diff --git a/.eslintrc.js b/.eslintrc.js index 03f75ca8ee2d..01b1124ba1c6 100644 --- a/.eslintrc.js +++ b/.eslintrc.js @@ -1371,8 +1371,6 @@ module.exports = { "dom/security/test/csp/file_bug941404.html", "dom/security/test/csp/file_frameancestors_main.js", "dom/security/test/csp/file_main.js", - "dom/security/test/csp/file_navigate_to.html", - "dom/security/test/csp/file_navigate_to_request.html", "dom/security/test/csp/file_null_baseuri.html", "dom/security/test/csp/file_path_matching_redirect_server.sjs", "dom/security/test/csp/file_punycode_host_src.sjs", @@ -1395,7 +1393,6 @@ module.exports = { "dom/security/test/csp/test_blocked_uri_in_reports.html", "dom/security/test/csp/test_blocked_uri_in_violation_event_after_redirects.html", "dom/security/test/csp/test_blocked_uri_redirect_frame_src.html", - "dom/security/test/csp/test_navigate_to.html", "dom/security/test/csp/test_null_baseuri.html", "dom/security/test/csp/test_path_matching.html", "dom/security/test/csp/test_report_for_import.html", diff --git a/.prettierignore b/.prettierignore index a2bea24d3361..c151b5ff296e 100644 --- a/.prettierignore +++ b/.prettierignore @@ -212,7 +212,6 @@ devtools/client/styleeditor/test/test_private.html devtools/client/webconsole/test/browser/test-csp-violation.html devtools/client/webconsole/test/browser/test-external-script-errors.html devtools/client/webconsole/test/browser/test-mixedcontent-securityerrors.html -devtools/client/webconsole/test/browser/test-navigate-to-parse-error.html devtools/client/webconsole/test/browser/test-network.html devtools/client/webconsole/test/browser/test_jsterm_screenshot_command.html devtools/server/tests/browser/animation-data.html diff --git a/devtools/client/webconsole/test/browser/_webconsole.toml b/devtools/client/webconsole/test/browser/_webconsole.toml index 2dfb7001eab8..101214c710bd 100644 --- a/devtools/client/webconsole/test/browser/_webconsole.toml +++ b/devtools/client/webconsole/test/browser/_webconsole.toml @@ -137,7 +137,6 @@ support-files = [ "test-message-categories-workers.html", "test-message-categories-workers.js", "test-mixedcontent-securityerrors.html", - "test-navigate-to-parse-error.html", "test-network-exceptions.html", "test-network-request.html", "test-network.html", @@ -518,8 +517,6 @@ skip-if = ["a11y_checks"] # Bugs 1849028 and 1858041 clicked BUTTON.arrow is inc ["browser_webconsole_multiple_windows_and_tabs.js"] skip-if = ["win11_2009"] # Bug 1798331 -["browser_webconsole_navigate_to_parse_error.js"] - ["browser_webconsole_network_attach.js"] ["browser_webconsole_network_exceptions.js"] diff --git a/devtools/client/webconsole/test/browser/browser_webconsole_navigate_to_parse_error.js b/devtools/client/webconsole/test/browser/browser_webconsole_navigate_to_parse_error.js deleted file mode 100644 index 61930ed43998..000000000000 --- a/devtools/client/webconsole/test/browser/browser_webconsole_navigate_to_parse_error.js +++ /dev/null @@ -1,30 +0,0 @@ -/* Any copyright is dedicated to the Public Domain. - * http://creativecommons.org/publicdomain/zero/1.0/ */ - -// Tests that ensure CSP 'navigate-to' does not parse. -// Bug 1566149 - -"use strict"; - -const TEST_URI = - "data:text/html;charset=utf8,Web Console navigate-to parse error test"; -const TEST_VIOLATION = - "https://example.com/browser/devtools/client/webconsole/" + - "test/browser/test-navigate-to-parse-error.html"; - -const CSP_VIOLATION_MSG = - "Content-Security-Policy: Couldn\u2019t process unknown directive \u2018navigate-to\u2019"; - -add_task(async function () { - const hud = await openNewTabAndConsole(TEST_URI); - await clearOutput(hud); - - const onCSPViolationMessage = waitForMessageByType( - hud, - CSP_VIOLATION_MSG, - ".warn" - ); - await navigateTo(TEST_VIOLATION); - await onCSPViolationMessage; - ok(true, "Received expected violation message"); -}); diff --git a/devtools/client/webconsole/test/browser/test-navigate-to-parse-error.html b/devtools/client/webconsole/test/browser/test-navigate-to-parse-error.html deleted file mode 100644 index e806ea949897..000000000000 --- a/devtools/client/webconsole/test/browser/test-navigate-to-parse-error.html +++ /dev/null @@ -1,13 +0,0 @@ - - - - - - Test for Bug 1566149 - Write test to ensure CSP 'navigate-to' does not parse - - - -Mozilla Bug 1566149 - - diff --git a/docshell/base/nsDocShell.cpp b/docshell/base/nsDocShell.cpp index 3a916efd2288..176e51ebc4c6 100644 --- a/docshell/base/nsDocShell.cpp +++ b/docshell/base/nsDocShell.cpp @@ -3475,8 +3475,7 @@ nsDocShell::DisplayLoadError(nsresult aError, nsIURI* aURI, CopyUTF8toUTF16(host, *formatStrs.AppendElement()); error = "netTimeout"; } else if (NS_ERROR_CSP_FRAME_ANCESTOR_VIOLATION == aError || - NS_ERROR_CSP_FORM_ACTION_VIOLATION == aError || - NS_ERROR_CSP_NAVIGATE_TO_VIOLATION == aError) { + NS_ERROR_CSP_FORM_ACTION_VIOLATION == aError) { // CSP error cssClass.AssignLiteral("neterror"); error = "cspBlocked"; @@ -10560,22 +10559,6 @@ nsresult nsDocShell::DoURILoad(nsDocShellLoadState* aLoadState, NS_ADDREF(*aRequest = channel); } - nsCOMPtr csp = aLoadState->Csp(); - if (csp) { - // Check CSP navigate-to - bool allowsNavigateTo = false; - rv = csp->GetAllowsNavigateTo(aLoadState->URI(), - aLoadState->IsFormSubmission(), - false, /* aWasRedirected */ - false, /* aEnforceWhitelist */ - &allowsNavigateTo); - NS_ENSURE_SUCCESS(rv, rv); - - if (!allowsNavigateTo) { - return NS_ERROR_CSP_NAVIGATE_TO_VIOLATION; - } - } - const nsACString& typeHint = aLoadState->TypeHint(); if (!typeHint.IsVoid()) { mContentTypeHint = typeHint; diff --git a/docshell/base/nsDocShellLoadState.h b/docshell/base/nsDocShellLoadState.h index 8121ab160b97..a34ca1b54bdb 100644 --- a/docshell/base/nsDocShellLoadState.h +++ b/docshell/base/nsDocShellLoadState.h @@ -491,8 +491,7 @@ class nsDocShellLoadState final { bool mOriginalFrameSrc; // If this attribute is true, then the load was initiated by a - // form submission. This is important to know for the CSP directive - // navigate-to. + // form submission. bool mIsFormSubmission; // Contains a load type as specified by the nsDocShellLoadTypes::load* diff --git a/docshell/base/nsDocShellTelemetryUtils.cpp b/docshell/base/nsDocShellTelemetryUtils.cpp index cd78e3bce529..bd4ed865bd70 100644 --- a/docshell/base/nsDocShellTelemetryUtils.cpp +++ b/docshell/base/nsDocShellTelemetryUtils.cpp @@ -58,10 +58,6 @@ static const LoadErrorTelemetryResult sResult[] = { NS_ERROR_CSP_FORM_ACTION_VIOLATION, ErrorLabel::CSP_FORM_ACTION, }, - { - NS_ERROR_CSP_NAVIGATE_TO_VIOLATION, - ErrorLabel::CSP_NAVIGATE_TO, - }, { NS_ERROR_XFO_VIOLATION, ErrorLabel::XFO_VIOLATION, diff --git a/dom/base/Document.cpp b/dom/base/Document.cpp index e3649ea8d1cd..81fce37ba863 100644 --- a/dom/base/Document.cpp +++ b/dom/base/Document.cpp @@ -3593,23 +3593,15 @@ nsresult Document::StartDocumentLoad(const char* aCommand, nsIChannel* aChannel, rv = InitCOEP(aChannel); NS_ENSURE_SUCCESS(rv, rv); - // Check CSP navigate-to - // We need to enforce the CSP of the document that initiated the load, - // which is the CSP to inherit. + // HACK: Calling EnsureIPCPoliciesRead() here will parse the CSP using the + // context's current mSelfURI (which is still the previous mSelfURI), + // bypassing some internal bugs with 'self' and iframe inheritance. + // Not calling it here results in the mSelfURI being the current mSelfURI and + // not the previous which breaks said inheritance. + // https://bugzilla.mozilla.org/show_bug.cgi?id=1793560#ch-8 nsCOMPtr cspToInherit = loadInfo->GetCspToInherit(); if (cspToInherit) { - bool allowsNavigateTo = false; - rv = cspToInherit->GetAllowsNavigateTo( - mDocumentURI, loadInfo->GetIsFormSubmission(), - !loadInfo->RedirectChain().IsEmpty(), /* aWasRedirected */ - true, /* aEnforceWhitelist */ - &allowsNavigateTo); - NS_ENSURE_SUCCESS(rv, rv); - - if (!allowsNavigateTo) { - aChannel->Cancel(NS_ERROR_CSP_NAVIGATE_TO_VIOLATION); - return NS_OK; - } + cspToInherit->EnsureIPCPoliciesRead(); } rv = InitCSP(aChannel); diff --git a/dom/interfaces/security/nsIContentSecurityPolicy.idl b/dom/interfaces/security/nsIContentSecurityPolicy.idl index 827849b77b77..b5f51b6c5dcb 100644 --- a/dom/interfaces/security/nsIContentSecurityPolicy.idl +++ b/dom/interfaces/security/nsIContentSecurityPolicy.idl @@ -61,11 +61,10 @@ interface nsIContentSecurityPolicy : nsISerializable BLOCK_ALL_MIXED_CONTENT = 18, SANDBOX_DIRECTIVE = 19, WORKER_SRC_DIRECTIVE = 20, - NAVIGATE_TO_DIRECTIVE = 21, - SCRIPT_SRC_ELEM_DIRECTIVE = 22, - SCRIPT_SRC_ATTR_DIRECTIVE = 23, - STYLE_SRC_ELEM_DIRECTIVE = 24, - STYLE_SRC_ATTR_DIRECTIVE = 25, + SCRIPT_SRC_ELEM_DIRECTIVE = 21, + SCRIPT_SRC_ATTR_DIRECTIVE = 22, + STYLE_SRC_ELEM_DIRECTIVE = 23, + STYLE_SRC_ATTR_DIRECTIVE = 24, }; /** @@ -154,24 +153,6 @@ interface nsIContentSecurityPolicy : nsISerializable in unsigned long aLineNumber, in unsigned long aColumnNumber); - /* - * Whether this policy allows a navigation subject to the navigate-to - * policy. - * @param aURI The target URI - * @param aIsFormSubmission True if the navigation was initiated by a form submission. This - * is important since the form-action directive overrides navigate-to in that case. - * @param aWasRedirect True if a redirect has happened. Important for path-sensitivity. - * @param aEnforceAllowlist True if the allowlist of allowed targets must be enforced. If - * this is true, the allowlist must be enforced even if 'unsafe-allow-redirects' is - * used. If 'unsafe-allow-redirects' is not used then the allowlist is always enforced - * @return - * Whether or not the effects of the navigation is allowed - */ - boolean getAllowsNavigateTo(in nsIURI aURI, - in boolean aIsFormSubmission, - in boolean aWasRedirected, - in boolean aEnforceAllowlist); - /** * Whether this policy allows eval and eval-like functions * such as setTimeout("code string", time). @@ -359,6 +340,11 @@ interface nsIContentSecurityPolicy : nsISerializable */ AString toJSON(); + /** + * Ensure policies from IPC are read/parsed. + */ + [noscript] void EnsureIPCPoliciesRead(); + }; typedef nsIContentSecurityPolicy_CSPDirective CSPDirective; diff --git a/dom/security/nsCSPContext.cpp b/dom/security/nsCSPContext.cpp index 7279a33b3263..37a492077f81 100644 --- a/dom/security/nsCSPContext.cpp +++ b/dom/security/nsCSPContext.cpp @@ -326,7 +326,8 @@ nsresult nsCSPContext::InitFromOther(nsCSPContext* aOtherContext) { return NS_OK; } -void nsCSPContext::EnsureIPCPoliciesRead() { +NS_IMETHODIMP +nsCSPContext::EnsureIPCPoliciesRead() { // Most likely the parser errors already happened before serializing // the policy for IPC. bool previous = mSuppressParserLogMessages; @@ -343,6 +344,7 @@ void nsCSPContext::EnsureIPCPoliciesRead() { } mSuppressParserLogMessages = previous; + return NS_OK; } NS_IMETHODIMP @@ -673,93 +675,6 @@ nsCSPContext::GetAllowsInline(CSPDirective aDirective, bool aHasUnsafeHash, return NS_OK; } -NS_IMETHODIMP -nsCSPContext::GetAllowsNavigateTo(nsIURI* aURI, bool aIsFormSubmission, - bool aWasRedirected, bool aEnforceAllowlist, - bool* outAllowsNavigateTo) { - /* - * The matrix below shows the different values of (aWasRedirect, - * aEnforceAllowlist) for the three different checks we do. - * - * Navigation | Start Loading | Initiate Redirect | Document - * | (nsDocShell) | (nsCSPService) | - * ----------------------------------------------------------------- - * A -> B (false,false) - (false,true) - * A -> ... -> B (false,false) (true,false) (true,true) - */ - *outAllowsNavigateTo = false; - - EnsureIPCPoliciesRead(); - // The 'form-action' directive overrules 'navigate-to' for form submissions. - // So in case this is a form submission and the directive 'form-action' is - // present then there is nothing for us to do here, see: 6.3.3.1.2 - // https://www.w3.org/TR/CSP3/#navigate-to-pre-navigate - if (aIsFormSubmission) { - for (unsigned long i = 0; i < mPolicies.Length(); i++) { - if (mPolicies[i]->hasDirective( - nsIContentSecurityPolicy::FORM_ACTION_DIRECTIVE)) { - *outAllowsNavigateTo = true; - return NS_OK; - } - } - } - - bool atLeastOneBlock = false; - for (unsigned long i = 0; i < mPolicies.Length(); i++) { - if (!mPolicies[i]->allowsNavigateTo(aURI, aWasRedirected, - aEnforceAllowlist)) { - if (!mPolicies[i]->getReportOnlyFlag()) { - atLeastOneBlock = true; - } - - // If the load encountered a server side redirect, the spec suggests to - // remove the path component from the URI, see: - // https://www.w3.org/TR/CSP3/#source-list-paths-and-redirects - nsCOMPtr blockedURIForReporting = aURI; - if (aWasRedirected) { - nsAutoCString prePathStr; - nsCOMPtr prePathURI; - nsresult rv = aURI->GetPrePath(prePathStr); - NS_ENSURE_SUCCESS(rv, rv); - rv = NS_NewURI(getter_AddRefs(blockedURIForReporting), prePathStr); - NS_ENSURE_SUCCESS(rv, rv); - } - - // Lines numbers and source file for the violation report - uint32_t lineNumber = 0; - uint32_t columnNumber = 1; - nsAutoCString spec; - JSContext* cx = nsContentUtils::GetCurrentJSContext(); - if (cx) { - nsJSUtils::GetCallingLocation(cx, spec, &lineNumber, &columnNumber); - // If GetCallingLocation fails linenumber & columnNumber are set to - // (0, 1) anyway so we can skip checking if that is the case. - } - - // Report the violation - nsresult rv = AsyncReportViolation( - nullptr, // aTriggeringElement - nullptr, // aCSPEventListener - blockedURIForReporting, // aBlockedURI - nsCSPContext::BlockedContentSource::eSelf, // aBlockedSource - nullptr, // aOriginalURI - u"navigate-to"_ns, // aViolatedDirective - u"navigate-to"_ns, // aEffectiveDirective - i, // aViolatedPolicyIndex - u""_ns, // aObserverSubject - NS_ConvertUTF8toUTF16(spec), // aSourceFile - false, // aReportSample - u""_ns, // aScriptSample - lineNumber, // aLineNum - columnNumber); // aColumnNum - NS_ENSURE_SUCCESS(rv, rv); - } - } - - *outAllowsNavigateTo = !atLeastOneBlock; - return NS_OK; -} - /** * For each policy, log any violation on the Error Console and send a report * if a report-uri is present in the policy diff --git a/dom/security/nsCSPContext.h b/dom/security/nsCSPContext.h index 115fe781495b..0c1438e573ca 100644 --- a/dom/security/nsCSPContext.h +++ b/dom/security/nsCSPContext.h @@ -149,8 +149,6 @@ class nsCSPContext : public nsIContentSecurityPolicy { nsTArray& aPolicies); private: - void EnsureIPCPoliciesRead(); - bool ShouldThrottleReport( const mozilla::dom::SecurityPolicyViolationEventInit& aViolationEventInit); diff --git a/dom/security/nsCSPParser.cpp b/dom/security/nsCSPParser.cpp index a64471cb74ec..255936783132 100644 --- a/dom/security/nsCSPParser.cpp +++ b/dom/security/nsCSPParser.cpp @@ -456,20 +456,6 @@ nsCSPBaseSrc* nsCSPParser::keywordSource() { return new nsCSPKeywordSrc(CSP_UTF16KeywordToEnum(mCurToken)); } - if (CSP_IsKeyword(mCurToken, CSP_UNSAFE_ALLOW_REDIRECTS)) { - if (!CSP_IsDirective(mCurDir[0], - nsIContentSecurityPolicy::NAVIGATE_TO_DIRECTIVE)) { - // Only allow 'unsafe-allow-redirects' within navigate-to. - AutoTArray params = {u"unsafe-allow-redirects"_ns, - u"navigate-to"_ns}; - logWarningErrorToConsole(nsIScriptError::warningFlag, - "IgnoringSourceWithinDirective", params); - return nullptr; - } - - return new nsCSPKeywordSrc(CSP_UTF16KeywordToEnum(mCurToken)); - } - return nullptr; } @@ -861,18 +847,6 @@ nsCSPDirective* nsCSPParser::directiveName() { return nullptr; } - // Bug 1529068: Implement navigate-to directive. - // Once all corner cases are resolved we can remove that special - // if-handling here and let the parser just fall through to - // return new nsCSPDirective. - if (directive == nsIContentSecurityPolicy::NAVIGATE_TO_DIRECTIVE && - !StaticPrefs::security_csp_enableNavigateTo()) { - AutoTArray params = {mCurToken}; - logWarningErrorToConsole(nsIScriptError::warningFlag, - "couldNotProcessUnknownDirective", params); - return nullptr; - } - // Make sure the directive does not already exist // (see http://www.w3.org/TR/CSP11/#parsing) if (mPolicy->hasDirective(directive)) { diff --git a/dom/security/nsCSPService.cpp b/dom/security/nsCSPService.cpp index c7c58a37dc01..19574ad81949 100644 --- a/dom/security/nsCSPService.cpp +++ b/dom/security/nsCSPService.cpp @@ -310,25 +310,6 @@ nsresult CSPService::ConsultCSPForRedirect(nsIURI* aOriginalURI, nsIURI* aNewURI, nsILoadInfo* aLoadInfo, Maybe& aCancelCode) { - // Check CSP navigate-to - // We need to enforce the CSP of the document that initiated the load, - // which is the CSP to inherit. - nsCOMPtr cspToInherit = - aLoadInfo->GetCspToInherit(); - if (cspToInherit) { - bool allowsNavigateTo = false; - nsresult rv = cspToInherit->GetAllowsNavigateTo( - aNewURI, aLoadInfo->GetIsFormSubmission(), true, /* aWasRedirected */ - false, /* aEnforceAllowlist */ - &allowsNavigateTo); - NS_ENSURE_SUCCESS(rv, rv); - - if (!allowsNavigateTo) { - aCancelCode = Some(NS_ERROR_CSP_NAVIGATE_TO_VIOLATION); - return NS_OK; - } - } - // No need to continue processing if CSP is disabled or if the protocol // is *not* subject to CSP. // Please note, the correct way to opt-out of CSP using a custom diff --git a/dom/security/nsCSPUtils.cpp b/dom/security/nsCSPUtils.cpp index 3c38d85e32f1..50730b691b06 100644 --- a/dom/security/nsCSPUtils.cpp +++ b/dom/security/nsCSPUtils.cpp @@ -358,7 +358,6 @@ CSPDirective CSP_ContentTypeToDirective(nsContentPolicyType aType) { return nsIContentSecurityPolicy::NO_DIRECTIVE; // Fall through to error for all other directives - // Note that we should never end up here for navigate-to case nsIContentPolicy::TYPE_INVALID: case nsIContentPolicy::TYPE_END: MOZ_ASSERT(false, "Can not map nsContentPolicyType to CSPDirective"); @@ -1676,31 +1675,6 @@ bool nsCSPPolicy::hasDirective(CSPDirective aDir) const { return false; } -bool nsCSPPolicy::allowsNavigateTo(nsIURI* aURI, bool aWasRedirected, - bool aEnforceAllowlist) const { - bool allowsNavigateTo = true; - - for (unsigned long i = 0; i < mDirectives.Length(); i++) { - if (mDirectives[i]->equals( - nsIContentSecurityPolicy::NAVIGATE_TO_DIRECTIVE)) { - // Early return if we can skip the allowlist AND 'unsafe-allow-redirects' - // is present. - if (!aEnforceAllowlist && - mDirectives[i]->allows(CSP_UNSAFE_ALLOW_REDIRECTS, u""_ns)) { - return true; - } - // Otherwise, check against the allowlist. - if (!mDirectives[i]->permits( - nsIContentSecurityPolicy::NAVIGATE_TO_DIRECTIVE, nullptr, aURI, - aWasRedirected, false, false)) { - allowsNavigateTo = false; - } - } - } - - return allowsNavigateTo; -} - bool nsCSPPolicy::allowsAllInlineBehavior(CSPDirective aDir) const { nsCSPDirective* directive = matchingOrDefaultDirective(aDir); if (!directive) { diff --git a/dom/security/nsCSPUtils.h b/dom/security/nsCSPUtils.h index 841a8e709e94..2692681d0324 100644 --- a/dom/security/nsCSPUtils.h +++ b/dom/security/nsCSPUtils.h @@ -89,7 +89,6 @@ static const char* CSPStrDirectives[] = { "block-all-mixed-content", // BLOCK_ALL_MIXED_CONTENT "sandbox", // SANDBOX_DIRECTIVE "worker-src", // WORKER_SRC_DIRECTIVE - "navigate-to", // NAVIGATE_TO_DIRECTIVE "script-src-elem", // SCRIPT_SRC_ELEM_DIRECTIVE "script-src-attr", // SCRIPT_SRC_ATTR_DIRECTIVE "style-src-elem", // STYLE_SRC_ELEM_DIRECTIVE @@ -113,16 +112,15 @@ inline CSPDirective CSP_StringToCSPDirective(const nsAString& aDir) { return nsIContentSecurityPolicy::NO_DIRECTIVE; } -#define FOR_EACH_CSP_KEYWORD(MACRO) \ - MACRO(CSP_SELF, "'self'") \ - MACRO(CSP_UNSAFE_INLINE, "'unsafe-inline'") \ - MACRO(CSP_UNSAFE_EVAL, "'unsafe-eval'") \ - MACRO(CSP_UNSAFE_HASHES, "'unsafe-hashes'") \ - MACRO(CSP_NONE, "'none'") \ - MACRO(CSP_NONCE, "'nonce-") \ - MACRO(CSP_REPORT_SAMPLE, "'report-sample'") \ - MACRO(CSP_STRICT_DYNAMIC, "'strict-dynamic'") \ - MACRO(CSP_UNSAFE_ALLOW_REDIRECTS, "'unsafe-allow-redirects'") \ +#define FOR_EACH_CSP_KEYWORD(MACRO) \ + MACRO(CSP_SELF, "'self'") \ + MACRO(CSP_UNSAFE_INLINE, "'unsafe-inline'") \ + MACRO(CSP_UNSAFE_EVAL, "'unsafe-eval'") \ + MACRO(CSP_UNSAFE_HASHES, "'unsafe-hashes'") \ + MACRO(CSP_NONE, "'none'") \ + MACRO(CSP_NONCE, "'nonce-") \ + MACRO(CSP_REPORT_SAMPLE, "'report-sample'") \ + MACRO(CSP_STRICT_DYNAMIC, "'strict-dynamic'") \ MACRO(CSP_WASM_UNSAFE_EVAL, "'wasm-unsafe-eval'") enum CSPKeyword { @@ -664,9 +662,6 @@ class nsCSPPolicy { bool visitDirectiveSrcs(CSPDirective aDir, nsCSPSrcVisitor* aVisitor) const; - bool allowsNavigateTo(nsIURI* aURI, bool aWasRedirected, - bool aEnforceAllowlist) const; - bool allowsAllInlineBehavior(CSPDirective aDir) const; private: diff --git a/dom/security/test/csp/file_navigate_to.html b/dom/security/test/csp/file_navigate_to.html deleted file mode 100644 index f6ea36d389f9..000000000000 --- a/dom/security/test/csp/file_navigate_to.html +++ /dev/null @@ -1,11 +0,0 @@ - - - - Bug 1529068 Implement CSP 'navigate-to' directive - - - - - diff --git a/dom/security/test/csp/file_navigate_to.sjs b/dom/security/test/csp/file_navigate_to.sjs deleted file mode 100644 index e51d37ad9004..000000000000 --- a/dom/security/test/csp/file_navigate_to.sjs +++ /dev/null @@ -1,57 +0,0 @@ -// Custom *.sjs file specifically for the needs of -// https://bugzilla.mozilla.org/show_bug.cgi?id=1529068 - -"use strict"; - -const TEST_NAVIGATION_HEAD = ` - - - - Bug 1529068 Implement CSP 'navigate-to' directive`; - -const TEST_NAVIGATION_AFTER_META = ` - - - - - - `; - -function handleRequest(request, response) { - const query = new URLSearchParams(request.queryString); - - response.setHeader("Cache-Control", "no-cache", false); - response.setHeader("Content-Type", "text/html", false); - - if (query.get("redir")) { - response.setStatusLine(request.httpVersion, "302", "Found"); - response.setHeader("Location", query.get("redir"), false); - return; - } - - response.write(TEST_NAVIGATION_HEAD); - - // We need meta to set multiple CSP headers. - if (query.get("csp")) { - response.write( - '' - ); - } - if (query.get("csp2")) { - response.write( - '' - ); - } - - response.write( - TEST_NAVIGATION_AFTER_META + query.get("target") + TEST_NAVIGATION_FOOT - ); -} diff --git a/dom/security/test/csp/file_navigate_to_request.html b/dom/security/test/csp/file_navigate_to_request.html deleted file mode 100644 index 4f82525599f3..000000000000 --- a/dom/security/test/csp/file_navigate_to_request.html +++ /dev/null @@ -1,17 +0,0 @@ - - - - - - - - - diff --git a/dom/security/test/csp/mochitest.toml b/dom/security/test/csp/mochitest.toml index 94200caf20e5..8d8c6c31f5dd 100644 --- a/dom/security/test/csp/mochitest.toml +++ b/dom/security/test/csp/mochitest.toml @@ -576,16 +576,6 @@ skip-if = [ "http2", ] -["test_navigate_to.html"] -support-files = [ - "file_navigate_to.sjs", - "file_navigate_to_request.html", -] -skip-if = [ - "http3", - "http2", -] - ["test_nonce_redirects.html"] ["test_nonce_snapshot.html"] diff --git a/dom/security/test/csp/test_navigate_to.html b/dom/security/test/csp/test_navigate_to.html deleted file mode 100644 index 357b35bb05f0..000000000000 --- a/dom/security/test/csp/test_navigate_to.html +++ /dev/null @@ -1,158 +0,0 @@ - - - - Bug 1529068 Implement CSP 'navigate-to' directive - - - - - -

