corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 1273364 - Trying to set a CSP on a SystemPrincipal should return NS_ERROR (r=njn)

Browse Source
This commit is contained in:
Christoph Kerschbaumer
2016-05-21 19:36:24 +02:00
parent b5f00a9ce9
commit 037f2ec7f4
3 changed files with 13 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
dom/html/HTMLMetaElement.cpp
View File

@@ -118,18 +118,17 @@ HTMLMetaElement::BindToTree(nsIDocument* aDocument, nsIContent* aParent,
nsIPrincipal* principal = aDocument->NodePrincipal();
nsCOMPtr<nsIContentSecurityPolicy> csp;
nsCOMPtr<nsIDOMDocument> domDoc = do_QueryInterface(aDocument);
rv = principal->EnsureCSP(domDoc, getter_AddRefs(csp));
NS_ENSURE_SUCCESS(rv, rv);
// Multiple CSPs (delivered through either header of meta tag) need to be
// joined together, see:
// https://w3c.github.io/webappsec/specs/content-security-policy/#delivery-html-meta-element
rv = csp->AppendPolicy(content,
false, // csp via meta tag can not be report only
true); // delivered through the meta tag
NS_ENSURE_SUCCESS(rv, rv);
aDocument->ApplySettingsFromCSP(false);
principal->EnsureCSP(domDoc, getter_AddRefs(csp));
if (csp) {
// Multiple CSPs (delivered through either header of meta tag) need to be
// joined together, see:
// https://w3c.github.io/webappsec/specs/content-security-policy/#delivery-html-meta-element
rv = csp->AppendPolicy(content,
false, // csp via meta tag can not be report only
true); // delivered through the meta tag
NS_ENSURE_SUCCESS(rv, rv);
aDocument->ApplySettingsFromCSP(false);
}
}
}