From 62d535967977ea64884e4418d78f1dc245e682e1 Mon Sep 17 00:00:00 2001
From: janekptacijarabaci <janekptacijarabaci@seznam.cz>
Date: Fri, 25 Aug 2017 09:18:29 +0200
Subject: CSP 2 - ignore (x-)frame-options if CSP with frame-ancestors
 directive exists

---
 dom/security/nsCSPContext.cpp | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'dom/security/nsCSPContext.cpp')

diff --git a/dom/security/nsCSPContext.cpp b/dom/security/nsCSPContext.cpp
index 815c7734d..0a3e20305 100644
--- a/dom/security/nsCSPContext.cpp
+++ b/dom/security/nsCSPContext.cpp
@@ -342,6 +342,20 @@ nsCSPContext::GetBlockAllMixedContent(bool *outBlockAllMixedContent)
   return NS_OK;
 }
 
+NS_IMETHODIMP
+nsCSPContext::GetEnforcesFrameAncestors(bool *outEnforcesFrameAncestors)
+{
+  *outEnforcesFrameAncestors = false;
+  for (uint32_t i = 0; i < mPolicies.Length(); i++) {
+    if (!mPolicies[i]->getReportOnlyFlag() &&
+        mPolicies[i]->hasDirective(nsIContentSecurityPolicy::FRAME_ANCESTORS_DIRECTIVE)) {
+      *outEnforcesFrameAncestors = true;
+      return NS_OK;
+    }
+  }
+  return NS_OK;
+}
+
 NS_IMETHODIMP
 nsCSPContext::GetReferrerPolicy(uint32_t* outPolicy, bool* outIsSet)
 {
-- 
cgit v1.2.3