-
- -
- - - - diff --git a/dom/security/test/gtest/TestCSPParser.cpp b/dom/security/test/gtest/TestCSPParser.cpp index ebb505f596b4..b8a4e986b62e 100644 --- a/dom/security/test/gtest/TestCSPParser.cpp +++ b/dom/security/test/gtest/TestCSPParser.cpp @@ -150,10 +150,12 @@ nsresult runTestSuite(const PolicyTest* aPolicies, uint32_t aPolicyCount, uint32_t aExpectedPolicyCount) { nsresult rv; nsCOMPtr prefs = do_GetService(NS_PREFSERVICE_CONTRACTID); - bool navigateTo = false; + + // Add prefs you need to set to parse CSP here, see comments for example + // bool examplePref = false; if (prefs) { - prefs->GetBoolPref("security.csp.enableNavigateTo", &navigateTo); - prefs->SetBoolPref("security.csp.enableNavigateTo", true); + // prefs->GetBoolPref("security.csp.examplePref", &examplePref); + // prefs->SetBoolPref("security.csp.examplePref", true); } for (uint32_t i = 0; i < aPolicyCount; i++) { @@ -163,7 +165,7 @@ nsresult runTestSuite(const PolicyTest* aPolicies, uint32_t aPolicyCount, } if (prefs) { - prefs->SetBoolPref("security.csp.enableNavigateTo", navigateTo); + // prefs->SetBoolPref("security.csp.examplePref", examplePref); } return NS_OK; @@ -217,10 +219,6 @@ TEST(CSPParser, Directives) "worker-src https://example.com" }, { "worker-src http://worker.com; frame-src http://frame.com; child-src http://child.com", "worker-src http://worker.com; frame-src http://frame.com; child-src http://child.com" }, - { "navigate-to http://example.com", - "navigate-to http://example.com"}, - { "navigate-to 'unsafe-allow-redirects' http://example.com", - "navigate-to 'unsafe-allow-redirects' http://example.com"}, { "script-src 'unsafe-allow-redirects' http://example.com", "script-src http://example.com"}, // clang-format on diff --git a/modules/libpref/init/StaticPrefList.yaml b/modules/libpref/init/StaticPrefList.yaml index 1dc18c3d1217..68b10b26cd7e 100644 --- a/modules/libpref/init/StaticPrefList.yaml +++ b/modules/libpref/init/StaticPrefList.yaml @@ -13924,12 +13924,6 @@ value: true mirror: always -# Navigate-to CSP 3 directive -- name: security.csp.enableNavigateTo - type: bool - value: false - mirror: always - # WebAuthn CTAP2 support - name: security.webauthn.ctap2 type: RelaxedAtomicBool diff --git a/netwerk/base/nsILoadInfo.idl b/netwerk/base/nsILoadInfo.idl index edfd946831f7..de4fc00d765b 100644 --- a/netwerk/base/nsILoadInfo.idl +++ b/netwerk/base/nsILoadInfo.idl @@ -711,7 +711,6 @@ interface nsILoadInfo : nsISupports /** * True if the load was initiated by a form request. - * This is important to know to handle the CSP directive navigate-to. */ [infallible] attribute boolean isFormSubmission; diff --git a/netwerk/ipc/DocumentLoadListener.cpp b/netwerk/ipc/DocumentLoadListener.cpp index 3cf3901f8a7d..57ee87139367 100644 --- a/netwerk/ipc/DocumentLoadListener.cpp +++ b/netwerk/ipc/DocumentLoadListener.cpp @@ -1019,19 +1019,6 @@ auto DocumentLoadListener::OpenInParent(nsDocShellLoadState* aLoadState, return nullptr; } - if (nsCOMPtr csp = aLoadState->Csp()) { - // Check CSP navigate-to - bool allowsNavigateTo = false; - nsresult rv = csp->GetAllowsNavigateTo(aLoadState->URI(), - aLoadState->IsFormSubmission(), - false, /* aWasRedirected */ - false, /* aEnforceWhitelist */ - &allowsNavigateTo); - if (NS_FAILED(rv) || !allowsNavigateTo) { - return nullptr; - } - } - // Clone because this mutates the load flags in the load state, which // breaks nsDocShells expectations of being able to do it. RefPtr loadState = new nsDocShellLoadState(*aLoadState); diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/__dir__.ini b/testing/web-platform/meta/content-security-policy/navigate-to/__dir__.ini index a2f33529566f..fd2a12ad3880 100644 --- a/testing/web-platform/meta/content-security-policy/navigate-to/__dir__.ini +++ b/testing/web-platform/meta/content-security-policy/navigate-to/__dir__.ini @@ -1,4 +1 @@ -prefs: [security.csp.enableNavigateTo:true] -disabled: - if os == "win": https://bugzilla.mozilla.org/show_bug.cgi?id=1450635 -lsan-allowed: [Alloc, AllocateProtoAndIfaceCache, CallFromStack, CallJSNative, CallResolveOp, DelazifyCanonicalScriptedFunction, EnterJit, InternalCall, JS::Call, JSFunction::delazifyLazilyInterpretedFunction, MakeLinearStringForAtomization, ProtoAndIfaceCache, addDataProperty, alloc::raw_vec::finish_grow, applyImpl, js::RunScript, js::frontend::CompilationStencil::instantiateStencilsAfterPreparation, js_new, js_pod_arena_malloc, maybeCreateCacheForLookup, mozilla::EventDispatcher::Dispatch, mozilla::EventListenerManager::HandleEventInternal, mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal, mozilla::detail::HashTable, mozilla::detail::RunnableFunction, mozilla::dom::PContentChild::OnMessageReceived, mozilla::dom::Performance::CreateForMainThread, mozilla::dom::PerformanceMainThread::CreateNavigationTimingEntry, mozilla::dom::ProtoAndIfaceCache::PageTableCache::EntrySlotOrCreate, mozilla::dom::ScriptLoader::CreateLoadRequest, mozilla::dom::ScriptLoader::EvaluateScript, mozilla::intl::FluentBundle::Constructor, mozilla::intl::FluentResource::Constructor, mozilla::ipc::MessageChannel::RunMessage, mozilla::net::nsStandardURL::TemplatedMutator, nsDocumentOpenInfo::TryContentListener, nsDynamicAtom::Create, nsPresContext::NotifyContentfulPaint, nsThread::ProcessNextEvent, operator, search, unknown stack] +disabled: true diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/child-navigates-parent-allowed.