From 32c95bd4584a521d26f1d0b51c022c9c40d66d7b Mon Sep 17 00:00:00 2001
From: Jonatan Klemets <jonatan.r.klemets@gmail.com>
Date: Thu, 5 Sep 2024 09:59:12 +0000
Subject: [PATCH] Bug 1916351 - Only allow JSON mime type for javascript
 modules r=evilpie,necko-reviewers,devtools-reviewers,jesup,nchevobbe

Differential Revision: https://phabricator.services.mozilla.com/D220917
---
 .../webconsole/test/browser/_webconsole.toml  |  5 +++
 .../browser_webconsole_json_mime_warning.js   | 20 ++++++++++++
 .../test/browser/test-json-mime.html          | 13 ++++++++
 .../test/browser/test-json-mime.json          |  1 +
 .../test/browser/test-json-mime.json^headers^ |  1 +
 netwerk/protocol/http/HttpBaseChannel.cpp     | 31 +++++++++++++------
 6 files changed, 62 insertions(+), 9 deletions(-)
 create mode 100644 devtools/client/webconsole/test/browser/browser_webconsole_json_mime_warning.js
 create mode 100644 devtools/client/webconsole/test/browser/test-json-mime.html
 create mode 100644 devtools/client/webconsole/test/browser/test-json-mime.json
 create mode 100644 devtools/client/webconsole/test/browser/test-json-mime.json^headers^

diff --git a/devtools/client/webconsole/test/browser/_webconsole.toml b/devtools/client/webconsole/test/browser/_webconsole.toml
index 0b302b64819d..2697d4b077ba 100644
--- a/devtools/client/webconsole/test/browser/_webconsole.toml
+++ b/devtools/client/webconsole/test/browser/_webconsole.toml
@@ -140,6 +140,9 @@ support-files = [
   "test-network-exceptions.html",
   "test-network-request.html",
   "test-network.html",
+  "test-json-mime.html",
+  "test-json-mime.json",
+  "test-json-mime.json^headers^",
   "test-non-javascript-mime.html",
   "test-non-javascript-mime.js",
   "test-non-javascript-mime.js^headers^",
@@ -564,6 +567,8 @@ fail-if = ["a11y_checks"] # Bug 1849028 clicked element may not be focusable and
 
 ["browser_webconsole_non_javascript_mime_warning.js"]
 
+["browser_webconsole_json_mime_warning.js"]
+
 ["browser_webconsole_non_javascript_mime_worker_error.js"]
 
 ["browser_webconsole_non_standard_doctype_errors.js"]
diff --git a/devtools/client/webconsole/test/browser/browser_webconsole_json_mime_warning.js b/devtools/client/webconsole/test/browser/browser_webconsole_json_mime_warning.js
new file mode 100644
index 000000000000..dfb0fe9e058a
--- /dev/null
+++ b/devtools/client/webconsole/test/browser/browser_webconsole_json_mime_warning.js
@@ -0,0 +1,20 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+// Tests that <script> loads with JSON MIME types produce a warning.
+// See Bug 1916351.
+
+"use strict";
+
+const TEST_URI =
+  "https://example.com/browser/devtools/client/webconsole/" +
+  "test/browser/" +
+  "test-json-mime.html";
+const MIME_WARNING_MSG =
+  "The script from “https://example.com/browser/devtools/client/webconsole/test/browser/test-json-mime.json” was loaded even though its MIME type (“application/json”) is not a valid JavaScript MIME type.";
+
+add_task(async function () {
+  const hud = await openNewTabAndConsole(TEST_URI);
+  await waitFor(() => findWarningMessage(hud, MIME_WARNING_MSG), "", 100);
+  ok(true, "JSON MIME type warning displayed");
+});
diff --git a/devtools/client/webconsole/test/browser/test-json-mime.html b/devtools/client/webconsole/test/browser/test-json-mime.html
new file mode 100644
index 000000000000..a2087fabcc76
--- /dev/null
+++ b/devtools/client/webconsole/test/browser/test-json-mime.html
@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8">
+    <title>Web Console test for script with JSON MIME type</title>
+<!-- Any copyright is dedicated to the Public Domain.
+     http://creativecommons.org/publicdomain/zero/1.0/ -->
+    <script src="test-json-mime.json"></script>
+  </head>
+  <body>
+    <p>Web Console test for script with JSON MIME type.</p>
+  </body>
+</html>
diff --git a/devtools/client/webconsole/test/browser/test-json-mime.json b/devtools/client/webconsole/test/browser/test-json-mime.json
new file mode 100644
index 000000000000..5e045ef08b66
--- /dev/null
+++ b/devtools/client/webconsole/test/browser/test-json-mime.json
@@ -0,0 +1 @@
+{ "test": 123 }
diff --git a/devtools/client/webconsole/test/browser/test-json-mime.json^headers^ b/devtools/client/webconsole/test/browser/test-json-mime.json^headers^
new file mode 100644
index 000000000000..163af0c4a744
--- /dev/null
+++ b/devtools/client/webconsole/test/browser/test-json-mime.json^headers^
@@ -0,0 +1 @@
+Content-Type: application/json
\ No newline at end of file
diff --git a/netwerk/protocol/http/HttpBaseChannel.cpp b/netwerk/protocol/http/HttpBaseChannel.cpp
index 94900bddb093..9328d68609df 100644
--- a/netwerk/protocol/http/HttpBaseChannel.cpp
+++ b/netwerk/protocol/http/HttpBaseChannel.cpp
@@ -2945,9 +2945,14 @@ nsresult EnsureMIMEOfScript(HttpBaseChannel* aChannel, nsIURI* aURI,
     return NS_OK;
   }
 
