forked from mirrors/gecko-dev
		
	Bug 1793560 - Remove navigate-to CSP directive r=tschuster
It has never shipped after being implemented years ago, and was removed from spec in September 2022: https://github.com/w3c/webappsec-csp/pull/564 Now skipping navigate-to WPT tests. Filed issue upstream for their future removal: https://github.com/w3c/webappsec-csp/issues/608 Consensus seems to agree to remove, will do in follow up bug once landed. Also removed our own tests. Added a hack in StartDocumentLoad as just removing the navigate-to check call breaks some inhertiance, see comment for more info. Differential Revision: https://phabricator.services.mozilla.com/D181630
This commit is contained in:
		
							parent
							
								
									a1ed3bd737
								
							
						
					
					
						commit
						465206f92c
					
				
					 57 changed files with 39 additions and 721 deletions
				
			
		|  | @ -1371,8 +1371,6 @@ module.exports = { | |||
|         "dom/security/test/csp/file_bug941404.html", | ||||
|         "dom/security/test/csp/file_frameancestors_main.js", | ||||
|         "dom/security/test/csp/file_main.js", | ||||
|         "dom/security/test/csp/file_navigate_to.html", | ||||
|         "dom/security/test/csp/file_navigate_to_request.html", | ||||
|         "dom/security/test/csp/file_null_baseuri.html", | ||||
|         "dom/security/test/csp/file_path_matching_redirect_server.sjs", | ||||
|         "dom/security/test/csp/file_punycode_host_src.sjs", | ||||
|  | @ -1395,7 +1393,6 @@ module.exports = { | |||
|         "dom/security/test/csp/test_blocked_uri_in_reports.html", | ||||
|         "dom/security/test/csp/test_blocked_uri_in_violation_event_after_redirects.html", | ||||
|         "dom/security/test/csp/test_blocked_uri_redirect_frame_src.html", | ||||
|         "dom/security/test/csp/test_navigate_to.html", | ||||
|         "dom/security/test/csp/test_null_baseuri.html", | ||||
|         "dom/security/test/csp/test_path_matching.html", | ||||
|         "dom/security/test/csp/test_report_for_import.html", | ||||
|  |  | |||
|  | @ -212,7 +212,6 @@ devtools/client/styleeditor/test/test_private.html | |||
| devtools/client/webconsole/test/browser/test-csp-violation.html | ||||
| devtools/client/webconsole/test/browser/test-external-script-errors.html | ||||
| devtools/client/webconsole/test/browser/test-mixedcontent-securityerrors.html | ||||
| devtools/client/webconsole/test/browser/test-navigate-to-parse-error.html | ||||
| devtools/client/webconsole/test/browser/test-network.html | ||||
| devtools/client/webconsole/test/browser/test_jsterm_screenshot_command.html | ||||
| devtools/server/tests/browser/animation-data.html | ||||
|  |  | |||
|  | @ -137,7 +137,6 @@ support-files = [ | |||
|   "test-message-categories-workers.html", | ||||
|   "test-message-categories-workers.js", | ||||
|   "test-mixedcontent-securityerrors.html", | ||||
|   "test-navigate-to-parse-error.html", | ||||
|   "test-network-exceptions.html", | ||||
|   "test-network-request.html", | ||||
|   "test-network.html", | ||||
|  | @ -518,8 +517,6 @@ skip-if = ["a11y_checks"] # Bugs 1849028 and 1858041 clicked BUTTON.arrow is inc | |||
| ["browser_webconsole_multiple_windows_and_tabs.js"] | ||||
| skip-if = ["win11_2009"] # Bug 1798331 | ||||
| 
 | ||||
| ["browser_webconsole_navigate_to_parse_error.js"] | ||||
| 
 | ||||
| ["browser_webconsole_network_attach.js"] | ||||
| 
 | ||||
| ["browser_webconsole_network_exceptions.js"] | ||||
|  |  | |||
|  | @ -1,30 +0,0 @@ | |||
| /* Any copyright is dedicated to the Public Domain. | ||||
|  * http://creativecommons.org/publicdomain/zero/1.0/ */
 | ||||
| 
 | ||||
| // Tests that ensure CSP 'navigate-to' does not parse.
 | ||||
| // Bug 1566149
 | ||||
| 
 | ||||
| "use strict"; | ||||
| 
 | ||||
| const TEST_URI = | ||||
|   "data:text/html;charset=utf8,<!DOCTYPE html>Web Console navigate-to parse error test"; | ||||
| const TEST_VIOLATION = | ||||
|   "https://example.com/browser/devtools/client/webconsole/" + | ||||
|   "test/browser/test-navigate-to-parse-error.html"; | ||||
| 
 | ||||
| const CSP_VIOLATION_MSG = | ||||
|   "Content-Security-Policy: Couldn\u2019t process unknown directive \u2018navigate-to\u2019"; | ||||
| 
 | ||||
| add_task(async function () { | ||||
|   const hud = await openNewTabAndConsole(TEST_URI); | ||||
|   await clearOutput(hud); | ||||
| 
 | ||||
|   const onCSPViolationMessage = waitForMessageByType( | ||||
|     hud, | ||||
|     CSP_VIOLATION_MSG, | ||||
|     ".warn" | ||||
|   ); | ||||
|   await navigateTo(TEST_VIOLATION); | ||||
|   await onCSPViolationMessage; | ||||
|   ok(true, "Received expected violation message"); | ||||
| }); | ||||
|  | @ -1,13 +0,0 @@ | |||
| <!DOCTYPE HTML> | ||||
| <html> | ||||
| <head> | ||||
|   <meta http-equiv="Content-Security-Policy" content="navigate-to https://example.com"></meta> | ||||
|   <meta charset="UTF-8"> | ||||
|   <title>Test for Bug 1566149 - Write test to ensure CSP 'navigate-to' does not parse</title> | ||||
| <!-- Any copyright is dedicated to the Public Domain. | ||||
|      http://creativecommons.org/publicdomain/zero/1.0/ --> | ||||
| </head> | ||||
| <body> | ||||
| <a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1566149">Mozilla Bug 1566149</a> | ||||
| </body> | ||||
| </html> | ||||
|  | @ -3475,8 +3475,7 @@ nsDocShell::DisplayLoadError(nsresult aError, nsIURI* aURI, | |||
|     CopyUTF8toUTF16(host, *formatStrs.AppendElement()); | ||||
|     error = "netTimeout"; | ||||
|   } else if (NS_ERROR_CSP_FRAME_ANCESTOR_VIOLATION == aError || | ||||
|              NS_ERROR_CSP_FORM_ACTION_VIOLATION == aError || | ||||
|              NS_ERROR_CSP_NAVIGATE_TO_VIOLATION == aError) { | ||||
|              NS_ERROR_CSP_FORM_ACTION_VIOLATION == aError) { | ||||
|     // CSP error
 | ||||
|     cssClass.AssignLiteral("neterror"); | ||||
|     error = "cspBlocked"; | ||||
|  | @ -10560,22 +10559,6 @@ nsresult nsDocShell::DoURILoad(nsDocShellLoadState* aLoadState, | |||
|     NS_ADDREF(*aRequest = channel); | ||||
|   } | ||||
| 
 | ||||
|   nsCOMPtr<nsIContentSecurityPolicy> csp = aLoadState->Csp(); | ||||
|   if (csp) { | ||||
|     // Check CSP navigate-to
 | ||||
|     bool allowsNavigateTo = false; | ||||
|     rv = csp->GetAllowsNavigateTo(aLoadState->URI(), | ||||
|                                   aLoadState->IsFormSubmission(), | ||||
|                                   false, /* aWasRedirected */ | ||||
|                                   false, /* aEnforceWhitelist */ | ||||
|                                   &allowsNavigateTo); | ||||
|     NS_ENSURE_SUCCESS(rv, rv); | ||||
| 
 | ||||
|     if (!allowsNavigateTo) { | ||||
|       return NS_ERROR_CSP_NAVIGATE_TO_VIOLATION; | ||||
|     } | ||||
|   } | ||||
| 
 | ||||
|   const nsACString& typeHint = aLoadState->TypeHint(); | ||||
|   if (!typeHint.IsVoid()) { | ||||
|     mContentTypeHint = typeHint; | ||||
|  |  | |||
|  | @ -491,8 +491,7 @@ class nsDocShellLoadState final { | |||
|   bool mOriginalFrameSrc; | ||||
| 
 | ||||
|   // If this attribute is true, then the load was initiated by a
 | ||||
|   // form submission. This is important to know for the CSP directive
 | ||||
|   // navigate-to.