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/child-navigates-parent-allowed.html.ini deleted file mode 100644 index d78f9d922d46..000000000000 --- a/testing/web-platform/meta/content-security-policy/navigate-to/child-navigates-parent-allowed.html.ini +++ /dev/null @@ -1,8 +0,0 @@ -[child-navigates-parent-allowed.html] - disabled: - if os == "linux": https://bugzilla.mozilla.org/show_bug.cgi?id=1450660 - - expected: TIMEOUT - - [Test that the child can navigate the parent because the relevant policy belongs to the navigation initiator (in this case the child, which has the policy `navigate-to 'self'`)] - expected: NOTRUN diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/child-navigates-parent-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/child-navigates-parent-blocked.sub.html.ini deleted file mode 100644 index 17c414a42155..000000000000 --- a/testing/web-platform/meta/content-security-policy/navigate-to/child-navigates-parent-blocked.sub.html.ini +++ /dev/null @@ -1,12 +0,0 @@ -[child-navigates-parent-blocked.sub.html] - disabled: - if os == "linux": https://bugzilla.mozilla.org/show_bug.cgi?id=1845961 - if os == "mac": https://bugzilla.mozilla.org/show_bug.cgi?id=1845961 - if os == "android": https://bugzilla.mozilla.org/show_bug.cgi?id=1845961 - expected: TIMEOUT - [Violation report status OK.] - expected: FAIL - - [Test that the child can't navigate the parent because the relevant policy belongs to the navigation initiator (in this case the child which has the policy `navigate-to 'none'`)] - expected: NOTRUN - diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/form-action/form-action-blocks-navigate-to-allows.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/form-action/form-action-blocks-navigate-to-allows.sub.html.ini deleted file mode 100644 index 9e2a1d94a307..000000000000 --- a/testing/web-platform/meta/content-security-policy/navigate-to/form-action/form-action-blocks-navigate-to-allows.sub.html.ini +++ /dev/null @@ -1,4 +0,0 @@ -[form-action-blocks-navigate-to-allows.sub.html] - [Test that form-action overrides navigate-to when present.] - expected: FAIL - diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/form-action/form-action-blocks-navigate-to-blocks.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/form-action/form-action-blocks-navigate-to-blocks.sub.html.ini deleted file mode 100644 index 60129ed9d57d..000000000000 --- a/testing/web-platform/meta/content-security-policy/navigate-to/form-action/form-action-blocks-navigate-to-blocks.sub.html.ini +++ /dev/null @@ -1,5 +0,0 @@ -[form-action-blocks-navigate-to-blocks.sub.html] - expected: - if (os == "android") and fission: [OK, TIMEOUT] - [Test that form-action overrides navigate-to when present.] - expected: FAIL diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/form-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/form-blocked.sub.html.ini deleted file mode 100644 index 2f1bbca0b863..000000000000 --- a/testing/web-platform/meta/content-security-policy/navigate-to/form-blocked.sub.html.ini +++ /dev/null @@ -1,9 +0,0 @@ -[form-blocked.sub.html] - expected: - if (os == "android") and fission: [OK, TIMEOUT] - [Test that the child iframe navigation is not allowed] - expected: FAIL - - [Violation report status OK.] - expected: - if (os == "android") and not debug: [PASS, FAIL] diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/form-cross-origin-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/form-cross-origin-blocked.sub.html.ini deleted file mode 100644 index 31c50b28804e..000000000000 --- a/testing/web-platform/meta/content-security-policy/navigate-to/form-cross-origin-blocked.sub.html.ini +++ /dev/null @@ -1,5 +0,0 @@ -[form-cross-origin-blocked.sub.html] - expected: - if (os == "android") and fission: [OK, TIMEOUT] - [Test that the child iframe navigation is not allowed] - expected: FAIL diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/form-redirected-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/form-redirected-blocked.sub.html.ini deleted file mode 100644 index e13832a88048..000000000000 --- a/testing/web-platform/meta/content-security-policy/navigate-to/form-redirected-blocked.sub.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[form-redirected-blocked.sub.html] - expected: - if (os == "android") and fission: [OK, TIMEOUT] diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/href-location-allowed.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/href-location-allowed.html.ini deleted file mode 100644 index 0416d153e3cb..000000000000 --- a/testing/web-platform/meta/content-security-policy/navigate-to/href-location-allowed.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[href-location-allowed.html] - expected: - if (os == "android") and fission: [OK, TIMEOUT] diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/href-location-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/href-location-blocked.sub.html.ini deleted file mode 100644 index a5b851165841..000000000000 --- a/testing/web-platform/meta/content-security-policy/navigate-to/href-location-blocked.sub.html.ini +++ /dev/null @@ -1,6 +0,0 @@ -[href-location-blocked.sub.html] - [Violation report status OK.] - expected: - if (os == "android") and debug and swgl: [PASS, FAIL] - if (os == "android") and debug and not swgl: [FAIL, PASS] - if (os == "android") and not debug: [PASS, FAIL] diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/href-location-cross-origin-allowed.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/href-location-cross-origin-allowed.sub.html.ini deleted file mode 100644 index 8958f54ddeae..000000000000 --- a/testing/web-platform/meta/content-security-policy/navigate-to/href-location-cross-origin-allowed.sub.