Add support for CSP v3 "worker-src" directive

16 files changed, 327 insertions, 3 deletions

diff --git a/dom/security/test/csp/file_frame_src.js b/dom/security/test/csp/file_frame_src.js
new file mode 100644
index 000000000..8e81f0743
--- /dev/null
+++ b/dom/security/test/csp/file_frame_src.js
@@ -0,0 +1,14 @@
+let testframe = document.getElementById("testframe");
+testframe.onload = function() {
+  parent.postMessage({
+    result: "frame-allowed",
+    href: document.location.href,
+  }, "*");
+}
+testframe.onerror = function() {
+  parent.postMessage({
+    result: "frame-blocked",
+    href: document.location.href,
+  }, "*");
+}
+testframe.src = "file_frame_src_inner.html"
diff --git a/dom/security/test/csp/file_frame_src_child_governs.html b/dom/security/test/csp/file_frame_src_child_governs.html
new file mode 100644
index 000000000..a51cb75be
--- /dev/null
+++ b/dom/security/test/csp/file_frame_src_child_governs.html
@@ -0,0 +1,10 @@
+<html>
+<head>
+  <meta charset="utf-8">
+  <meta http-equiv="Content-Security-Policy" content="child-src https://example.com">";
+</head>
+<body>
+<iframe id="testframe"></iframe>
+<script type="text/javascript" src="file_frame_src.js"></script>
+</body>
+</html>
diff --git a/dom/security/test/csp/file_frame_src_frame_governs.html b/dom/security/test/csp/file_frame_src_frame_governs.html
new file mode 100644
index 000000000..2c5d5857f
--- /dev/null
+++ b/dom/security/test/csp/file_frame_src_frame_governs.html
@@ -0,0 +1,10 @@
+<html>
+<head>
+  <meta charset="utf-8">
+  <meta http-equiv="Content-Security-Policy" content="frame-src https://example.com; child-src 'none'">";
+</head>
+<body>
+<iframe id="testframe"></iframe>
+<script type="text/javascript" src="file_frame_src.js"></script>
+</body>
+</html>
diff --git a/dom/security/test/csp/file_frame_src_inner.html b/dom/security/test/csp/file_frame_src_inner.html
new file mode 100644
index 000000000..4a2fc6095
--- /dev/null
+++ b/dom/security/test/csp/file_frame_src_inner.html
@@ -0,0 +1,5 @@
+<html>
+<body>
+dummy iframe
+</body>
+</html>
diff --git a/dom/security/test/csp/file_spawn_service_worker.js b/dom/security/test/csp/file_spawn_service_worker.js
new file mode 100644
index 000000000..b262fa10a
--- /dev/null
+++ b/dom/security/test/csp/file_spawn_service_worker.js
@@ -0,0 +1 @@
+// dummy file
diff --git a/dom/security/test/csp/file_spawn_shared_worker.js b/dom/security/test/csp/file_spawn_shared_worker.js
new file mode 100644
index 000000000..00063bc5c
--- /dev/null
+++ b/dom/security/test/csp/file_spawn_shared_worker.js
@@ -0,0 +1,7 @@
+onconnect = function(e) {
+  var port = e.ports[0];
+  port.addEventListener("message", function(e) {
+  	port.postMessage("shared worker is executing");
+  });
+  port.start();
+}
diff --git a/dom/security/test/csp/file_spawn_worker.js b/dom/security/test/csp/file_spawn_worker.js
new file mode 100644
index 000000000..acde7408c
--- /dev/null
+++ b/dom/security/test/csp/file_spawn_worker.js
@@ -0,0 +1 @@
+postMessage("worker is executing");
diff --git a/dom/security/test/csp/file_worker_src.js b/dom/security/test/csp/file_worker_src.js
new file mode 100644
index 000000000..ad3ade6a6
--- /dev/null
+++ b/dom/security/test/csp/file_worker_src.js
@@ -0,0 +1,52 @@
+
+let myWorker = new Worker("file_spawn_worker.js");
+myWorker.onmessage = function(event) {
+  parent.postMessage({
+    result: "worker-allowed",
+    href: document.location.href,
+  }, "*");
+}
+myWorker.onerror = function(event) {
+  parent.postMessage({