 | ||||
|   // form submission.
 | ||||
|   bool mIsFormSubmission; | ||||
| 
 | ||||
|   // Contains a load type as specified by the nsDocShellLoadTypes::load*
 | ||||
|  |  | |||
|  | @ -58,10 +58,6 @@ static const LoadErrorTelemetryResult sResult[] = { | |||
|         NS_ERROR_CSP_FORM_ACTION_VIOLATION, | ||||
|         ErrorLabel::CSP_FORM_ACTION, | ||||
|     }, | ||||
|     { | ||||
|         NS_ERROR_CSP_NAVIGATE_TO_VIOLATION, | ||||
|         ErrorLabel::CSP_NAVIGATE_TO, | ||||
|     }, | ||||
|     { | ||||
|         NS_ERROR_XFO_VIOLATION, | ||||
|         ErrorLabel::XFO_VIOLATION, | ||||
|  |  | |||
|  | @ -3593,23 +3593,15 @@ nsresult Document::StartDocumentLoad(const char* aCommand, nsIChannel* aChannel, | |||
|   rv = InitCOEP(aChannel); | ||||
|   NS_ENSURE_SUCCESS(rv, rv); | ||||
| 
 | ||||
|   // Check CSP navigate-to
 | ||||
|   // We need to enforce the CSP of the document that initiated the load,
 | ||||
|   // which is the CSP to inherit.
 | ||||
|   // HACK: Calling EnsureIPCPoliciesRead() here will parse the CSP using the
 | ||||
|   // context's current mSelfURI (which is still the previous mSelfURI),
 | ||||
|   // bypassing some internal bugs with 'self' and iframe inheritance.
 | ||||
|   // Not calling it here results in the mSelfURI being the current mSelfURI and
 | ||||
|   // not the previous which breaks said inheritance.
 | ||||
|   // https://bugzilla.mozilla.org/show_bug.cgi?id=1793560#ch-8
 | ||||
|   nsCOMPtr<nsIContentSecurityPolicy> cspToInherit = loadInfo->GetCspToInherit(); | ||||
|   if (cspToInherit) { | ||||
|     bool allowsNavigateTo = false; | ||||
|     rv = cspToInherit->GetAllowsNavigateTo( | ||||
|         mDocumentURI, loadInfo->GetIsFormSubmission(), | ||||
|         !loadInfo->RedirectChain().IsEmpty(), /* aWasRedirected */ | ||||
|         true,                                 /* aEnforceWhitelist */ | ||||
|         &allowsNavigateTo); | ||||
|     NS_ENSURE_SUCCESS(rv, rv); | ||||
| 
 | ||||
|     if (!allowsNavigateTo) { | ||||
|       aChannel->Cancel(NS_ERROR_CSP_NAVIGATE_TO_VIOLATION); | ||||
|       return NS_OK; | ||||
|     } | ||||
|     cspToInherit->EnsureIPCPoliciesRead(); | ||||
|   } | ||||
| 
 | ||||
|   rv = InitCSP(aChannel); | ||||
|  |  | |||
|  | @ -61,11 +61,10 @@ interface nsIContentSecurityPolicy : nsISerializable | |||
|     BLOCK_ALL_MIXED_CONTENT        = 18, | ||||
|     SANDBOX_DIRECTIVE              = 19, | ||||
|     WORKER_SRC_DIRECTIVE           = 20, | ||||
|     NAVIGATE_TO_DIRECTIVE          = 21, | ||||
|     SCRIPT_SRC_ELEM_DIRECTIVE      = 22, | ||||
|     SCRIPT_SRC_ATTR_DIRECTIVE      = 23, | ||||
|     STYLE_SRC_ELEM_DIRECTIVE       = 24, | ||||
|     STYLE_SRC_ATTR_DIRECTIVE       = 25, | ||||
|     SCRIPT_SRC_ELEM_DIRECTIVE      = 21, | ||||
|     SCRIPT_SRC_ATTR_DIRECTIVE      = 22, | ||||
|     STYLE_SRC_ELEM_DIRECTIVE       = 23, | ||||
|     STYLE_SRC_ATTR_DIRECTIVE       = 24, | ||||
|   }; | ||||
| 
 | ||||
|   /** | ||||
|  | @ -154,24 +153,6 @@ interface nsIContentSecurityPolicy : nsISerializable | |||
|                           in unsigned long aLineNumber, | ||||
|                           in unsigned long aColumnNumber); | ||||
| 
 | ||||
|   /* | ||||
|    * Whether this policy allows a navigation subject to the navigate-to | ||||
|    * policy. | ||||
|    * @param aURI The target URI | ||||
|    * @param aIsFormSubmission True if the navigation was initiated by a form submission. This | ||||
|    *        is important since the form-action directive overrides navigate-to in that case. | ||||
|    * @param aWasRedirect True if a redirect has happened. Important for path-sensitivity. | ||||
|    * @param aEnforceAllowlist True if the allowlist of allowed targets must be enforced. If | ||||
|    *        this is true, the allowlist must be enforced even if 'unsafe-allow-redirects' is | ||||
|    *        used. If 'unsafe-allow-redirects' is not used then the allowlist is always enforced | ||||
|    * @return | ||||
|    *     Whether or not the effects of the navigation is allowed | ||||
|    */ | ||||
|   boolean getAllowsNavigateTo(in nsIURI aURI, | ||||
|                               in boolean aIsFormSubmission, | ||||
|                               in boolean aWasRedirected, | ||||
|                               in boolean aEnforceAllowlist); | ||||
| 
 | ||||
|   /** | ||||
|    * Whether this policy allows eval and eval-like functions | ||||
|    * such as setTimeout("code string", time). | ||||
|  | @ -359,6 +340,11 @@ interface nsIContentSecurityPolicy : nsISerializable | |||
|    */ | ||||
|   AString toJSON(); | ||||
| 
 | ||||
|   /** | ||||
|    * Ensure policies from IPC are read/parsed. | ||||
|    */ | ||||
|   [noscript] void EnsureIPCPoliciesRead(); | ||||
| 
 | ||||
| }; | ||||
| 
 | ||||
| typedef nsIContentSecurityPolicy_CSPDirective CSPDirective; | ||||
|  |  | |||
|  | @ -326,7 +326,8 @@ nsresult nsCSPContext::InitFromOther(nsCSPContext* aOtherContext) { | |||
|   return NS_OK; | ||||
| } | ||||
| 
 | ||||
| void nsCSPContext::EnsureIPCPoliciesRead() { | ||||
| NS_IMETHODIMP | ||||
| nsCSPContext::EnsureIPCPoliciesRead() { | ||||
|   // Most likely the parser errors already happened before serializing
 | ||||
|   // the policy for IPC.
