Bug 1207775 - Classify channels associated with a content window. r?ckerschb
Unless a channel opts out of being classified, the LOAD_CLASSIFY_URI
will be enforced for any channel that is associated with a content
window.
Critical channels that cannot be allowed to fail (e.g. Firefox
updates, Safe Browsing list updates) need to explicitly opt out.
--- a/dom/security/nsContentSecurityManager.cpp
+++ b/dom/security/nsContentSecurityManager.cpp
@@ -614,16 +614,32 @@ DoContentSecurityChecks(nsIChannel* aCha
(contentPolicyType == nsIContentPolicy::TYPE_DOCUMENT ||
contentPolicyType == nsIContentPolicy::TYPE_SUBDOCUMENT)) {
// for docshell loads we might have to return SHOW_ALT.
return NS_ERROR_CONTENT_BLOCKED_SHOW_ALT;
}
return NS_ERROR_CONTENT_BLOCKED;
}
+ // Channels associated with a content window must go through the URL
+ // classifier unless they opt out explicitly.
+ nsCOMPtr<nsILoadContext> loadContext;
+ NS_QueryNotificationCallbacks(aChannel, loadContext);
+ if (loadContext) {
+ nsCOMPtr<mozIDOMWindowProxy> window;
+ rv = loadContext->GetAssociatedWindow(getter_AddRefs(window));
+ if (NS_SUCCEEDED(rv) && window) {
+ uint32_t loadFlags;
+ if (NS_SUCCEEDED(aChannel->GetLoadFlags(&loadFlags))) {
+ // TODO: check for opt-out
+ aChannel->SetLoadFlags(loadFlags | nsIChannel::LOAD_CLASSIFY_URI);
+ }
+ }
+ }
+
return NS_OK;
}
static void
LogPrincipal(nsIPrincipal* aPrincipal, const nsAString& aPrincipalName) {
if (nsContentUtils::IsSystemPrincipal(aPrincipal)) {
MOZ_LOG(sCSMLog, LogLevel::Debug, (" %s: SystemPrincipal\n",
NS_ConvertUTF16toUTF8(aPrincipalName).get()));