+    result: "worker-blocked",
+    href: document.location.href,
+  }, "*");
+}
+
+// --------------------------------------------
+
+var mySharedWorker = new SharedWorker('file_spawn_shared_worker.js');
+mySharedWorker.port.onmessage = function(ev) {
+  parent.postMessage({
+    result: "shared-worker-allowed",
+    href: document.location.href,
+  }, "*");
+}
+mySharedWorker.onerror = function(evt) {
+  evt.preventDefault();
+  parent.postMessage({
+    result: "shared-worker-blocked",
+    href: document.location.href,
+  }, "*");
+}
+mySharedWorker.port.start();
+mySharedWorker.port.postMessage('foo');
+
+// --------------------------------------------
+
+navigator.serviceWorker.register('file_spawn_service_worker.js')
+.then(function(reg) {
+  // registration worked
+    reg.unregister().then(function() {
+      parent.postMessage({
+        result: "service-worker-allowed",
+        href: document.location.href,
+      }, "*");
+    });
+}).catch(function(error) {
+  // registration failed
+  parent.postMessage({
+    result: "service-worker-blocked",
+    href: document.location.href,
+  }, "*");
+});
diff --git a/dom/security/test/csp/file_worker_src_child_governs.html b/dom/security/test/csp/file_worker_src_child_governs.html
new file mode 100644
index 000000000..ca8a683aa
--- /dev/null
+++ b/dom/security/test/csp/file_worker_src_child_governs.html
@@ -0,0 +1,9 @@
+<html>
+<head>
+  <meta charset="utf-8">
+  <meta http-equiv="Content-Security-Policy" content="child-src https://example.com; script-src 'nonce-foo'">";
+</head>
+<body>
+<script type="text/javascript" src="file_worker_src.js" nonce="foo"></script>
+</body>
+</html>
diff --git a/dom/security/test/csp/file_worker_src_script_governs.html b/dom/security/test/csp/file_worker_src_script_governs.html
new file mode 100644
index 000000000..0385fee57
--- /dev/null
+++ b/dom/security/test/csp/file_worker_src_script_governs.html
@@ -0,0 +1,9 @@
+<html>
+<head>
+  <meta charset="utf-8">
+  <meta http-equiv="Content-Security-Policy" content="script-src 'nonce-foo' https://example.com">";
+</head>
+<body>
+<script type="text/javascript" src="file_worker_src.js" nonce="foo"></script>
+</body>
+</html>
diff --git a/dom/security/test/csp/file_worker_src_worker_governs.html b/dom/security/test/csp/file_worker_src_worker_governs.html
new file mode 100644
index 000000000..93c8f6122
--- /dev/null
+++ b/dom/security/test/csp/file_worker_src_worker_governs.html
@@ -0,0 +1,9 @@
+<html>
+<head>
+  <meta charset="utf-8">
+  <meta http-equiv="Content-Security-Policy" content="worker-src https://example.com; child-src 'none'; script-src 'nonce-foo'">";
+</head>
+<body>
+<script type="text/javascript" src="file_worker_src.js" nonce="foo"></script>
+</body>
+</html>
diff --git a/dom/security/test/csp/mochitest.ini b/dom/security/test/csp/mochitest.ini
index 2102cbe70..ca5c2c6ea 100644
--- a/dom/security/test/csp/mochitest.ini
+++ b/dom/security/test/csp/mochitest.ini
@@ -316,3 +316,18 @@ support-files =
 [test_punycode_host_src.html]
 [test_websocket_self.html]
 skip-if = toolkit == 'android'
+[test_worker_src.html]
+support-files =
+  file_worker_src_worker_governs.html
+  file_worker_src_child_governs.html
+  file_worker_src_script_governs.html
+  file_worker_src.js
+  file_spawn_worker.js
+  file_spawn_shared_worker.js
+  file_spawn_service_worker.js
+[test_frame_src.html]
+support-files =
+  file_frame_src_frame_governs.html
+  file_frame_src_child_governs.html
+  file_frame_src.js
+  file_frame_src_inner.html