-  if (nsContentUtils::IsJsonMimeType(typeString)) {
+  nsContentPolicyType internalType = aLoadInfo->InternalContentPolicyType();
+  bool isModule =
+      internalType == nsIContentPolicy::TYPE_INTERNAL_MODULE ||
+      internalType == nsIContentPolicy::TYPE_INTERNAL_MODULE_PRELOAD;
+
+  if (isModule && nsContentUtils::IsJsonMimeType(typeString)) {
     AccumulateCategorical(
-        Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_3::text_json);
+        Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_3::javaScript);
     return NS_OK;
   }
 
@@ -3087,7 +3092,6 @@ nsresult EnsureMIMEOfScript(HttpBaseChannel* aChannel, nsIURI* aURI,
   }
 
   // We restrict importScripts() in worker code to JavaScript MIME types.
-  nsContentPolicyType internalType = aLoadInfo->InternalContentPolicyType();
   if (internalType == nsIContentPolicy::TYPE_INTERNAL_WORKER_IMPORT_SCRIPTS ||
       internalType == nsIContentPolicy::TYPE_INTERNAL_WORKER_STATIC_MODULE) {
     ReportMimeTypeMismatch(aChannel, "BlockImportScriptsWithWrongMimeType",
@@ -3108,8 +3112,7 @@ nsresult EnsureMIMEOfScript(HttpBaseChannel* aChannel, nsIURI* aURI,
   }
 
   // ES6 modules require a strict MIME type check.
-  if (internalType == nsIContentPolicy::TYPE_INTERNAL_MODULE ||
-      internalType == nsIContentPolicy::TYPE_INTERNAL_MODULE_PRELOAD) {
+  if (isModule) {
     ReportMimeTypeMismatch(aChannel, "BlockModuleWithWrongMimeType", aURI,
                            contentType, Report::Error);
     return NS_ERROR_CORRUPTED_CONTENT;
@@ -3145,11 +3148,21 @@ void WarnWrongMIMEOfScript(HttpBaseChannel* aChannel, nsIURI* aURI,
   nsAutoCString contentType;
   aResponseHead->ContentType(contentType);
   NS_ConvertUTF8toUTF16 typeString(contentType);
-  if (!nsContentUtils::IsJavascriptMIMEType(typeString) &&
-      !nsContentUtils::IsJsonMimeType(typeString)) {
-    ReportMimeTypeMismatch(aChannel, "WarnScriptWithWrongMimeType", aURI,
-                           contentType, Report::Warning);
+
+  if (nsContentUtils::IsJavascriptMIMEType(typeString)) {
+    return;
   }
+
+  nsContentPolicyType internalType = aLoadInfo->InternalContentPolicyType();
+  bool isModule =
+      internalType == nsIContentPolicy::TYPE_INTERNAL_MODULE ||
+      internalType == nsIContentPolicy::TYPE_INTERNAL_MODULE_PRELOAD;
+  if (isModule && nsContentUtils::IsJsonMimeType(typeString)) {
+    return;
+  }
+
+  ReportMimeTypeMismatch(aChannel, "WarnScriptWithWrongMimeType", aURI,
+                         contentType, Report::Warning);
 }
 
 nsresult HttpBaseChannel::ValidateMIMEType() {