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[href-location-cross-origin-allowed.sub.html] - expected: - if (os == "android") and fission: [OK, TIMEOUT] diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/href-location-cross-origin-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/href-location-cross-origin-blocked.sub.html.ini deleted file mode 100644 index 809f776856c8..000000000000 --- a/testing/web-platform/meta/content-security-policy/navigate-to/href-location-cross-origin-blocked.sub.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[href-location-cross-origin-blocked.sub.html] - disabled: - if os == "android": Passes on debug but fails on optimized diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/href-location-redirected-allowed.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/href-location-redirected-allowed.html.ini deleted file mode 100644 index 56897589aa6d..000000000000 --- a/testing/web-platform/meta/content-security-policy/navigate-to/href-location-redirected-allowed.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[href-location-redirected-allowed.html] - expected: - if (os == "android") and fission: [OK, TIMEOUT] diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/href-location-redirected-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/href-location-redirected-blocked.sub.html.ini deleted file mode 100644 index e65075322e37..000000000000 --- a/testing/web-platform/meta/content-security-policy/navigate-to/href-location-redirected-blocked.sub.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[href-location-redirected-blocked.sub.html] - expected: - if (os == "android") and fission: [OK, TIMEOUT] diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/link-click-allowed.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/link-click-allowed.html.ini deleted file mode 100644 index 31bdc49265eb..000000000000 --- a/testing/web-platform/meta/content-security-policy/navigate-to/link-click-allowed.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[link-click-allowed.html] - expected: - if (os == "android") and fission: [TIMEOUT, OK] diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/link-click-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/link-click-blocked.sub.html.ini deleted file mode 100644 index 69decb5e51bf..000000000000 --- a/testing/web-platform/meta/content-security-policy/navigate-to/link-click-blocked.sub.html.ini +++ /dev/null @@ -1,11 +0,0 @@ -[link-click-blocked.sub.html] - expected: - if fission and (os == "linux") and not debug: [OK, TIMEOUT] - if fission and (os == "android"): [OK, TIMEOUT] - [Test that the child iframe navigation is not allowed] - expected: - if (os == "linux") and not debug and fission: [PASS, NOTRUN] - - [Violation report status OK.] - expected: - if (os == "linux") and not debug and fission: [PASS, FAIL] diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/link-click-cross-origin-allowed.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/link-click-cross-origin-allowed.sub.html.ini deleted file mode 100644 index 13f264797508..000000000000 --- a/testing/web-platform/meta/content-security-policy/navigate-to/link-click-cross-origin-allowed.sub.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[link-click-cross-origin-allowed.sub.html] - expected: - if (os == "android") and fission: [OK, TIMEOUT] diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/link-click-cross-origin-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/link-click-cross-origin-blocked.sub.html.ini deleted file mode 100644 index ce667bffc4e2..000000000000 --- a/testing/web-platform/meta/content-security-policy/navigate-to/link-click-cross-origin-blocked.sub.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[link-click-cross-origin-blocked.sub.html] - expected: - if (os == "android") and fission: [OK, TIMEOUT] diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/link-click-redirected-allowed.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/link-click-redirected-allowed.html.ini deleted file mode 100644 index 3d09bedd5718..000000000000 --- a/testing/web-platform/meta/content-security-policy/navigate-to/link-click-redirected-allowed.html.ini +++ /dev/null @@ -1,5 +0,0 @@ -[link-click-redirected-allowed.html] - disabled: - if os == "win": Bug 1440584 - expected: - if (os == "android") and fission: [OK, TIMEOUT] diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/link-click-redirected-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/link-click-redirected-blocked.sub.html.ini deleted file mode 100644 index dead79e0d0fe..000000000000 --- a/testing/web-platform/meta/content-security-policy/navigate-to/link-click-redirected-blocked.sub.html.ini +++ /dev/null @@ -1,4 +0,0 @@ -[link-click-redirected-blocked.sub.html] - [Violation report status OK.] - expected: - if debug and (os == "linux") and not fission and not swgl: [PASS, FAIL] diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-allowed.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-allowed.html.ini deleted file mode 100644 index 6398d9b5f824..000000000000 --- a/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-allowed.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[meta-refresh-allowed.html] - expected: - if (os == "android") and fission: [OK, TIMEOUT] diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-blocked.sub.html.ini deleted file mode 100644 index d54aa48aafcd..000000000000 --- a/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-blocked.sub.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[meta-refresh-blocked.sub.html] - expected: - if (os == "android") and fission: [OK, TIMEOUT] diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-cross-origin-allowed.