summaryrefslogtreecommitdiffstats
path: root/dom/security/nsCSPUtils.cpp
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@gmail.com>2018-03-03 11:21:43 +0100
committerwolfbeast <mcwerewolf@gmail.com>2018-03-03 11:22:15 +0100
commitc3039dadd95f5487e84311a9719604fa901aacd7 (patch)
tree3168b0b2d41184b89f894821e25ca258d88d6af4 /dom/security/nsCSPUtils.cpp
parent8891f99913d9054c363c0266cf4ee9718cbf474e (diff)
downloadUXP-c3039dadd95f5487e84311a9719604fa901aacd7.tar
UXP-c3039dadd95f5487e84311a9719604fa901aacd7.tar.gz
UXP-c3039dadd95f5487e84311a9719604fa901aacd7.tar.lz
UXP-c3039dadd95f5487e84311a9719604fa901aacd7.tar.xz
UXP-c3039dadd95f5487e84311a9719604fa901aacd7.zip
Add support for CSP v3 "worker-src" directive
Diffstat (limited to 'dom/security/nsCSPUtils.cpp')
-rw-r--r--dom/security/nsCSPUtils.cpp64
1 files changed, 49 insertions, 15 deletions
diff --git a/dom/security/nsCSPUtils.cpp b/dom/security/nsCSPUtils.cpp
index a5f683b01..49832f8f4 100644
--- a/dom/security/nsCSPUtils.cpp
+++ b/dom/security/nsCSPUtils.cpp
@@ -230,7 +230,7 @@ CSP_ContentTypeToDirective(nsContentPolicyType aType)
case nsIContentPolicy::TYPE_INTERNAL_WORKER:
case nsIContentPolicy::TYPE_INTERNAL_SHARED_WORKER:
case nsIContentPolicy::TYPE_INTERNAL_SERVICE_WORKER:
- return nsIContentSecurityPolicy::CHILD_SRC_DIRECTIVE;
+ return nsIContentSecurityPolicy::WORKER_SRC_DIRECTIVE;
case nsIContentPolicy::TYPE_SUBDOCUMENT:
return nsIContentSecurityPolicy::FRAME_SRC_DIRECTIVE;
@@ -1184,6 +1184,11 @@ nsCSPDirective::toDomCSPStruct(mozilla::dom::CSP& outCSP) const
outCSP.mSandbox.Value() = mozilla::Move(srcs);
return;
+ case nsIContentSecurityPolicy::WORKER_SRC_DIRECTIVE:
+ outCSP.mWorker_src.Construct();
+ outCSP.mWorker_src.Value() = mozilla::Move(srcs);
+ return;
+
// REFERRER_DIRECTIVE and REQUIRE_SRI_FOR are handled in nsCSPPolicy::toDomCSPStruct()
default:
@@ -1236,7 +1241,8 @@ bool nsCSPDirective::equals(CSPDirective aDirective) const
nsCSPChildSrcDirective::nsCSPChildSrcDirective(CSPDirective aDirective)
: nsCSPDirective(aDirective)
- , mHandleFrameSrc(false)
+ , mRestrictFrames(false)
+ , mRestrictWorkers(false)
{
}
@@ -1244,30 +1250,58 @@ nsCSPChildSrcDirective::~nsCSPChildSrcDirective()
{
}
-void nsCSPChildSrcDirective::setHandleFrameSrc()
-{
- mHandleFrameSrc = true;
-}
-
bool nsCSPChildSrcDirective::restrictsContentType(nsContentPolicyType aContentType) const
{
if (aContentType == nsIContentPolicy::TYPE_SUBDOCUMENT) {
- return mHandleFrameSrc;
+ return mRestrictFrames;
}
-
- return (aContentType == nsIContentPolicy::TYPE_INTERNAL_WORKER
- || aContentType == nsIContentPolicy::TYPE_INTERNAL_SHARED_WORKER
- || aContentType == nsIContentPolicy::TYPE_INTERNAL_SERVICE_WORKER
- );
+ if (aContentType == nsIContentPolicy::TYPE_INTERNAL_WORKER ||
+ aContentType == nsIContentPolicy::TYPE_INTERNAL_SHARED_WORKER ||
+ aContentType == nsIContentPolicy::TYPE_INTERNAL_SERVICE_WORKER) {
+ return mRestrictWorkers;
+ }
+ return false;
}
bool nsCSPChildSrcDirective::equals(CSPDirective aDirective) const
{
if (aDirective == nsIContentSecurityPolicy::FRAME_SRC_DIRECTIVE) {
- return mHandleFrameSrc;
+ return mRestrictFrames;
+ }
+ if (aDirective == nsIContentSecurityPolicy::WORKER_SRC_DIRECTIVE) {
+ return mRestrictWorkers;
}
+ return (mDirective == aDirective);
+}
- return (aDirective == nsIContentSecurityPolicy::CHILD_SRC_DIRECTIVE);
+/* =============== nsCSPScriptSrcDirective ============= */
+
+nsCSPScriptSrcDirective::nsCSPScriptSrcDirective(CSPDirective aDirective)
+ : nsCSPDirective(aDirective)
+ , mRestrictWorkers(false)
+{
+}
+
+nsCSPScriptSrcDirective::~nsCSPScriptSrcDirective()
+{
+}
+
+bool nsCSPScriptSrcDirective::restrictsContentType(nsContentPolicyType aContentType) const
+{
+ if (aContentType == nsIContentPolicy::TYPE_INTERNAL_WORKER ||
+ aContentType == nsIContentPolicy::TYPE_INTERNAL_SHARED_WORKER ||
+ aContentType == nsIContentPolicy::TYPE_INTERNAL_SERVICE_WORKER) {
+ return mRestrictWorkers;
+ }
+ return mDirective == CSP_ContentTypeToDirective(aContentType);
+}
+
+bool nsCSPScriptSrcDirective::equals(CSPDirective aDirective) const
+{
+ if (aDirective == nsIContentSecurityPolicy::WORKER_SRC_DIRECTIVE) {
+ return mRestrictWorkers;
+ }
+ return (mDirective == aDirective);
}
/* =============== nsBlockAllMixedContentDirective ============= */