 | ||||
|   bool previous = mSuppressParserLogMessages; | ||||
|  | @ -343,6 +344,7 @@ void nsCSPContext::EnsureIPCPoliciesRead() { | |||
|   } | ||||
| 
 | ||||
|   mSuppressParserLogMessages = previous; | ||||
|   return NS_OK; | ||||
| } | ||||
| 
 | ||||
| NS_IMETHODIMP | ||||
|  | @ -673,93 +675,6 @@ nsCSPContext::GetAllowsInline(CSPDirective aDirective, bool aHasUnsafeHash, | |||
|   return NS_OK; | ||||
| } | ||||
| 
 | ||||
| NS_IMETHODIMP | ||||
| nsCSPContext::GetAllowsNavigateTo(nsIURI* aURI, bool aIsFormSubmission, | ||||
|                                   bool aWasRedirected, bool aEnforceAllowlist, | ||||
|                                   bool* outAllowsNavigateTo) { | ||||
|   /*
 | ||||
|    * The matrix below shows the different values of (aWasRedirect, | ||||
|    * aEnforceAllowlist) for the three different checks we do. | ||||
|    * | ||||
|    *  Navigation    | Start Loading  | Initiate Redirect | Document | ||||
|    *                | (nsDocShell)   | (nsCSPService)    | | ||||
|    *  ----------------------------------------------------------------- | ||||
|    *  A -> B          (false,false)    -                   (false,true) | ||||
|    *  A -> ... -> B   (false,false)    (true,false)        (true,true) | ||||
|    */ | ||||
|   *outAllowsNavigateTo = false; | ||||
| 
 | ||||
|   EnsureIPCPoliciesRead(); | ||||
|   // The 'form-action' directive overrules 'navigate-to' for form submissions.
 | ||||
|   // So in case this is a form submission and the directive 'form-action' is
 | ||||
|   // present then there is nothing for us to do here, see: 6.3.3.1.2
 | ||||
|   // https://www.w3.org/TR/CSP3/#navigate-to-pre-navigate
 | ||||
|   if (aIsFormSubmission) { | ||||
|     for (unsigned long i = 0; i < mPolicies.Length(); i++) { | ||||
|       if (mPolicies[i]->hasDirective( | ||||
|               nsIContentSecurityPolicy::FORM_ACTION_DIRECTIVE)) { | ||||
|         *outAllowsNavigateTo = true; | ||||
|         return NS_OK; | ||||
|       } | ||||
|     } | ||||
|   } | ||||
| 
 | ||||
|   bool atLeastOneBlock = false; | ||||
|   for (unsigned long i = 0; i < mPolicies.Length(); i++) { | ||||
|     if (!mPolicies[i]->allowsNavigateTo(aURI, aWasRedirected, | ||||
|                                         aEnforceAllowlist)) { | ||||
|       if (!mPolicies[i]->getReportOnlyFlag()) { | ||||
|         atLeastOneBlock = true; | ||||
|       } | ||||
| 
 | ||||
|       // If the load encountered a server side redirect, the spec suggests to
 | ||||
|       // remove the path component from the URI, see:
 | ||||
|       // https://www.w3.org/TR/CSP3/#source-list-paths-and-redirects
 | ||||
|       nsCOMPtr<nsIURI> blockedURIForReporting = aURI; | ||||
|       if (aWasRedirected) { | ||||
|         nsAutoCString prePathStr; | ||||
|         nsCOMPtr<nsIURI> prePathURI; | ||||
|         nsresult rv = aURI->GetPrePath(prePathStr); | ||||
|         NS_ENSURE_SUCCESS(rv, rv); | ||||
|         rv = NS_NewURI(getter_AddRefs(blockedURIForReporting), prePathStr); | ||||
|         NS_ENSURE_SUCCESS(rv, rv); | ||||
|       } | ||||
| 
 | ||||
|       // Lines numbers and source file for the violation report
 | ||||
|       uint32_t lineNumber = 0; | ||||
|       uint32_t columnNumber = 1; | ||||
|       nsAutoCString spec; | ||||
|       JSContext* cx = nsContentUtils::GetCurrentJSContext(); | ||||
|       if (cx) { | ||||
|         nsJSUtils::GetCallingLocation(cx, spec, &lineNumber, &columnNumber); | ||||
|         // If GetCallingLocation fails linenumber & columnNumber are set to
 | ||||
|         // (0, 1) anyway so we can skip checking if that is the case.
 | ||||
|       } | ||||
| 
 | ||||
|       // Report the violation
 | ||||
|       nsresult rv = AsyncReportViolation( | ||||
|           nullptr,                                    // aTriggeringElement
 | ||||
|           nullptr,                                    // aCSPEventListener
 | ||||
|           blockedURIForReporting,                     // aBlockedURI
 | ||||
|           nsCSPContext::BlockedContentSource::eSelf,  // aBlockedSource
 | ||||
|           nullptr,                                    // aOriginalURI
 | ||||
|           u"navigate-to"_ns,                          // aViolatedDirective
 | ||||
|           u"navigate-to"_ns,                          // aEffectiveDirective
 | ||||
|           i,                                          // aViolatedPolicyIndex
 | ||||
|           u""_ns,                                     // aObserverSubject
 | ||||
|           NS_ConvertUTF8toUTF16(spec),                // aSourceFile
 | ||||
|           false,                                      // aReportSample
 | ||||
|           u""_ns,                                     // aScriptSample
 | ||||
|           lineNumber,                                 // aLineNum
 | ||||
|           columnNumber);                              // aColumnNum
 | ||||
|       NS_ENSURE_SUCCESS(rv, rv); | ||||
|     } | ||||
|   } | ||||
| 
 | ||||
|   *outAllowsNavigateTo = !atLeastOneBlock; | ||||
|   return NS_OK; | ||||
| } | ||||
| 
 | ||||
| /**
 | ||||
|  * For each policy, log any violation on the Error Console and send a report | ||||
|  * if a report-uri is present in the policy | ||||
|  |  | |||
|  | @ -149,8 +149,6 @@ class nsCSPContext : public nsIContentSecurityPolicy { | |||
|       nsTArray<mozilla::ipc::ContentSecurityPolicy>& aPolicies); | ||||
| 
 | ||||
|  private: | ||||
|   void EnsureIPCPoliciesRead(); | ||||
| 
 | ||||
|   bool ShouldThrottleReport( | ||||
|       const mozilla::dom::SecurityPolicyViolationEventInit& | ||||
|           aViolationEventInit); | ||||
|  |  | |||
|  | @ -456,20 +456,6 @@ nsCSPBaseSrc* nsCSPParser::keywordSource() { | |||
|     return new nsCSPKeywordSrc(CSP_UTF16KeywordToEnum(mCurToken)); | ||||
|   } | ||||
| 
 | ||||
|   if (CSP_IsKeyword(mCurToken, CSP_UNSAFE_ALLOW_REDIRECTS)) { | ||||
|     if (!CSP_IsDirective(mCurDir[0], | ||||
|                          nsIContentSecurityPolicy::NAVIGATE_TO_DIRECTIVE)) { | ||||
|       // Only allow 'unsafe-allow-redirects' within navigate-to.