diff --git a/dom/security/test/csp/test_child-src_worker.html b/dom/security/test/csp/test_child-src_worker.html
index 7dcbd03f6..ea9e7b28e 100644
--- a/dom/security/test/csp/test_child-src_worker.html
+++ b/dom/security/test/csp/test_child-src_worker.html
@@ -83,19 +83,19 @@
           id: "script-src-worker",
           file: WORKER_TEST_FILE,
           result : "blocked",
-          policy : "default-src 'none'; script-src 'self' 'unsafe-inline'"
+          policy : "default-src 'none'; script-src https://www.example.org 'unsafe-inline'"
         },
         'script-src-service_worker': {
           id: "script-src-service_worker",
           file: SERVICE_WORKER_TEST_FILE,
           result : "blocked",
-          policy : "default-src 'none'; script-src 'self' 'unsafe-inline'"
+          policy : "default-src 'none'; script-src https://www.example.org 'unsafe-inline'"
         },
         'script-src-self-shared_worker': {
           id: "script-src-self-shared_worker",
           file: SHARED_WORKER_TEST_FILE,
           result : "blocked",
-          policy : "default-src 'none'; script-src 'self' 'unsafe-inline'"
+          policy : "default-src 'none'; script-src https://www.example.org 'unsafe-inline'"
         },
       };
 
diff --git a/dom/security/test/csp/test_frame_src.html b/dom/security/test/csp/test_frame_src.html
new file mode 100644
index 000000000..07de90cfa
--- /dev/null
+++ b/dom/security/test/csp/test_frame_src.html
@@ -0,0 +1,84 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <meta charset="utf-8">
+  <title>Bug 1302667 - Test frame-src</title>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<iframe style="width:100%;" id="testframe"></iframe>
+
+<script class="testbody" type="text/javascript">
+
+SimpleTest.waitForExplicitFinish();
+
+/* Description of the test:
+ * We load a page inlcuding a frame a CSP of:
+ *   >> frame-src https://example.com; child-src 'none'
+ * and make sure that frame-src governs frames correctly. In addition,
+ * we make sure that child-src is discarded in case frame-src is specified.
+ */
+
+const ORIGIN_1 = "https://example.com/tests/dom/security/test/csp/";
+const ORIGIN_2 = "https://test1.example.com/tests/dom/security/test/csp/";
+
+let TESTS = [
+  // frame-src tests
+  ORIGIN_1 + "file_frame_src_frame_governs.html",
+  ORIGIN_2 + "file_frame_src_frame_governs.html",
+  // child-src tests
+  ORIGIN_1 + "file_frame_src_child_governs.html",
+  ORIGIN_2 + "file_frame_src_child_governs.html",
+];
+
+let testIndex = 0;
+
+function checkFinish() {
+  if (testIndex >= TESTS.length) {
+    window.removeEventListener("message", receiveMessage);
+    SimpleTest.finish();
+    return;
+  }
+  runNextTest();
+}
+
+window.addEventListener("message", receiveMessage);
+function receiveMessage(event) {
+  let href = event.data.href;
+  let result = event.data.result;
+
+  if (href.startsWith("https://example.com")) {
+  	if (result == "frame-allowed") {
+  	  ok(true, "allowing frame from https://example.com (" + result + ")");
+  	}
+  	else {
+  	  ok(false, "blocking frame from https://example.com (" + result + ")");
+  	}
+  }
+  else if (href.startsWith("https://test1.example.com")) {
+  	if (result == "frame-blocked") {
+  	  ok(true, "blocking frame from https://test1.example.com (" + result + ")");
+  	}
+  	else {
+  	  ok(false, "allowing frame from https://test1.example.com (" + result + ")");
+  	}
+  }
+  else {
+    // sanity check, we should never enter that branch, bust just in case...
