corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge mozilla-central to inbound. a=merge CLOSED TREE

Browse Source
This commit is contained in:
shindli
2019-02-14 06:58:32 +02:00
parent 327d262d8a 67f1b32e32
commit 6d6a1db76c
126 changed files with 1691 additions and 829 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
dom/script/ScriptLoader.cpp
View File

@@ -311,6 +311,17 @@ nsresult ScriptLoader::CheckContentPolicy(Document* aDocument,
requestingNode, nsILoadInfo::SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK,
contentPolicyType);
// snapshot the nonce at load start time for performing CSP checks
if (contentPolicyType == nsIContentPolicy::TYPE_INTERNAL_SCRIPT ||
contentPolicyType == nsIContentPolicy::TYPE_INTERNAL_MODULE) {
nsCOMPtr<Element> element = do_QueryInterface(aContext);
if (element && element->IsHTMLElement()) {
nsAutoString cspNonce;
element->GetAttribute(NS_LITERAL_STRING("nonce"), cspNonce);
secCheckLoadInfo->SetCspNonce(cspNonce);
}
}
int16_t shouldLoad = nsIContentPolicy::ACCEPT;
nsresult rv = NS_CheckContentLoadPolicy(
aRequest->mURI, secCheckLoadInfo, NS_LossyConvertUTF16toASCII(aType),
@@ -1257,6 +1268,18 @@ nsresult ScriptLoader::StartLoad(ScriptLoadRequest* aRequest) {
NS_ENSURE_SUCCESS(rv, rv);
// snapshot the nonce at load start time for performing CSP checks
if (contentPolicyType == nsIContentPolicy::TYPE_INTERNAL_SCRIPT ||
contentPolicyType == nsIContentPolicy::TYPE_INTERNAL_MODULE) {
nsCOMPtr<Element> element = do_QueryInterface(context);
if (element && element->IsHTMLElement()) {
nsAutoString cspNonce;
element->GetAttribute(NS_LITERAL_STRING("nonce"), cspNonce);
nsCOMPtr<nsILoadInfo> loadInfo = channel->GetLoadInfo();
loadInfo->SetCspNonce(cspNonce);
}
}
// To avoid decoding issues, the build-id is part of the JSBytecodeMimeType
// constant.
aRequest->mCacheInfo = nullptr;