Bug 1432358: Allow certain top-level pages to be agnostic to CSP. r=s…

…maug
BrowserWorks · May 11, 2018 · a3de113 · a3de113
1 parent 55bef81
commit a3de113
Show file tree

Hide file tree

Showing 7 changed files with 52 additions and 3 deletions.
diff --git a/devtools/client/jsonview/converter-child.js b/devtools/client/jsonview/converter-child.js
@@ -87,6 +87,10 @@ Converter.prototype = {
     // origin with (other) content.
     request.loadInfo.resetPrincipalToInheritToNullPrincipal();
 
+    // Because the JSON might be served with a CSP, we instrument
+    // the loadinfo so the Document can discard such a CSP.
+    request.loadInfo.allowDocumentToBeAgnosticToCSP = true;
+
     // Start the request.
     this.listener.onStartRequest(request, context);
 
@@ -206,8 +210,6 @@ function initialHTML(doc) {
     os = "linux";
   }
 
-  // The base URI is prepended to all URIs instead of using a <base> element
-  // because the latter can be blocked by a CSP base-uri directive (bug 1316393)
   let baseURI = "resource://devtools-client-jsonview/";
 
   let style = doc.createElement("link");

diff --git a/dom/base/nsDocument.cpp b/dom/base/nsDocument.cpp
@@ -2689,6 +2689,13 @@ nsDocument::InitCSP(nsIChannel* aChannel)
     return NS_OK;
   }
 
+  // In case this channel was instrument to discard the CSP, then
+  // there is nothing for us to do here.
+  nsCOMPtr<nsILoadInfo> loadInfo = aChannel->GetLoadInfo();
+  if (loadInfo->GetAllowDocumentToBeAgnosticToCSP()) {
+    return NS_OK;
+  }
+
   nsAutoCString tCspHeaderValue, tCspROHeaderValue;
 
   nsCOMPtr<nsIHttpChannel> httpChannel;
@@ -2717,7 +2724,6 @@ nsDocument::InitCSP(nsIChannel* aChannel)
 
   // Check if this is a signed content to apply default CSP.
   bool applySignedContentCSP = false;
-  nsCOMPtr<nsILoadInfo> loadInfo = aChannel->GetLoadInfo();
   if (loadInfo && loadInfo->GetVerifySignedContent()) {
     applySignedContentCSP = true;
   }

diff --git a/ipc/glue/BackgroundUtils.cpp b/ipc/glue/BackgroundUtils.cpp
@@ -383,6 +383,7 @@ LoadInfoToLoadInfoArgs(nsILoadInfo *aLoadInfo,
       aLoadInfo->GetUpgradeInsecureRequests(),
       aLoadInfo->GetVerifySignedContent(),
       aLoadInfo->GetEnforceSRI(),
+      aLoadInfo->GetAllowDocumentToBeAgnosticToCSP(),
       aLoadInfo->GetForceInheritPrincipalDropped(),
       aLoadInfo->GetInnerWindowID(),
       aLoadInfo->GetOuterWindowID(),
@@ -478,6 +479,7 @@ LoadInfoArgsToLoadInfo(const OptionalLoadInfoArgs& aOptionalLoadInfoArgs,
                           loadInfoArgs.upgradeInsecureRequests(),
                           loadInfoArgs.verifySignedContent(),
                           loadInfoArgs.enforceSRI(),
+                          loadInfoArgs.allowDocumentToBeAgnosticToCSP(),
                           loadInfoArgs.forceInheritPrincipalDropped(),
                           loadInfoArgs.innerWindowID(),
                           loadInfoArgs.outerWindowID(),

