Bug 1793560 - Remove navigate-to CSP directive r=tschuster

It has never shipped after being implemented years ago, and was removed from spec in September 2022: https://github.com/w3c/webappsec-csp/pull/564 Now skipping navigate-to WPT tests. Filed issue for their future removal: https://github.com/w3c/webappsec-csp/issues/608 Also removed our own tests to ensure it is unimplemented. Differential Revision: https://phabricator.services.mozilla.com/D181630
2023-07-10 12:18:18 +00:00
parent 9366764be0
commit 9ba2065c76
55 changed files with 18 additions and 715 deletions
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@@ -3544,8 +3544,7 @@ nsDocShell::DisplayLoadError(nsresult aError, nsIURI* aURI,
    CopyUTF8toUTF16(host, *formatStrs.AppendElement());
    error = "netTimeout";
  } else if (NS_ERROR_CSP_FRAME_ANCESTOR_VIOLATION == aError ||
-             NS_ERROR_CSP_FORM_ACTION_VIOLATION == aError ||
-             NS_ERROR_CSP_NAVIGATE_TO_VIOLATION == aError) {
+             NS_ERROR_CSP_FORM_ACTION_VIOLATION == aError) {
    // CSP error
    cssClass.AssignLiteral("neterror");
    error = "cspBlocked";
@@ -10573,22 +10572,6 @@ nsresult nsDocShell::DoURILoad(nsDocShellLoadState* aLoadState,
    NS_ADDREF(*aRequest = channel);
  }

-  nsCOMPtr<nsIContentSecurityPolicy> csp = aLoadState->Csp();
-  if (csp) {
-    // Check CSP navigate-to
-    bool allowsNavigateTo = false;
-    rv = csp->GetAllowsNavigateTo(aLoadState->URI(),
-                                  aLoadState->IsFormSubmission(),
-                                  false, /* aWasRedirected */
-                                  false, /* aEnforceWhitelist */
-                                  &allowsNavigateTo);
-    NS_ENSURE_SUCCESS(rv, rv);
-
-    if (!allowsNavigateTo) {
-      return NS_ERROR_CSP_NAVIGATE_TO_VIOLATION;
-    }
-  }
-
  const nsACString& typeHint = aLoadState->TypeHint();
  if (!typeHint.IsVoid()) {
    mContentTypeHint = typeHint;