principal.
  */
 
 typedef unsigned short CSPDirective;
 
-[scriptable, builtinclass, uuid(b756d344-ee2f-44d0-825e-ea4febd0af14)]
+[scriptable, builtinclass, uuid(b9a029c3-9484-4bf7-826d-0c6b545790bc)]
 interface nsIContentSecurityPolicy : nsISerializable
 {
   /**
    * Directives supported by Content Security Policy.  These are enums for
    * the CSPDirective type.
    * The NO_DIRECTIVE entry is  used for checking default permissions and
    * returning failure when asking CSP which directive to check.
    *
@@ -83,22 +83,16 @@ interface nsIContentSecurityPolicy : nsI
    * @param aPolicy
    *        The referrer policy to use for the protected resource.
    * @return
    *        true if a referrer policy is specified, false if it's unspecified.
    */
   bool getReferrerPolicy(out unsigned long policy);
 
   /**
-   * Remove a policy associated with this CSP context.
-   * @throws NS_ERROR_FAILURE if the index is out of bounds or invalid.
-   */
-  void removePolicy(in unsigned long index);
-
-  /**
    * Parse and install a CSP policy.
    * @param aPolicy
    *        String representation of the policy (e.g., header value)
    * @param reportOnly
    *        Should this policy affect content, script and style processing or
    *        just send reports if it is violated?
    */
   void appendPolicy(in AString policyString, in boolean reportOnly);
--- a/dom/security/nsCSPContext.cpp
+++ b/dom/security/nsCSPContext.cpp
@@ -336,28 +336,16 @@ nsCSPContext::GetReferrerPolicy(uint32_t
       *outIsSet = true;
     }
   }
 
   return NS_OK;
 }
 
 NS_IMETHODIMP
-nsCSPContext::RemovePolicy(uint32_t aIndex)
-{
-  if (aIndex >= mPolicies.Length()) {
-    return NS_ERROR_ILLEGAL_VALUE;
-  }
-  mPolicies.RemoveElementAt(aIndex);
-  // reset cache since effective policy changes
-  mShouldLoadCache.Clear();
-  return NS_OK;
-}
-
-NS_IMETHODIMP
 nsCSPContext::AppendPolicy(const nsAString& aPolicyString,
                            bool aReportOnly)
 {
   CSPCONTEXTLOG(("nsCSPContext::AppendPolicy: %s",
                  NS_ConvertUTF16toUTF8(aPolicyString).get()));
 
   // Use the mSelfURI from setRequestContext, see bug 991474
   NS_ASSERTION(mSelfURI, "mSelfURI required for AppendPolicy, but not set");