diff --git a/netwerk/base/LoadInfo.cpp b/netwerk/base/LoadInfo.cpp
@@ -46,6 +46,7 @@ LoadInfo::LoadInfo(nsIPrincipal* aLoadingPrincipal,
   , mUpgradeInsecureRequests(false)
   , mVerifySignedContent(false)
   , mEnforceSRI(false)
+  , mAllowDocumentToBeAgnosticToCSP(false)
   , mForceInheritPrincipalDropped(false)
   , mInnerWindowID(0)
   , mOuterWindowID(0)
@@ -221,6 +222,7 @@ LoadInfo::LoadInfo(nsPIDOMWindowOuter* aOuterWindow,
   , mUpgradeInsecureRequests(false)
   , mVerifySignedContent(false)
   , mEnforceSRI(false)
+  , mAllowDocumentToBeAgnosticToCSP(false)
   , mForceInheritPrincipalDropped(false)
   , mInnerWindowID(0)
   , mOuterWindowID(0)
@@ -282,6 +284,7 @@ LoadInfo::LoadInfo(const LoadInfo& rhs)
   , mUpgradeInsecureRequests(rhs.mUpgradeInsecureRequests)
   , mVerifySignedContent(rhs.mVerifySignedContent)
   , mEnforceSRI(rhs.mEnforceSRI)
+  , mAllowDocumentToBeAgnosticToCSP(rhs.mAllowDocumentToBeAgnosticToCSP)
   , mForceInheritPrincipalDropped(rhs.mForceInheritPrincipalDropped)
   , mInnerWindowID(rhs.mInnerWindowID)
   , mOuterWindowID(rhs.mOuterWindowID)
@@ -315,6 +318,7 @@ LoadInfo::LoadInfo(nsIPrincipal* aLoadingPrincipal,
                    bool aUpgradeInsecureRequests,
                    bool aVerifySignedContent,
                    bool aEnforceSRI,
+                   bool aAllowDocumentToBeAgnosticToCSP,
                    bool aForceInheritPrincipalDropped,
                    uint64_t aInnerWindowID,
                    uint64_t aOuterWindowID,
@@ -343,6 +347,7 @@ LoadInfo::LoadInfo(nsIPrincipal* aLoadingPrincipal,
   , mUpgradeInsecureRequests(aUpgradeInsecureRequests)
   , mVerifySignedContent(aVerifySignedContent)
   , mEnforceSRI(aEnforceSRI)
+  , mAllowDocumentToBeAgnosticToCSP(aAllowDocumentToBeAgnosticToCSP)
   , mForceInheritPrincipalDropped(aForceInheritPrincipalDropped)
   , mInnerWindowID(aInnerWindowID)
   , mOuterWindowID(aOuterWindowID)
@@ -744,6 +749,25 @@ LoadInfo::ResetPrincipalToInheritToNullPrincipal()
   return NS_OK;
 }
 
+NS_IMETHODIMP
+LoadInfo::SetAllowDocumentToBeAgnosticToCSP(bool aAllowDocumentToBeAgnosticToCSP)
+{
+  if (mInternalContentPolicyType != nsIContentPolicy::TYPE_DOCUMENT) {
+    MOZ_ASSERT(false, "not available for loads other than TYPE_DOCUMENT");
+    return NS_ERROR_UNEXPECTED;
+  }
+  mAllowDocumentToBeAgnosticToCSP = aAllowDocumentToBeAgnosticToCSP;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+LoadInfo::GetAllowDocumentToBeAgnosticToCSP(bool* aAllowDocumentToBeAgnosticToCSP)
+{
+  *aAllowDocumentToBeAgnosticToCSP = mAllowDocumentToBeAgnosticToCSP;
+  return NS_OK;
+}
+
+
 NS_IMETHODIMP
 LoadInfo::SetScriptableOriginAttributes(JSContext* aCx,
   JS::Handle<JS::Value> aOriginAttributes)

diff --git a/netwerk/base/LoadInfo.h b/netwerk/base/LoadInfo.h
@@ -101,6 +101,7 @@ class LoadInfo final : public nsILoadInfo
            bool aUpgradeInsecureRequests,
            bool aVerifySignedContent,
            bool aEnforceSRI,
+           bool aAllowDocumentToBeAgnosticToCSP,
            bool aForceInheritPrincipalDropped,
            uint64_t aInnerWindowID,
            uint64_t aOuterWindowID,
@@ -152,6 +153,7 @@ class LoadInfo final : public nsILoadInfo
   bool                             mUpgradeInsecureRequests;
   bool                             mVerifySignedContent;
   bool                             mEnforceSRI;
+  bool                             mAllowDocumentToBeAgnosticToCSP;
   bool                             mForceInheritPrincipalDropped;
   uint64_t                         mInnerWindowID;
   uint64_t                         mOuterWindowID;

diff --git a/netwerk/base/nsILoadInfo.idl b/netwerk/base/nsILoadInfo.idl
@@ -527,6 +527,18 @@ interface nsILoadInfo : nsISupports
    */
   void resetPrincipalToInheritToNullPrincipal();
 
+  /**
+   * Allows certain top-level channels to be agnostic to CSP. If set,
+   * this attribute needs to be set before the CSP is initialized
+   * within nsDocument. If set after, this attribute has no effect.
+   * Please note, that this logic is only available for loads of TYPE_DOCUMENT,
+   * and is discarded for other loads.
+   *
+   * WARNING: Please only use that function if you know exactly what
+   * you are doing!!!
+   */
+  [infallible] attribute boolean allowDocumentToBeAgnosticToCSP;
+
   /**
    * Customized OriginAttributes within LoadInfo to allow overwriting of the
    * default originAttributes from the loadingPrincipal.

diff --git a/netwerk/ipc/NeckoChannelParams.ipdlh b/netwerk/ipc/NeckoChannelParams.ipdlh
@@ -48,6 +48,7 @@ struct LoadInfoArgs
   bool                        upgradeInsecureRequests;
   bool                        verifySignedContent;
   bool                        enforceSRI;
+  bool                        allowDocumentToBeAgnosticToCSP;
   bool                        forceInheritPrincipalDropped;
   uint64_t                    innerWindowID;
   uint64_t                    outerWindowID;