 | ||||
|       AutoTArray<nsString, 2> params = {u"unsafe-allow-redirects"_ns, | ||||
|                                         u"navigate-to"_ns}; | ||||
|       logWarningErrorToConsole(nsIScriptError::warningFlag, | ||||
|                                "IgnoringSourceWithinDirective", params); | ||||
|       return nullptr; | ||||
|     } | ||||
| 
 | ||||
|     return new nsCSPKeywordSrc(CSP_UTF16KeywordToEnum(mCurToken)); | ||||
|   } | ||||
| 
 | ||||
|   return nullptr; | ||||
| } | ||||
| 
 | ||||
|  | @ -861,18 +847,6 @@ nsCSPDirective* nsCSPParser::directiveName() { | |||
|     return nullptr; | ||||
|   } | ||||
| 
 | ||||
|   // Bug 1529068: Implement navigate-to directive.
 | ||||
|   // Once all corner cases are resolved we can remove that special
 | ||||
|   // if-handling here and let the parser just fall through to
 | ||||
|   // return new nsCSPDirective.
 | ||||
|   if (directive == nsIContentSecurityPolicy::NAVIGATE_TO_DIRECTIVE && | ||||
|       !StaticPrefs::security_csp_enableNavigateTo()) { | ||||
|     AutoTArray<nsString, 1> params = {mCurToken}; | ||||
|     logWarningErrorToConsole(nsIScriptError::warningFlag, | ||||
|                              "couldNotProcessUnknownDirective", params); | ||||
|     return nullptr; | ||||
|   } | ||||
| 
 | ||||
|   // Make sure the directive does not already exist
 | ||||
|   // (see http://www.w3.org/TR/CSP11/#parsing)
 | ||||
|   if (mPolicy->hasDirective(directive)) { | ||||
|  |  | |||
|  | @ -310,25 +310,6 @@ nsresult CSPService::ConsultCSPForRedirect(nsIURI* aOriginalURI, | |||
|                                            nsIURI* aNewURI, | ||||
|                                            nsILoadInfo* aLoadInfo, | ||||
|                                            Maybe<nsresult>& aCancelCode) { | ||||
|   // Check CSP navigate-to
 | ||||
|   // We need to enforce the CSP of the document that initiated the load,
 | ||||
|   // which is the CSP to inherit.
 | ||||
|   nsCOMPtr<nsIContentSecurityPolicy> cspToInherit = | ||||
|       aLoadInfo->GetCspToInherit(); | ||||
|   if (cspToInherit) { | ||||
|     bool allowsNavigateTo = false; | ||||
|     nsresult rv = cspToInherit->GetAllowsNavigateTo( | ||||
|         aNewURI, aLoadInfo->GetIsFormSubmission(), true, /* aWasRedirected */ | ||||
|         false,                                           /* aEnforceAllowlist */ | ||||
|         &allowsNavigateTo); | ||||
|     NS_ENSURE_SUCCESS(rv, rv); | ||||
| 
 | ||||
|     if (!allowsNavigateTo) { | ||||
|       aCancelCode = Some(NS_ERROR_CSP_NAVIGATE_TO_VIOLATION); | ||||
|       return NS_OK; | ||||
|     } | ||||
|   } | ||||
| 
 | ||||
|   // No need to continue processing if CSP is disabled or if the protocol
 | ||||
|   // is *not* subject to CSP.
 | ||||
|   // Please note, the correct way to opt-out of CSP using a custom
 | ||||
|  |  | |||
|  | @ -358,7 +358,6 @@ CSPDirective CSP_ContentTypeToDirective(nsContentPolicyType aType) { | |||
|       return nsIContentSecurityPolicy::NO_DIRECTIVE; | ||||
| 
 | ||||
|     // Fall through to error for all other directives
 | ||||
|     // Note that we should never end up here for navigate-to
 | ||||
|     case nsIContentPolicy::TYPE_INVALID: | ||||
|     case nsIContentPolicy::TYPE_END: | ||||
|       MOZ_ASSERT(false, "Can not map nsContentPolicyType to CSPDirective"); | ||||
|  | @ -1676,31 +1675,6 @@ bool nsCSPPolicy::hasDirective(CSPDirective aDir) const { | |||
|   return false; | ||||
| } | ||||
| 
 | ||||
| bool nsCSPPolicy::allowsNavigateTo(nsIURI* aURI, bool aWasRedirected, | ||||
|                                    bool aEnforceAllowlist) const { | ||||
|   bool allowsNavigateTo = true; | ||||
| 
 | ||||
|   for (unsigned long i = 0; i < mDirectives.Length(); i++) { | ||||
|     if (mDirectives[i]->equals( | ||||
|             nsIContentSecurityPolicy::NAVIGATE_TO_DIRECTIVE)) { | ||||
|       // Early return if we can skip the allowlist AND 'unsafe-allow-redirects'
 | ||||
|       // is present.
 | ||||
|       if (!aEnforceAllowlist && | ||||
|           mDirectives[i]->allows(CSP_UNSAFE_ALLOW_REDIRECTS, u""_ns)) { | ||||
|         return true; | ||||
|       } | ||||
|       // Otherwise, check against the allowlist.
 | ||||
|       if (!mDirectives[i]->permits( | ||||
|               nsIContentSecurityPolicy::NAVIGATE_TO_DIRECTIVE, nullptr, aURI, | ||||
|               aWasRedirected, false, false)) { | ||||
|         allowsNavigateTo = false; | ||||
|       } | ||||
|     } | ||||
|   } | ||||
| 
 | ||||
|   return allowsNavigateTo; | ||||
| } | ||||
| 
 | ||||
| bool nsCSPPolicy::allowsAllInlineBehavior(CSPDirective aDir) const { | ||||
|   nsCSPDirective* directive = matchingOrDefaultDirective(aDir); | ||||
|   if (!directive) { | ||||
|  |  | |||
|  | @ -89,7 +89,6 @@ static const char* CSPStrDirectives[] = { | |||
|     "block-all-mixed-content",    // BLOCK_ALL_MIXED_CONTENT
 | ||||
|     "sandbox",                    // SANDBOX_DIRECTIVE
 | ||||
|     "worker-src",                 // WORKER_SRC_DIRECTIVE
 | ||||
|     "navigate-to",                // NAVIGATE_TO_DIRECTIVE
 | ||||
|     "script-src-elem",            // SCRIPT_SRC_ELEM_DIRECTIVE
 | ||||
|     "script-src-attr",            // SCRIPT_SRC_ATTR_DIRECTIVE
 | ||||
|     "style-src-elem",             // STYLE_SRC_ELEM_DIRECTIVE
 | ||||
|  | @ -113,16 +112,15 @@ inline CSPDirective CSP_StringToCSPDirective(const nsAString& aDir) { | |||
|   return nsIContentSecurityPolicy::NO_DIRECTIVE; | ||||
| } | ||||
| 
 | ||||
| #define FOR_EACH_CSP_KEYWORD(MACRO)                             \ | ||||
|   MACRO(CSP_SELF, "'self'")                                     \ | ||||
|   MACRO(CSP_UNSAFE_INLINE, "'unsafe-inline'")                   \ | ||||
|   MACRO(CSP_UNSAFE_EVAL, "'unsafe-eval'")                       \ | ||||
|   MACRO(CSP_UNSAFE_HASHES, "'unsafe-hashes'")                   \ | ||||
|   MACRO(CSP_NONE, "'none'")                                     \ | ||||
|   MACRO(CSP_NONCE, "'nonce-")                                   \ | ||||
|   MACRO(CSP_REPORT_SAMPLE, "'report-sample'")                   \ | ||||
|   MACRO(CSP_STRICT_DYNAMIC, "'strict-dynamic'")                 \ | ||||
|   MACRO(CSP_UNSAFE_ALLOW_REDIRECTS, "'unsafe-allow-redirects'") \ | ||||
| #define FOR_EACH_CSP_KEYWORD(MACRO)             \ | ||||
|   MACRO(CSP_SELF, "'self'")                     \ | ||||
|   MACRO(CSP_UNSAFE_INLINE, "'unsafe-inline'")   \ | ||||
|   MACRO(CSP_UNSAFE_EVAL, "'unsafe-eval'")       \ | ||||
|   MACRO(CSP_UNSAFE_HASHES, "'unsafe-hashes'")   \ | ||||
|   MACRO(CSP_NONE, "'none'")                     \ | ||||
|   MACRO(CSP_NONCE, "'nonce-")                   \ | ||||
|   MACRO(CSP_REPORT_SAMPLE, "'report-sample'")   \ | ||||
|   MACRO(CSP_STRICT_DYNAMIC, "'strict-dynamic'") \ | ||||
|   MACRO(CSP_WASM_UNSAFE_EVAL, "'wasm-unsafe-eval'") | ||||
| 
 | ||||
| enum CSPKeyword { | ||||