+  	ok(false, "unexpected result: " + result);
+  }
+  checkFinish();
+}
+
+function runNextTest() {
+  document.getElementById("testframe").src = TESTS[testIndex];
+  testIndex++;
+}
+
+// fire up the tests
+runNextTest();
+
+</script>
+</body>
+</html>
diff --git a/dom/security/test/csp/test_worker_src.html b/dom/security/test/csp/test_worker_src.html
new file mode 100644
index 000000000..3f2b44c9f
--- /dev/null
+++ b/dom/security/test/csp/test_worker_src.html
@@ -0,0 +1,94 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <meta charset="utf-8">
+  <title>Bug 1302667 - Test worker-src</title>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<iframe style="width:100%;" id="worker-testframe"></iframe>
+<iframe style="width:100%;" id="child-testframe"></iframe>
+<iframe style="width:100%;" id="script-testframe"></iframe>
+
+<script class="testbody" type="text/javascript">
+
+SimpleTest.waitForExplicitFinish();
+
+/* Description of the test:
+ * We load a page inlcuding a worker, a shared worker as well as a
+ * service worker with a CSP of:
+ *   >> worker-src https://example.com; child-src 'none'; script-src 'nonce-foo'
+ * and make sure that worker-src governs these three kinds of workers correctly.
+ * In addition, we make sure that child-src as well as script-src is discarded
+ * in case worker-src is specified. Ideally we would use "script-src 'none'" but
+ * we have to whitelist the actual script that spawns the workers, hence the nonce.
+ */
+
+let testRuns = 0;
+let messageCounter = 0;
+let numberSubTests = 9; // 3 workers * 3 frames = 9
+
+function checkFinish() {
+  messageCounter = 0;
+  if (testRuns == 0) {
+  	testRuns++;
+   	runTests("https://test1.example.com/tests/dom/security/test/csp/")
+  	return;
+  }
+  window.removeEventListener("message", receiveMessage);
+  SimpleTest.finish();
+}
+
+window.addEventListener("message", receiveMessage);
+function receiveMessage(event) {
+  let href = event.data.href;
+  let result = event.data.result;
+
+  if (href.startsWith("https://example.com")) {
+  	if (result == "worker-allowed" ||
+  		  result == "shared-worker-allowed" ||
+  		  result == "service-worker-allowed") {
+  	  ok(true, "allowing worker from https://example.com (" + result + ")");
+  	}
+  	else {
+  	  ok(false, "blocking worker from https://example.com (" + result + ")");
+  	}
+  }
+  else if (href.startsWith("https://test1.example.com")) {
+  	if (result == "worker-blocked" ||
+  		  result == "shared-worker-blocked" ||
+  		  result == "service-worker-blocked") {
+  	  ok(true, "blocking worker from https://test1.example.com (" + result + ")");
+  	}
+  	else {
+  	  ok(false, "allowing worker from https://test1.example.com (" + result + ")");
+  	}
+  }
+  else {
+    // sanity check, we should never enter that branch, bust just in case...
+  	ok(false, "unexpected result: " + result);
+  }
+  messageCounter++;
+  if (messageCounter < numberSubTests) {
+  	return;
+  }
+  checkFinish();
+}
+
+function runTests(aPath) {
+  document.getElementById("worker-testframe").src = aPath + "file_worker_src_worker_governs.html";
+  document.getElementById("child-testframe").src = aPath + "file_worker_src_child_governs.html";
+  document.getElementById("script-testframe").src = aPath + "file_worker_src_script_governs.html";
+}
+
+SpecialPowers.pushPrefEnv({"set": [
+  ["dom.serviceWorkers.enabled", true],
+  ["dom.serviceWorkers.testing.enabled", true],
+]}, function() {
+  runTests("https://example.com/tests/dom/security/test/csp/");
+});
+
+</script>
+</body>
+</html>
diff --git a/dom/security/test/gtest/TestCSPParser.cpp b/dom/security/test/gtest/TestCSPParser.cpp
index 8d168d81c..893e02db5 100644
--- a/dom/security/test/gtest/TestCSPParser.cpp
+++ b/dom/security/test/gtest/TestCSPParser.cpp
@@ -240,6 +240,10 @@ TEST(CSPParser, Directives)
       "script-src 'nonce-foo' 'strict-dynamic' 'unsafe-inline' https:" },
     { "default-src 'sha256-siVR8' 'strict-dynamic' 'unsafe-inline' https:  ",
       "default-src 'sha256-siVR8' 'unsafe-inline' https:" },
+    { "worker-src https://example.com",
+      "worker-src https://example.com" },
+    { "worker-src http://worker.com; frame-src http://frame.com; child-src http://child.com",
+      "worker-src http://worker.com; frame-src http://frame.com; child-src http://child.com" },
   };
 
   uint32_t policyCount = sizeof(policies) / sizeof(PolicyTest);