Bug 1207775 - Classify channels associated with a content window. r?ckerschb draft
authorFrancois Marier <francois@mozilla.com>
Fri, 26 Oct 2018 17:00:56 -0700
changeset 491371 1143474b901d0752f19a6bc38e79892f7aeb1baf
parent 491370 1e44ac3b69a4ad8aed1e59a6e15b099acaf6179a
child 491372 91a21b66babca03f16321553ed11b707dd01a1ca
push id247
push userfmarier@mozilla.com
push dateSat, 27 Oct 2018 01:06:44 +0000
reviewersckerschb
bugs1207775
milestone65.0a1
Bug 1207775 - Classify channels associated with a content window. r?ckerschb Unless a channel opts out of being classified, the LOAD_CLASSIFY_URI will be enforced for any channel that is associated with a content window. Critical channels that cannot be allowed to fail (e.g. Firefox updates, Safe Browsing list updates) need to explicitly opt out.
dom/security/nsContentSecurityManager.cpp
--- a/dom/security/nsContentSecurityManager.cpp
+++ b/dom/security/nsContentSecurityManager.cpp
@@ -614,16 +614,32 @@ DoContentSecurityChecks(nsIChannel* aCha
         (contentPolicyType == nsIContentPolicy::TYPE_DOCUMENT ||
          contentPolicyType == nsIContentPolicy::TYPE_SUBDOCUMENT)) {
       // for docshell loads we might have to return SHOW_ALT.
       return NS_ERROR_CONTENT_BLOCKED_SHOW_ALT;
     }
     return NS_ERROR_CONTENT_BLOCKED;
   }
 
+  // Channels associated with a content window must go through the URL
+  // classifier unless they opt out explicitly.
+  nsCOMPtr<nsILoadContext> loadContext;
+  NS_QueryNotificationCallbacks(aChannel, loadContext);
+  if (loadContext) {
+    nsCOMPtr<mozIDOMWindowProxy> window;
+    rv = loadContext->GetAssociatedWindow(getter_AddRefs(window));
+    if (NS_SUCCEEDED(rv) && window) {
+      uint32_t loadFlags;
+      if (NS_SUCCEEDED(aChannel->GetLoadFlags(&loadFlags))) {
+        // TODO: check for opt-out
+        aChannel->SetLoadFlags(loadFlags | nsIChannel::LOAD_CLASSIFY_URI);
+      }
+    }
+  }
+
   return NS_OK;
 }
 
 static void
 LogPrincipal(nsIPrincipal* aPrincipal, const nsAString& aPrincipalName) {
   if (nsContentUtils::IsSystemPrincipal(aPrincipal)) {
     MOZ_LOG(sCSMLog, LogLevel::Debug, ("  %s: SystemPrincipal\n",
       NS_ConvertUTF16toUTF8(aPrincipalName).get()));