|  | @ -664,9 +662,6 @@ class nsCSPPolicy { | |||
| 
 | ||||
|   bool visitDirectiveSrcs(CSPDirective aDir, nsCSPSrcVisitor* aVisitor) const; | ||||
| 
 | ||||
|   bool allowsNavigateTo(nsIURI* aURI, bool aWasRedirected, | ||||
|                         bool aEnforceAllowlist) const; | ||||
| 
 | ||||
|   bool allowsAllInlineBehavior(CSPDirective aDir) const; | ||||
| 
 | ||||
|  private: | ||||
|  |  | |||
|  | @ -1,11 +0,0 @@ | |||
| <!DOCTYPE HTML> | ||||
| <html> | ||||
| <head> | ||||
|   <title>Bug 1529068 Implement CSP 'navigate-to' directive</title> | ||||
| </head> | ||||
| <body> | ||||
|   <script type="text/javascript"> | ||||
|   window.location = "http://www.example.com/"; | ||||
|   </script> | ||||
| </body> | ||||
| </html> | ||||
|  | @ -1,57 +0,0 @@ | |||
| // Custom *.sjs file specifically for the needs of | ||||
| // https://bugzilla.mozilla.org/show_bug.cgi?id=1529068 | ||||
| 
 | ||||
| "use strict"; | ||||
| 
 | ||||
| const TEST_NAVIGATION_HEAD = ` | ||||
|   <!DOCTYPE HTML> | ||||
|   <html> | ||||
|   <head> | ||||
|     <title>Bug 1529068 Implement CSP 'navigate-to' directive</title>`; | ||||
| 
 | ||||
| const TEST_NAVIGATION_AFTER_META = ` | ||||
|   </head> | ||||
|   <body> | ||||
|     <script type="text/javascript"> | ||||
|     window.location = "`; | ||||
| 
 | ||||
| const TEST_NAVIGATION_FOOT = `"; | ||||
|     </script> | ||||
|   </body> | ||||
|   </html> | ||||
|   `; | ||||
| 
 | ||||
| function handleRequest(request, response) { | ||||
|   const query = new URLSearchParams(request.queryString); | ||||
| 
 | ||||
|   response.setHeader("Cache-Control", "no-cache", false); | ||||
|   response.setHeader("Content-Type", "text/html", false); | ||||
| 
 | ||||
|   if (query.get("redir")) { | ||||
|     response.setStatusLine(request.httpVersion, "302", "Found"); | ||||
|     response.setHeader("Location", query.get("redir"), false); | ||||
|     return; | ||||
|   } | ||||
| 
 | ||||
|   response.write(TEST_NAVIGATION_HEAD); | ||||
| 
 | ||||
|   // We need meta to set multiple CSP headers. | ||||
|   if (query.get("csp")) { | ||||
|     response.write( | ||||
|       '<meta http-equiv="Content-Security-Policy" content="' + | ||||
|         query.get("csp") + | ||||
|         '">' | ||||
|     ); | ||||
|   } | ||||
|   if (query.get("csp2")) { | ||||
|     response.write( | ||||
|       '<meta http-equiv="Content-Security-Policy" content="' + | ||||
|         query.get("csp2") + | ||||
|         '">' | ||||
|     ); | ||||
|   } | ||||
| 
 | ||||
|   response.write( | ||||
|     TEST_NAVIGATION_AFTER_META + query.get("target") + TEST_NAVIGATION_FOOT | ||||
|   ); | ||||
| } | ||||
|  | @ -1,17 +0,0 @@ | |||
| <!DOCTYPE HTML> | ||||
| <html> | ||||
| <head> | ||||
|   <meta charset="utf-8"> | ||||
| </head> | ||||
| <script type="text/javascript"> | ||||
|   // The idea with this file is to convert responses into requests.  | ||||
|   // This is needed because we don't have  | ||||
|   // specialpowers-http-notify-response | ||||
| 
 | ||||
|   // Response from this file => request to www.example.com => Allowed | ||||
|   // CSP error               => Blocked | ||||
|   fetch('http://www.example.com/'); | ||||
| </script> | ||||
| <body> | ||||
| </body> | ||||
| </html> | ||||
|  | @ -576,16 +576,6 @@ skip-if = [ | |||
|   "http2", | ||||
| ] | ||||
| 
 | ||||
| ["test_navigate_to.html"] | ||||
| support-files = [ | ||||
|   "file_navigate_to.sjs", | ||||
|   "file_navigate_to_request.html", | ||||
| ] | ||||
| skip-if = [ | ||||
|   "http3", | ||||
|   "http2", | ||||
| ] | ||||
| 
 | ||||
| ["test_nonce_redirects.html"] | ||||
| 
 | ||||
| ["test_nonce_snapshot.html"] | ||||
|  |  | |||
|  | @ -1,158 +0,0 @@ | |||
| <!DOCTYPE HTML> | ||||
| <html> | ||||
| <head> | ||||
|   <title>Bug 1529068 Implement CSP 'navigate-to' directive</title> | ||||
|   <!-- Including SimpleTest.js so we can use waitForExplicitFinish !--> | ||||
|   <script src="/tests/SimpleTest/SimpleTest.js"></script> | ||||
|   <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> | ||||
| </head> | ||||
| <body> | ||||
|   <p id="display"></p> | ||||
|   <div id="content"> | ||||
|     <iframe style="width:100%;" id="testframe"></iframe> | ||||
|   </div> | ||||
| 
 | ||||
| <script class="testbody" type="text/javascript"> | ||||
| 
 | ||||
| /* | ||||
|  * Description of the test: | ||||
|  *   We load a page with a given CSP and verify that navigations are correctly | ||||
|  *   evaluated through the "navigate-to" directive. | ||||
|  */ | ||||
| SpecialPowers.pushPrefEnv({"set": [["security.csp.enableNavigateTo", true]]}); | ||||
| SimpleTest.waitForExplicitFinish(); | ||||
| 
 | ||||
| // Note: The final website for the navigation chain must always be: www.example.com | ||||
| var tests = [ | ||||
|   { | ||||
|     result : "blocked", | ||||
|     policy : "navigate-to www.mozilla.com", | ||||
|     target : "http://www.example.com/" | ||||
|   }, | ||||
|   { | ||||
|     result : "allowed", | ||||
|     policy : "navigate-to www.example.com", | ||||
|     target : "http://www.example.com/" | ||||
|   }, | ||||
|   { | ||||
|     // Test path-sensitivity  | ||||
|     result : "blocked", | ||||
|     policy : "navigate-to http://www.example.com/full/path/to/file", | ||||
|     target : "http://www.example.com/" | ||||
|   }, | ||||
|   { | ||||
|     // Test scheme | ||||
|     result : "blocked", | ||||
|     policy : "navigate-to https://www.example.com/", | ||||
|     target : "http://www.example.com/" | ||||
|   }, | ||||
|   { | ||||
|     // Redirect from tracking.example.com to www.example.com | ||||
|     result : "blocked", | ||||
|     policy : "navigate-to www.example.com", | ||||
|     target : "http://tracking.example.com/tests/dom/security/test/csp/file_navigate_to.sjs?redir=http://www.example.com/" | ||||
|   }, | ||||
|   { | ||||
|   // Redirect from tracking.example.com to www.example.com (Explicitly allowed) | ||||
|     result : "allowed", | ||||
|     policy : "navigate-to tracking.example.com www.example.com", | ||||
|     target : "http://tracking.example.com/tests/dom/security/test/csp/file_navigate_to.sjs?redir=http://www.example.com/" | ||||
|   }, | ||||
|   { | ||||
|   // Redirect from tracking.example.com to www.example.com ('unsafe-allow-redirects') | ||||
|     result : "allowed", | ||||
|     policy : "navigate-to 'unsafe-allow-redirects' www.example.com", | ||||
|     target : "http://tracking.example.com/tests/dom/security/test/csp/file_navigate_to.sjs?redir=http://www.example.com/" | ||||
|   }, | ||||
|   // No path-sensitivity after redirect | ||||
|   { | ||||
|     result : "allowed", | ||||
|     policy : "navigate-to tracking.example.com http://www.example.com/full/path/to/file", | ||||
|     target : "http://tracking.example.com/tests/dom/security/test/csp/file_navigate_to.sjs?redir=http://www.example.com/" | ||||
