From a3de11377e7f8db0d26937d1fbfe36163268617a Mon Sep 17 00:00:00 2001 From: Christoph Kerschbaumer Date: Thu, 1 Feb 2018 14:07:01 +0100 Subject: [PATCH] Bug 1432358: Allow certain top-level pages to be agnostic to CSP. r=smaug --- devtools/client/jsonview/converter-child.js | 6 ++++-- dom/base/nsDocument.cpp | 8 ++++++- ipc/glue/BackgroundUtils.cpp | 2 ++ netwerk/base/LoadInfo.cpp | 24 +++++++++++++++++++++ netwerk/base/LoadInfo.h | 2 ++ netwerk/base/nsILoadInfo.idl | 12 +++++++++++ netwerk/ipc/NeckoChannelParams.ipdlh | 1 + 7 files changed, 52 insertions(+), 3 deletions(-) diff --git a/devtools/client/jsonview/converter-child.js b/devtools/client/jsonview/converter-child.js index 19060088ae6b2..4392522046dfe 100644 --- a/devtools/client/jsonview/converter-child.js +++ b/devtools/client/jsonview/converter-child.js @@ -87,6 +87,10 @@ Converter.prototype = { // origin with (other) content. request.loadInfo.resetPrincipalToInheritToNullPrincipal(); + // Because the JSON might be served with a CSP, we instrument + // the loadinfo so the Document can discard such a CSP. + request.loadInfo.allowDocumentToBeAgnosticToCSP = true; + // Start the request. this.listener.onStartRequest(request, context); @@ -206,8 +210,6 @@ function initialHTML(doc) { os = "linux"; } - // The base URI is prepended to all URIs instead of using a element - // because the latter can be blocked by a CSP base-uri directive (bug 1316393) let baseURI = "resource://devtools-client-jsonview/"; let style = doc.createElement("link"); diff --git a/dom/base/nsDocument.cpp b/dom/base/nsDocument.cpp index 619deb2cfef7d..cc2b08f22f189 100644 --- a/dom/base/nsDocument.cpp +++ b/dom/base/nsDocument.cpp @@ -2689,6 +2689,13 @@ nsDocument::InitCSP(nsIChannel* aChannel) return NS_OK; } + // In case this channel was instrument to discard the CSP, then + // there is nothing for us to do here. + nsCOMPtr loadInfo = aChannel->GetLoadInfo(); + if (loadInfo->GetAllowDocumentToBeAgnosticToCSP()) { + return NS_OK; + } + nsAutoCString tCspHeaderValue, tCspROHeaderValue; nsCOMPtr httpChannel; @@ -2717,7 +2724,6 @@ nsDocument::InitCSP(nsIChannel* aChannel) // Check if this is a signed content to apply default CSP. bool applySignedContentCSP = false; - nsCOMPtr loadInfo = aChannel->GetLoadInfo(); if (loadInfo && loadInfo->GetVerifySignedContent()) { applySignedContentCSP = true; } diff --git a/ipc/glue/BackgroundUtils.cpp b/ipc/glue/BackgroundUtils.cpp index fa141d2ff7d20..6477ec5e06be9 100644 --- a/ipc/glue/BackgroundUtils.cpp +++ b/ipc/glue/BackgroundUtils.cpp @@ -383,6 +383,7 @@ LoadInfoToLoadInfoArgs(nsILoadInfo *aLoadInfo, aLoadInfo->GetUpgradeInsecureRequests(), aLoadInfo->GetVerifySignedContent(), aLoadInfo->GetEnforceSRI(), + aLoadInfo->GetAllowDocumentToBeAgnosticToCSP(), aLoadInfo->GetForceInheritPrincipalDropped(), aLoadInfo->GetInnerWindowID(), aLoadInfo->GetOuterWindowID(), @@ -478,6 +479,7 @@ LoadInfoArgsToLoadInfo(const OptionalLoadInfoArgs& aOptionalLoadInfoArgs, loadInfoArgs.upgradeInsecureRequests(), loadInfoArgs.verifySignedContent(), loadInfoArgs.enforceSRI(), + loadInfoArgs.allowDocumentToBeAgnosticToCSP(), loadInfoArgs.forceInheritPrincipalDropped(), loadInfoArgs.innerWindowID(), loadInfoArgs.outerWindowID(), diff --git a/netwerk/base/LoadInfo.cpp b/netwerk/base/LoadInfo.cpp index 0e83eaef6aee1..04f952d1c936d 100644 --- a/netwerk/base/LoadInfo.cpp +++ b/netwerk/base/LoadInfo.cpp @@ -46,6 +46,7 @@ LoadInfo::LoadInfo(nsIPrincipal* aLoadingPrincipal, , mUpgradeInsecureRequests(false) , mVerifySignedContent(false) , mEnforceSRI(false) + , mAllowDocumentToBeAgnosticToCSP(false) , mForceInheritPrincipalDropped(false) , mInnerWindowID(0) , mOuterWindowID(0) @@ -221,6 +222,7 @@ LoadInfo::LoadInfo(nsPIDOMWindowOuter* aOuterWindow, , mUpgradeInsecureRequests(false) , mVerifySignedContent(false) , mEnforceSRI(false) + , mAllowDocumentToBeAgnosticToCSP(false) , mForceInheritPrincipalDropped(false) , mInnerWindowID(0) , mOuterWindowID(0) @@ -282,6 +284,7 @@ LoadInfo::LoadInfo(const LoadInfo& rhs) , mUpgradeInsecureRequests(rhs.mUpgradeInsecureRequests) , mVerifySignedContent(rhs.mVerifySignedContent) , mEnforceSRI(rhs.mEnforceSRI) + , mAllowDocumentToBeAgnosticToCSP(rhs.mAllowDocumentToBeAgnosticToCSP) , mForceInheritPrincipalDropped(rhs.mForceInheritPrincipalDropped) , mInnerWindowID(rhs.mInnerWindowID) , mOuterWindowID(rhs.mOuterWindowID) @@ -315,6 +318,7 @@ LoadInfo::LoadInfo(nsIPrincipal* aLoadingPrincipal, bool aUpgradeInsecureRequests, bool aVerifySignedContent, bool aEnforceSRI, + bool aAllowDocumentToBeAgnosticToCSP, bool aForceInheritPrincipalDropped, uint64_t aInnerWindowID, uint64_t aOuterWindowID, @@ -343,6 +347,7 @@ LoadInfo::LoadInfo(nsIPrincipal* aLoadingPrincipal, , mUpgradeInsecureRequests(aUpgradeInsecureRequests) , mVerifySignedContent(aVerifySignedContent) , mEnforceSRI(aEnforceSRI) + , mAllowDocumentToBeAgnosticToCSP(aAllowDocumentToBeAgnosticToCSP) , mForceInheritPrincipalDropped(aForceInheritPrincipalDropped) , mInnerWindowID(aInnerWindowID) , mOuterWindowID(aOuterWindowID) @@ -744,6 +749,25 @@ LoadInfo::ResetPrincipalToInheritToNullPrincipal() return NS_OK; } +NS_IMETHODIMP +LoadInfo::SetAllowDocumentToBeAgnosticToCSP(bool aAllowDocumentToBeAgnosticToCSP) +{ + if (mInternalContentPolicyType != nsIContentPolicy::TYPE_DOCUMENT) { + MOZ_ASSERT(false, "not available for loads other than TYPE_DOCUMENT"); + return NS_ERROR_UNEXPECTED; + } + mAllowDocumentToBeAgnosticToCSP = aAllowDocumentToBeAgnosticToCSP; + return NS_OK; +} + +NS_IMETHODIMP +LoadInfo::GetAllowDocumentToBeAgnosticToCSP(bool* aAllowDocumentToBeAgnosticToCSP) +{ + *aAllowDocumentToBeAgnosticToCSP = mAllowDocumentToBeAgnosticToCSP; + return NS_OK; +} + + NS_IMETHODIMP LoadInfo::SetScriptableOriginAttributes(JSContext* aCx, JS::Handle aOriginAttributes) diff --git a/netwerk/base/LoadInfo.h b/netwerk/base/LoadInfo.h index 6d25716f4ed0c..83b95e16d9030 100644 --- a/netwerk/base/LoadInfo.h +++ b/netwerk/base/LoadInfo.h @@ -101,6 +101,7 @@ class LoadInfo final : public nsILoadInfo bool aUpgradeInsecureRequests, bool aVerifySignedContent, bool aEnforceSRI, + bool aAllowDocumentToBeAgnosticToCSP, bool aForceInheritPrincipalDropped, uint64_t aInnerWindowID, uint64_t aOuterWindowID, @@ -152,6 +153,7 @@ class LoadInfo final : public nsILoadInfo bool mUpgradeInsecureRequests; bool mVerifySignedContent; bool mEnforceSRI; + bool mAllowDocumentToBeAgnosticToCSP; bool mForceInheritPrincipalDropped; uint64_t mInnerWindowID; uint64_t mOuterWindowID; diff --git a/netwerk/base/nsILoadInfo.idl b/netwerk/base/nsILoadInfo.idl index 2be1b78695438..91807988a9611 100644 --- a/netwerk/base/nsILoadInfo.idl +++ b/netwerk/base/nsILoadInfo.idl @@ -527,6 +527,18 @@ interface nsILoadInfo : nsISupports */ void resetPrincipalToInheritToNullPrincipal(); + /** + * Allows certain top-level channels to be agnostic to CSP. If set, + * this attribute needs to be set before the CSP is initialized + * within nsDocument. If set after, this attribute has no effect. + * Please note, that this logic is only available for loads of TYPE_DOCUMENT, + * and is discarded for other loads. + * + * WARNING: Please only use that function if you know exactly what + * you are doing!!! + */ + [infallible] attribute boolean allowDocumentToBeAgnosticToCSP; + /** * Customized OriginAttributes within LoadInfo to allow overwriting of the * default originAttributes from the loadingPrincipal. diff --git a/netwerk/ipc/NeckoChannelParams.ipdlh b/netwerk/ipc/NeckoChannelParams.ipdlh index e8e02a28f2482..e4c0bb75f2954 100644 --- a/netwerk/ipc/NeckoChannelParams.ipdlh +++ b/netwerk/ipc/NeckoChannelParams.ipdlh @@ -48,6 +48,7 @@ struct LoadInfoArgs bool upgradeInsecureRequests; bool verifySignedContent; bool enforceSRI; + bool allowDocumentToBeAgnosticToCSP; bool forceInheritPrincipalDropped; uint64_t innerWindowID; uint64_t outerWindowID;