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-cross-origin-allowed.sub.html.ini deleted file mode 100644 index 6c67fc19ced2..000000000000 --- a/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-cross-origin-allowed.sub.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[meta-refresh-cross-origin-allowed.sub.html] - expected: - if (os == "android") and fission: [OK, TIMEOUT] diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-cross-origin-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-cross-origin-blocked.sub.html.ini deleted file mode 100644 index 07ff849d4d7e..000000000000 --- a/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-cross-origin-blocked.sub.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[meta-refresh-cross-origin-blocked.sub.html] - expected: - if (os == "android") and fission: [OK, TIMEOUT] diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-redirected-allowed.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-redirected-allowed.html.ini deleted file mode 100644 index 5beb83a1c4e8..000000000000 --- a/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-redirected-allowed.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[meta-refresh-redirected-allowed.html] - expected: - if (os == "android") and fission: [OK, TIMEOUT] diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-redirected-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-redirected-blocked.sub.html.ini deleted file mode 100644 index 35264132b126..000000000000 --- a/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-redirected-blocked.sub.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[meta-refresh-redirected-blocked.sub.html] - expected: - if (os == "android") and fission: [OK, TIMEOUT] diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/parent-navigates-child-allowed.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/parent-navigates-child-allowed.html.ini deleted file mode 100644 index b169d939dc1d..000000000000 --- a/testing/web-platform/meta/content-security-policy/navigate-to/parent-navigates-child-allowed.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[parent-navigates-child-allowed.html] - expected: - if (os == "android") and fission: [OK, TIMEOUT] diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/parent-navigates-child-blocked.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/parent-navigates-child-blocked.html.ini deleted file mode 100644 index d4c0fa1e3c14..000000000000 --- a/testing/web-platform/meta/content-security-policy/navigate-to/parent-navigates-child-blocked.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[parent-navigates-child-blocked.html] - expected: - if (os == "android") and fission: [OK, TIMEOUT] diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/spv-only-sent-to-initiator.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/spv-only-sent-to-initiator.sub.html.ini deleted file mode 100644 index d7d5d787aaf0..000000000000 --- a/testing/web-platform/meta/content-security-policy/navigate-to/spv-only-sent-to-initiator.sub.html.ini +++ /dev/null @@ -1,17 +0,0 @@ -[spv-only-sent-to-initiator.sub.html] - expected: - if fission and (os == "linux") and debug and not swgl: [TIMEOUT, OK] - if fission and (os == "linux") and debug and swgl: [TIMEOUT, OK] - if fission and (os == "linux") and not debug and (processor == "x86_64"): [TIMEOUT, OK] - if fission and (os == "mac") and debug: [TIMEOUT, OK] - [OK, TIMEOUT] - [Test that no spv event is raised] - expected: - if fission and (os == "linux") and not debug and (processor == "x86_64"): [NOTRUN, FAIL] - if fission and (os == "linux") and debug and not swgl: [NOTRUN, FAIL] - if fission and (os == "linux") and debug and swgl: [NOTRUN, FAIL] - if fission and (os == "mac") and debug: [NOTRUN, FAIL] - [FAIL, NOTRUN] - - [Violation report status OK.] - expected: FAIL diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/unsafe-allow-redirects/allowed-end-of-chain-because-of-same-origin.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/unsafe-allow-redirects/allowed-end-of-chain-because-of-same-origin.sub.html.ini deleted file mode 100644 index 50b69647119b..000000000000 --- a/testing/web-platform/meta/content-security-policy/navigate-to/unsafe-allow-redirects/allowed-end-of-chain-because-of-same-origin.sub.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[allowed-end-of-chain-because-of-same-origin.sub.html] - disabled: - if (os == "android"): https://bugzilla.mozilla.org/show_bug.cgi?id=1511193 diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/unsafe-allow-redirects/blocked-end-of-chain.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/unsafe-allow-redirects/blocked-end-of-chain.sub.html.ini deleted file mode 100644 index d912e96f1d4c..000000000000 --- a/testing/web-platform/meta/content-security-policy/navigate-to/unsafe-allow-redirects/blocked-end-of-chain.sub.html.ini +++ /dev/null @@ -1,6 +0,0 @@ -[blocked-end-of-chain.sub.html] - expected: TIMEOUT - - [Test that the child iframe navigation is blocked] - expected: NOTRUN - diff --git a/xpcom/base/ErrorList.py b/xpcom/base/ErrorList.py index 99c7c968dd4a..13bb5272b924 100755 --- a/xpcom/base/ErrorList.py +++ b/xpcom/base/ErrorList.py @@ -902,9 +902,8 @@ with modules["SECURITY"]: errors["NS_ERROR_XFO_VIOLATION"] = FAILURE(96) # Error code for CSP - errors["NS_ERROR_CSP_NAVIGATE_TO_VIOLATION"] = FAILURE(97) - errors["NS_ERROR_CSP_FORM_ACTION_VIOLATION"] = FAILURE(98) - errors["NS_ERROR_CSP_FRAME_ANCESTOR_VIOLATION"] = FAILURE(99) + errors["NS_ERROR_CSP_FORM_ACTION_VIOLATION"] = FAILURE(97) + errors["NS_ERROR_CSP_FRAME_ANCESTOR_VIOLATION"] = FAILURE(98) # Error code for Sub-Resource Integrity errors["NS_ERROR_SRI_CORRUPT"] = FAILURE(200)