|   }, | ||||
|   // Multiple CSP directives, first block (origin) second allow | ||||
|   { | ||||
|     result : "allowed", | ||||
|     policy : "img-src 'none'; navigate-to www.example.com", | ||||
|     target : "http://www.example.com/" | ||||
|   }, | ||||
|   // Multiple CSP directives, first allow (origin) second block | ||||
|   { | ||||
|     result : "blocked", | ||||
|     policy : "img-src www.example.com mochi.test:8888; navigate-to www.mozilla.com", | ||||
|     target : "http://www.example.com/" | ||||
|   }, | ||||
|   // Multiple CSPs, first allow second block | ||||
|   { | ||||
|     result  : "blocked", | ||||
|     policy  : "navigate-to www.example.com", | ||||
|     policy2 : "navigate-to www.mozilla.com", | ||||
|     target  : "http://www.example.com/" | ||||
|   }, | ||||
|   // Multiple CSPs, first block second allow | ||||
|   { | ||||
|     result  : "blocked", | ||||
|     policy  : "navigate-to www.mozilla.com", | ||||
|     policy2 : "navigate-to www.example.com", | ||||
|     target  : "http://www.example.com/" | ||||
|   }, | ||||
| ]; | ||||
| 
 | ||||
| // initializing to -1 so we start at index 0 when we start the test | ||||
| var counter = -1; | ||||
| 
 | ||||
| function checkResult(aResult) { | ||||
|   is(aResult, tests[counter].result, "should be " + tests[counter].result + " in test " + counter +  | ||||
|     "(" + tests[counter].policy + ", " + tests[counter].target + ")!"); | ||||
|   loadNextTest(); | ||||
| } | ||||
| 
 | ||||
| // We use the examiner to identify requests that hit the wire and requests | ||||
| // that are blocked by CSP and bubble up the result to the including iframe | ||||
| // document (parent). | ||||
| function examiner() { | ||||
|   SpecialPowers.addObserver(this, "csp-on-violate-policy"); | ||||
| } | ||||
| examiner.prototype  = { | ||||
|   observe(subject, topic, data) { | ||||
|     if (topic === "csp-on-violate-policy" && data === "navigate-to") { | ||||
|       checkResult("blocked"); | ||||
|     } | ||||
| 
 | ||||
|   }, | ||||
|   remove() { | ||||
|     SpecialPowers.removeObserver(this, "csp-on-violate-policy"); | ||||
|   } | ||||
| } | ||||
| window.NavigationActionExaminer = new examiner(); | ||||
| // We use iframe onload to check if requests are not blocked by CSP | ||||
| var iframe = document.getElementById("testframe"); | ||||
| iframe.onload = function() { | ||||
|   checkResult("allowed"); | ||||
| } | ||||
| 
 | ||||
| function loadNextTest() { | ||||
|   counter++; | ||||
|   if (counter == tests.length) { | ||||
|     window.NavigationActionExaminer.remove(); | ||||
|     SimpleTest.finish(); | ||||
|     return; | ||||
|   } | ||||
| 
 | ||||
|   var src = "file_navigate_to.sjs"; | ||||
|   // append the CSP that should be used to serve the file | ||||
|   src += "?csp=" + escape(tests[counter].policy); | ||||
|   if( tests[counter].policy2 ) { | ||||
|      src += "&csp2=" + escape(tests[counter].policy2); | ||||
|   } | ||||
|   src += "&target=" + escape(tests[counter].target); | ||||
| 
 | ||||
|   iframe.src = src; | ||||
| } | ||||
| 
 | ||||
| // start running the tests | ||||
| loadNextTest(); | ||||
| 
 | ||||
| </script> | ||||
| </body> | ||||
| </html> | ||||
|  | @ -150,10 +150,12 @@ nsresult runTestSuite(const PolicyTest* aPolicies, uint32_t aPolicyCount, | |||
|                       uint32_t aExpectedPolicyCount) { | ||||
|   nsresult rv; | ||||
|   nsCOMPtr<nsIPrefBranch> prefs = do_GetService(NS_PREFSERVICE_CONTRACTID); | ||||
|   bool navigateTo = false; | ||||
| 
 | ||||
|   // Add prefs you need to set to parse CSP here, see comments for example
 | ||||
|   // bool examplePref = false;
 | ||||
|   if (prefs) { | ||||
|     prefs->GetBoolPref("security.csp.enableNavigateTo", &navigateTo); | ||||
|     prefs->SetBoolPref("security.csp.enableNavigateTo", true); | ||||
|     // prefs->GetBoolPref("security.csp.examplePref", &examplePref);
 | ||||
|     // prefs->SetBoolPref("security.csp.examplePref", true);
 | ||||
|   } | ||||
| 
 | ||||
|   for (uint32_t i = 0; i < aPolicyCount; i++) { | ||||
|  | @ -163,7 +165,7 @@ nsresult runTestSuite(const PolicyTest* aPolicies, uint32_t aPolicyCount, | |||
|   } | ||||
| 
 | ||||
|   if (prefs) { | ||||
|     prefs->SetBoolPref("security.csp.enableNavigateTo", navigateTo); | ||||
|     // prefs->SetBoolPref("security.csp.examplePref", examplePref);
 | ||||
|   } | ||||
| 
 | ||||
|   return NS_OK; | ||||
|  | @ -217,10 +219,6 @@ TEST(CSPParser, Directives) | |||
|       "worker-src https://example.com" }, | ||||
|     { "worker-src http://worker.com; frame-src http://frame.com; child-src http://child.com", | ||||
|       "worker-src http://worker.com; frame-src http://frame.com; child-src http://child.com" }, | ||||
|     { "navigate-to http://example.com", | ||||
|       "navigate-to http://example.com"}, | ||||
|     { "navigate-to 'unsafe-allow-redirects' http://example.com", | ||||
|       "navigate-to 'unsafe-allow-redirects' http://example.com"}, | ||||
|     { "script-src 'unsafe-allow-redirects' http://example.com", | ||||
|       "script-src http://example.com"}, | ||||
|       // clang-format on
 | ||||
|  |  | |||
|  | @ -13924,12 +13924,6 @@ | |||
|   value: true | ||||
|   mirror: always | ||||
| 
 | ||||
| # Navigate-to CSP 3 directive | ||||
| - name: security.csp.enableNavigateTo | ||||
|   type: bool | ||||
|   value: false | ||||
|   mirror: always | ||||
| 
 | ||||
| # WebAuthn CTAP2 support | ||||
| - name: security.webauthn.ctap2 | ||||
|   type: RelaxedAtomicBool | ||||
|  |  | |||
|  | @ -711,7 +711,6 @@ interface nsILoadInfo : nsISupports | |||
| 
 | ||||
|   /** | ||||
|    * True if the load was initiated by a form request. | ||||
|    * This is important to know to handle the CSP directive navigate-to. | ||||
|    */ | ||||
|   [infallible] attribute boolean isFormSubmission; | ||||
| 
 | ||||
|  |  | |||
|  | @ -1019,19 +1019,6 @@ auto DocumentLoadListener::OpenInParent(nsDocShellLoadState* aLoadState, | |||
|     return nullptr; | ||||
|   } | ||||
| 
 | ||||
|   if (nsCOMPtr<nsIContentSecurityPolicy> csp = aLoadState->Csp()) { | ||||
|     // Check CSP navigate-to
 | ||||
|     bool allowsNavigateTo = false; | ||||
|     nsresult rv = csp->GetAllowsNavigateTo(aLoadState->URI(), | ||||
|                                            aLoadState->IsFormSubmission(), | ||||
|                                            false, /* aWasRedirected */ | ||||
|                                            false, /* aEnforceWhitelist */ | ||||
|                                            &allowsNavigateTo); | ||||
|     if (NS_FAILED(rv) || !allowsNavigateTo) { | ||||
|       return nullptr; | ||||
|     } | ||||
|   } | ||||
| 
 | ||||
|   // Clone because this mutates the load flags in the load state, which
 | ||||
|   // breaks nsDocShells expectations of being able to do it.
