summaryrefslogtreecommitdiffstats
path: root/dom
diff options
context:
space:
mode:
authorjanekptacijarabaci <janekptacijarabaci@seznam.cz>2018-06-21 20:57:09 +0200
committerjanekptacijarabaci <janekptacijarabaci@seznam.cz>2018-06-21 20:57:09 +0200
commitc1315412cc21a85fb779bef0d87dadde751cfe71 (patch)
treec21e2ad2a72671f247af3155ba2dee29e7e52b24 /dom
parent3f8a6e25520c76304db649c971fe8284bc9c9ab7 (diff)
downloadUXP-c1315412cc21a85fb779bef0d87dadde751cfe71.tar
UXP-c1315412cc21a85fb779bef0d87dadde751cfe71.tar.gz
UXP-c1315412cc21a85fb779bef0d87dadde751cfe71.tar.lz
UXP-c1315412cc21a85fb779bef0d87dadde751cfe71.tar.xz
UXP-c1315412cc21a85fb779bef0d87dadde751cfe71.zip
Bug 1469150 - CSP: Scripts with valid nonce get blocked if URL redirects
https://bugzilla.mozilla.org/show_bug.cgi?id=1469150
Diffstat (limited to 'dom')
-rw-r--r--dom/security/nsCSPService.cpp3
-rw-r--r--dom/security/test/csp/dom_security_test_csp_file_nonce_redirector.sjs25
-rw-r--r--dom/security/test/csp/dom_security_test_csp_file_nonce_redirects.html23
-rw-r--r--dom/security/test/csp/dom_security_test_csp_test_nonce_redirects.html47
-rw-r--r--dom/security/test/csp/mochitest.ini3
5 files changed, 100 insertions, 1 deletions
diff --git a/dom/security/nsCSPService.cpp b/dom/security/nsCSPService.cpp
index 7344e19fa..f9186b309 100644
--- a/dom/security/nsCSPService.cpp
+++ b/dom/security/nsCSPService.cpp
@@ -317,11 +317,12 @@ CSPService::AsyncOnChannelRedirect(nsIChannel *oldChannel,
loadInfo->LoadingPrincipal()->GetCsp(getter_AddRefs(csp));
if (csp) {
+ nsCOMPtr<nsISupports> requestContext = loadInfo->GetLoadingContext();
// Pass originalURI as aExtra to indicate the redirect
csp->ShouldLoad(policyType, // load type per nsIContentPolicy (uint32_t)
newUri, // nsIURI
nullptr, // nsIURI
- nullptr, // nsISupports
+ requestContext, // nsISupports
EmptyCString(), // ACString - MIME guess
originalUri, // aExtra
&aDecision);
diff --git a/dom/security/test/csp/dom_security_test_csp_file_nonce_redirector.sjs b/dom/security/test/csp/dom_security_test_csp_file_nonce_redirector.sjs
new file mode 100644
index 000000000..21a8f4e9c
--- /dev/null
+++ b/dom/security/test/csp/dom_security_test_csp_file_nonce_redirector.sjs
@@ -0,0 +1,25 @@
+// custom *.sjs file for
+// Bug 1469150:Scripts with valid nonce get blocked if URL redirects.
+
+const URL_PATH = "example.com/tests/dom/security/test/csp/";
+
+function handleRequest(request, response) {
+ response.setHeader("Cache-Control", "no-cache", false);
+ let queryStr = request.queryString;
+
+ if (queryStr === "redirect") {
+ response.setStatusLine("1.1", 302, "Found");
+ response.setHeader("Location",
+ "https://" + URL_PATH + "file_nonce_redirector.sjs?load", false);
+ return;
+ }
+
+ if (queryStr === "load") {
+ response.setHeader("Content-Type", "application/javascript", false);
+ response.write("console.log('script loaded');");
+ return;
+ }
+
+ // we should never get here - return something unexpected
+ response.write("d'oh");
+}
diff --git a/dom/security/test/csp/dom_security_test_csp_file_nonce_redirects.html b/dom/security/test/csp/dom_security_test_csp_file_nonce_redirects.html
new file mode 100644
index 000000000..e29116490
--- /dev/null
+++ b/dom/security/test/csp/dom_security_test_csp_file_nonce_redirects.html
@@ -0,0 +1,23 @@
+<!DOCTYPE HTML>
+<html>
+ <head>
+ <meta charset='utf-8'>
+ <meta http-equiv="Content-Security-Policy" content="script-src 'nonce-abcd1234'">
+ <title>Bug 1469150:Scripts with valid nonce get blocked if URL redirects</title>
+ </head>
+<body>
+
+<script nonce='abcd1234' id='redirectScript'></script>
+
+<script nonce='abcd1234' type='application/javascript'>
+ var redirectScript = document.getElementById('redirectScript');
+ redirectScript.onload = function(e) {
+ window.parent.postMessage({result: 'script-loaded'}, '*');
+ };
+ redirectScript.onerror = function(e) {
+ window.parent.postMessage({result: 'script-blocked'}, '*');
+ }
+ redirectScript.src = 'file_nonce_redirector.sjs?redirect';
+</script>
+</body>
+</html>
diff --git a/dom/security/test/csp/dom_security_test_csp_test_nonce_redirects.html b/dom/security/test/csp/dom_security_test_csp_test_nonce_redirects.html
new file mode 100644
index 000000000..f84fdcc7b
--- /dev/null
+++ b/dom/security/test/csp/dom_security_test_csp_test_nonce_redirects.html
@@ -0,0 +1,47 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <meta charset="utf-8">
+ <title>Bug 1469150:Scripts with valid nonce get blocked if URL redirects</title>
+ <!-- Including SimpleTest.js so we can use waitForExplicitFinish !-->
+ <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<iframe style="width:100%;" id="testframe"></iframe>
+
+<script class="testbody" type="text/javascript">
+
+/* Description of the test:
+ * We load a script with a matching nonce, which redirects
+ * and we make sure that script is allowed.
+ */
+
+SimpleTest.waitForExplicitFinish();
+
+function finishTest() {
+ window.removeEventListener("message", receiveMessage);
+ SimpleTest.finish();
+}
+
+function checkResults(aResult) {
+
+ if (aResult === "script-loaded") {
+ ok(true, "expected result: script loaded");
+ }
+ else {
+ ok(false, "unexpected result: script blocked");
+ }
+ finishTest();
+}
+
+window.addEventListener("message", receiveMessage);
+function receiveMessage(event) {
+ checkResults(event.data.result);
+}
+
+document.getElementById("testframe").src = "file_nonce_redirects.html";
+
+</script>
+</body>
+</html>
diff --git a/dom/security/test/csp/mochitest.ini b/dom/security/test/csp/mochitest.ini
index 33b112020..86b7fd0cd 100644
--- a/dom/security/test/csp/mochitest.ini
+++ b/dom/security/test/csp/mochitest.ini
@@ -88,6 +88,8 @@ support-files =
file_shouldprocess.html
file_nonce_source.html
file_nonce_source.html^headers^
+ file_nonce_redirects.html
+ file_nonce_redirector.sjs
file_bug941404.html
file_bug941404_xhr.html
file_bug941404_xhr.html^headers^
@@ -245,6 +247,7 @@ skip-if = toolkit == 'android' # Times out, not sure why (bug 1008445)
[test_frame_ancestors_ro.html]
[test_policyuri_regression_from_multipolicy.html]
[test_nonce_source.html]
+[test_nonce_redirects.html]
[test_bug941404.html]
[test_form-action.html]
[test_hash_source.html]