 | ||||
|   RefPtr<nsDocShellLoadState> loadState = new nsDocShellLoadState(*aLoadState); | ||||
|  |  | |||
|  | @ -1,4 +1 @@ | |||
| prefs: [security.csp.enableNavigateTo:true] | ||||
| disabled: | ||||
|   if os == "win": https://bugzilla.mozilla.org/show_bug.cgi?id=1450635 | ||||
| lsan-allowed: [Alloc, AllocateProtoAndIfaceCache, CallFromStack, CallJSNative, CallResolveOp, DelazifyCanonicalScriptedFunction, EnterJit, InternalCall, JS::Call, JSFunction::delazifyLazilyInterpretedFunction, MakeLinearStringForAtomization, ProtoAndIfaceCache, addDataProperty, alloc::raw_vec::finish_grow, applyImpl, js::RunScript, js::frontend::CompilationStencil::instantiateStencilsAfterPreparation, js_new, js_pod_arena_malloc, maybeCreateCacheForLookup, mozilla::EventDispatcher::Dispatch, mozilla::EventListenerManager::HandleEventInternal, mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal, mozilla::detail::HashTable, mozilla::detail::RunnableFunction, mozilla::dom::PContentChild::OnMessageReceived, mozilla::dom::Performance::CreateForMainThread, mozilla::dom::PerformanceMainThread::CreateNavigationTimingEntry, mozilla::dom::ProtoAndIfaceCache::PageTableCache::EntrySlotOrCreate, mozilla::dom::ScriptLoader::CreateLoadRequest, mozilla::dom::ScriptLoader::EvaluateScript, mozilla::intl::FluentBundle::Constructor, mozilla::intl::FluentResource::Constructor, mozilla::ipc::MessageChannel::RunMessage, mozilla::net::nsStandardURL::TemplatedMutator, nsDocumentOpenInfo::TryContentListener, nsDynamicAtom::Create, nsPresContext::NotifyContentfulPaint, nsThread::ProcessNextEvent, operator, search, unknown stack] | ||||
| disabled: true | ||||
|  |  | |||
|  | @ -1,8 +0,0 @@ | |||
| [child-navigates-parent-allowed.html]	 | ||||
|   disabled: | ||||
|     if os == "linux": https://bugzilla.mozilla.org/show_bug.cgi?id=1450660 | ||||
|    | ||||
|   expected: TIMEOUT | ||||
| 
 | ||||
|   [Test that the child can navigate the parent because the relevant policy belongs to the navigation initiator (in this case the child, which has the policy `navigate-to 'self'`)] | ||||
|     expected: NOTRUN | ||||
|  | @ -1,12 +0,0 @@ | |||
| [child-navigates-parent-blocked.sub.html] | ||||
|   disabled: | ||||
|     if os == "linux": https://bugzilla.mozilla.org/show_bug.cgi?id=1845961 | ||||
|     if os == "mac": https://bugzilla.mozilla.org/show_bug.cgi?id=1845961 | ||||
|     if os == "android": https://bugzilla.mozilla.org/show_bug.cgi?id=1845961 | ||||
|   expected: TIMEOUT | ||||
|   [Violation report status OK.] | ||||
|     expected: FAIL | ||||
| 
 | ||||
|   [Test that the child can't navigate the parent because the relevant policy belongs to the navigation initiator (in this case the child which has the policy `navigate-to 'none'`)] | ||||
|     expected: NOTRUN | ||||
| 
 | ||||
|  | @ -1,4 +0,0 @@ | |||
| [form-action-blocks-navigate-to-allows.sub.html] | ||||
|   [Test that form-action overrides navigate-to when present.] | ||||
|     expected: FAIL | ||||
| 
 | ||||
|  | @ -1,5 +0,0 @@ | |||
| [form-action-blocks-navigate-to-blocks.sub.html] | ||||
|   expected: | ||||
|     if (os == "android") and fission: [OK, TIMEOUT] | ||||
|   [Test that form-action overrides navigate-to when present.] | ||||
|     expected: FAIL | ||||
|  | @ -1,9 +0,0 @@ | |||
| [form-blocked.sub.html] | ||||
|   expected: | ||||
|     if (os == "android") and fission: [OK, TIMEOUT] | ||||
|   [Test that the child iframe navigation is not allowed] | ||||
|     expected: FAIL | ||||
| 
 | ||||
|   [Violation report status OK.] | ||||
|     expected: | ||||
|       if (os == "android") and not debug: [PASS, FAIL] | ||||
|  | @ -1,5 +0,0 @@ | |||
| [form-cross-origin-blocked.sub.html] | ||||
|   expected: | ||||
|     if (os == "android") and fission: [OK, TIMEOUT] | ||||
|   [Test that the child iframe navigation is not allowed] | ||||
|     expected: FAIL | ||||
|  | @ -1,3 +0,0 @@ | |||
| [form-redirected-blocked.sub.html] | ||||
|   expected: | ||||
|     if (os == "android") and fission: [OK, TIMEOUT] | ||||
|  | @ -1,3 +0,0 @@ | |||
| [href-location-allowed.html] | ||||
|   expected: | ||||
|     if (os == "android") and fission: [OK, TIMEOUT] | ||||
|  | @ -1,6 +0,0 @@ | |||
| [href-location-blocked.sub.html] | ||||
|   [Violation report status OK.] | ||||
|     expected: | ||||
|       if (os == "android") and debug and swgl: [PASS, FAIL] | ||||
|       if (os == "android") and debug and not swgl: [FAIL, PASS] | ||||
|       if (os == "android") and not debug: [PASS, FAIL] | ||||
|  | @ -1,3 +0,0 @@ | |||
| [href-location-cross-origin-allowed.sub.html] | ||||
|   expected: | ||||
|     if (os == "android") and fission: [OK, TIMEOUT] | ||||
|  | @ -1,3 +0,0 @@ | |||
| [href-location-cross-origin-blocked.sub.html] | ||||
|   disabled: | ||||
|     if os == "android": Passes on debug but fails on optimized | ||||
|  | @ -1,3 +0,0 @@ | |||
| [href-location-redirected-allowed.html] | ||||
|   expected: | ||||
|     if (os == "android") and fission: [OK, TIMEOUT] | ||||
|  | @ -1,3 +0,0 @@ | |||
| [href-location-redirected-blocked.sub.html] | ||||
|   expected: | ||||
|     if (os == "android") and fission: [OK, TIMEOUT] | ||||
|  | @ -1,3 +0,0 @@ | |||
| [link-click-allowed.html] | ||||
|   expected: | ||||
|     if (os == "android") and fission: [TIMEOUT, OK] | ||||
|  | @ -1,11 +0,0 @@ | |||
| [link-click-blocked.sub.html] | ||||
|   expected: | ||||
|     if fission and (os == "linux") and not debug: [OK, TIMEOUT] | ||||
|     if fission and (os == "android"): [OK, TIMEOUT] | ||||
|   [Test that the child iframe navigation is not allowed] | ||||
|     expected: | ||||
|       if (os == "linux") and not debug and fission: [PASS, NOTRUN] | ||||
| 
 | ||||
|   [Violation report status OK.] | ||||
|     expected: | ||||
|       if (os == "linux") and not debug and fission: [PASS, FAIL] | ||||
|  | @ -1,3 +0,0 @@ | |||
| [link-click-cross-origin-allowed.sub.html] | ||||
|   expected: | ||||
|     if (os == "android") and fission: [OK, TIMEOUT] | ||||
|  | @ -1,3 +0,0 @@ | |||
| [link-click-cross-origin-blocked.sub.html] | ||||
|   expected: | ||||
|     if (os == "android") and fission: [OK, TIMEOUT] | ||||
|  | @ -1,5 +0,0 @@ | |||
| [link-click-redirected-allowed.html] | ||||
|   disabled: | ||||
|     if os == "win": Bug 1440584 | ||||
|   expected: | ||||
|     if (os == "android") and fission: [OK, TIMEOUT] | ||||
|  | @ -1,4 +0,0 @@ | |||
| [link-click-redirected-blocked.sub.html] | ||||
|   [Violation report status OK.] | ||||
|     expected: | ||||
|       if debug and (os == "linux") and not fission and not swgl: [PASS, FAIL] | ||||
|  | @ -1,3 +0,0 @@ | |||
| [meta-refresh-allowed.html] | ||||
|   expected: | ||||
|     if (os == "android") and fission: [OK, TIMEOUT] | ||||
|  | @ -1,3 +0,0 @@ | |||
| [meta-refresh-blocked.sub.html] | ||||
|   expected: | ||||
|     if (os == "android") and fission: [OK, TIMEOUT] | ||||
|  | @ -1,3 +0,0 @@ | |||
| [meta-refresh-cross-origin-allowed.sub.html] | ||||
|   expected: | ||||
|     if (os == "android") and fission: [OK, TIMEOUT] | ||||
|  | @ -1,3 +0,0 @@ | |||
| [meta-refresh-cross-origin-blocked.sub.html] | ||||
|   expected: | ||||
|     if (os == "android") and fission: [OK, TIMEOUT] | ||||
|  | @ -1,3 +0,0 @@ | |||
| [meta-refresh-redirected-allowed.html] | ||||
|   expected: | ||||
|     if (os == "android") and fission: [OK, TIMEOUT] | ||||
|  | @ -1,3 +0,0 @@ | |||
| [meta-refresh-redirected-blocked.sub.html] | ||||
|   expected: | ||||
|     if (os == "android") and fission: [OK, TIMEOUT] | ||||
|  | @ -1,3 +0,0 @@ | |||
| [parent-navigates-child-allowed.html] | ||||
|   expected: | ||||
|     if (os == "android") and fission: [OK, TIMEOUT] | ||||
|  | @ -1,3 +0,0 @@ | |||
| [parent-navigates-child-blocked.html] | ||||
|   expected: | ||||
|     if (os == "android") and fission: [OK, TIMEOUT] | ||||
|  | @ -1,17 +0,0 @@ | |||
| [spv-only-sent-to-initiator.sub.html] | ||||
|   expected: | ||||
|     if fission and (os == "linux") and debug and not swgl: [TIMEOUT, OK] | ||||
|     if fission and (os == "linux") and debug and swgl: [TIMEOUT, OK] | ||||
|     if fission and (os == "linux") and not debug and (processor == "x86_64"): [TIMEOUT, OK] | ||||
|     if fission and (os == "mac") and debug: [TIMEOUT, OK] | ||||
|     [OK, TIMEOUT] | ||||
|   [Test that no spv event is raised] | ||||
|     expected: | ||||
|       if fission and (os == "linux") and not debug and (processor == "x86_64"): [NOTRUN, FAIL] | ||||
|       if fission and (os == "linux") and debug and not swgl: [NOTRUN, FAIL] | ||||
|       if fission and (os == "linux") and debug and swgl: [NOTRUN, FAIL] | ||||
|       if fission and (os == "mac") and debug: [NOTRUN, FAIL] | ||||
|       [FAIL, NOTRUN] | ||||
| 
 | ||||
|   [Violation report status OK.] | ||||
|     expected: FAIL | ||||
|  | @ -1,3 +0,0 @@ | |||
| [allowed-end-of-chain-because-of-same-origin.sub.html] | ||||
|   disabled: | ||||
|     if (os == "android"): https://bugzilla.mozilla.org/show_bug.cgi?id=1511193 | ||||
|  | @ -1,6 +0,0 @@ | |||
| [blocked-end-of-chain.sub.html] | ||||
|   expected: TIMEOUT | ||||
| 
 | ||||
|   [Test that the child iframe navigation is blocked] | ||||
|     expected: NOTRUN | ||||
| 
 | ||||
|  | @ -902,9 +902,8 @@ with modules["SECURITY"]: | |||
|     errors["NS_ERROR_XFO_VIOLATION"] = FAILURE(96) | ||||
| 
 | ||||
|     # Error code for CSP | ||||
|     errors["NS_ERROR_CSP_NAVIGATE_TO_VIOLATION"] = FAILURE(97) | ||||
|     errors["NS_ERROR_CSP_FORM_ACTION_VIOLATION"] = FAILURE(98) | ||||
|     errors["NS_ERROR_CSP_FRAME_ANCESTOR_VIOLATION"] = FAILURE(99) | ||||
|     errors["NS_ERROR_CSP_FORM_ACTION_VIOLATION"] = FAILURE(97) | ||||
|     errors["NS_ERROR_CSP_FRAME_ANCESTOR_VIOLATION"] = FAILURE(98) | ||||
| 
 | ||||
|     # Error code for Sub-Resource Integrity | ||||
|     errors["NS_ERROR_SRI_CORRUPT"] = FAILURE(200) | ||||
|  |  | |||
		Loading…
	
		Reference in a new issue
	
	 Oliver Medhurst
						Oliver Medhurst