Bug 1953866 - Allow moz-src: by default in our CSPs for chrome:/resource: documents. r=simonf
Differential Revision: https://phabricator.services.mozilla.com/D242903
This commit is contained in:
Tom Schuster
@@ -1487,15 +1487,16 @@ class DisallowingVisitor : public nsCSPSrcVisitor {
|
||||
nsCString mURL;
|
||||
};
|
||||
|
||||
class AllowChromeResourceSrcVisitor : public DisallowingVisitor {
|
||||
// Only allows loads from chrome:, moz-src: and resource: URLs:
|
||||
class AllowBuiltinSrcVisitor : public DisallowingVisitor {
|
||||
public:
|
||||
AllowChromeResourceSrcVisitor(CSPDirective aDirective, nsACString& aURL)
|
||||
AllowBuiltinSrcVisitor(CSPDirective aDirective, nsACString& aURL)
|
||||
: DisallowingVisitor(aDirective, aURL) {}
|
||||
|
||||
bool visitSchemeSrc(const nsCSPSchemeSrc& src) override {
|
||||
nsAutoString scheme;
|
||||
src.getScheme(scheme);
|
||||
if (scheme == u"chrome"_ns || scheme == u"resource"_ns) {
|
||||
if (scheme == u"chrome"_ns || scheme == u"moz-src" || scheme == u"resource"_ns) {
|
||||
return true;
|
||||
}
|
||||
|
||||
@@ -1527,10 +1528,10 @@ class AllowChromeResourceSrcVisitor : public DisallowingVisitor {
|
||||
}
|
||||
};
|
||||
|
||||
class StyleSrcVisitor : public AllowChromeResourceSrcVisitor {
|
||||
class StyleSrcVisitor : public AllowBuiltinSrcVisitor {
|
||||
public:
|
||||
StyleSrcVisitor(CSPDirective aDirective, nsACString& aURL)
|
||||
: AllowChromeResourceSrcVisitor(aDirective, aURL) {
|
||||
: AllowBuiltinSrcVisitor(aDirective, aURL) {
|
||||
MOZ_ASSERT(aDirective == CSPDirective::STYLE_SRC_DIRECTIVE);
|
||||
}
|
||||
|
||||
@@ -1544,7 +1545,7 @@ class StyleSrcVisitor : public AllowChromeResourceSrcVisitor {
|
||||
}
|
||||
}
|
||||
|
||||
return AllowChromeResourceSrcVisitor::visitSchemeSrc(src);
|
||||
return AllowBuiltinSrcVisitor::visitSchemeSrc(src);
|
||||
}
|
||||
|
||||
bool visitKeywordSrc(const nsCSPKeywordSrc& src) override {
|
||||
@@ -1554,14 +1555,14 @@ class StyleSrcVisitor : public AllowChromeResourceSrcVisitor {
|
||||
}
|
||||
}
|
||||
|
||||
return AllowChromeResourceSrcVisitor::visitKeywordSrc(src);
|
||||
return AllowBuiltinSrcVisitor::visitKeywordSrc(src);
|
||||
}
|
||||
};
|
||||
|
||||
class ImgSrcVisitor : public AllowChromeResourceSrcVisitor {
|
||||
class ImgSrcVisitor : public AllowBuiltinSrcVisitor {
|
||||
public:
|
||||
ImgSrcVisitor(CSPDirective aDirective, nsACString& aURL)
|
||||
: AllowChromeResourceSrcVisitor(aDirective, aURL) {
|
||||
: AllowBuiltinSrcVisitor(aDirective, aURL) {
|
||||
MOZ_ASSERT(aDirective == CSPDirective::IMG_SRC_DIRECTIVE);
|
||||
}
|
||||
|
||||
@@ -1599,7 +1600,7 @@ class ImgSrcVisitor : public AllowChromeResourceSrcVisitor {
|
||||
}
|
||||
}
|
||||
|
||||
return AllowChromeResourceSrcVisitor::visitSchemeSrc(src);
|
||||
return AllowBuiltinSrcVisitor::visitSchemeSrc(src);
|
||||
}
|
||||
|
||||
bool visitHostSrc(const nsCSPHostSrc& src) override {
|
||||
@@ -1608,10 +1609,10 @@ class ImgSrcVisitor : public AllowChromeResourceSrcVisitor {
|
||||
}
|
||||
};
|
||||
|
||||
class MediaSrcVisitor : public AllowChromeResourceSrcVisitor {
|
||||
class MediaSrcVisitor : public AllowBuiltinSrcVisitor {
|
||||
public:
|
||||
MediaSrcVisitor(CSPDirective aDirective, nsACString& aURL)
|
||||
: AllowChromeResourceSrcVisitor(aDirective, aURL) {
|
||||
: AllowBuiltinSrcVisitor(aDirective, aURL) {
|
||||
MOZ_ASSERT(aDirective == CSPDirective::MEDIA_SRC_DIRECTIVE);
|
||||
}
|
||||
|
||||
@@ -1626,7 +1627,7 @@ class MediaSrcVisitor : public AllowChromeResourceSrcVisitor {
|
||||
}
|
||||
}
|
||||
|
||||
return AllowChromeResourceSrcVisitor::visitSchemeSrc(src);
|
||||
return AllowBuiltinSrcVisitor::visitSchemeSrc(src);
|
||||
}
|
||||
|
||||
bool visitHostSrc(const nsCSPHostSrc& src) override {
|
||||
@@ -1635,10 +1636,10 @@ class MediaSrcVisitor : public AllowChromeResourceSrcVisitor {
|
||||
}
|
||||
};
|
||||
|
||||
class ConnectSrcVisitor : public AllowChromeResourceSrcVisitor {
|
||||
class ConnectSrcVisitor : public AllowBuiltinSrcVisitor {
|
||||
public:
|
||||
ConnectSrcVisitor(CSPDirective aDirective, nsACString& aURL)
|
||||
: AllowChromeResourceSrcVisitor(aDirective, aURL) {
|
||||
: AllowBuiltinSrcVisitor(aDirective, aURL) {
|
||||
MOZ_ASSERT(aDirective == CSPDirective::CONNECT_SRC_DIRECTIVE);
|
||||
}
|
||||
|
||||
@@ -1658,14 +1659,14 @@ class ConnectSrcVisitor : public AllowChromeResourceSrcVisitor {
|
||||
}
|
||||
}
|
||||
|
||||
return AllowChromeResourceSrcVisitor::visitSchemeSrc(src);
|
||||
return AllowBuiltinSrcVisitor::visitSchemeSrc(src);
|
||||
}
|
||||
};
|
||||
|
||||
class AddonSrcVisitor : public AllowChromeResourceSrcVisitor {
|
||||
class AddonSrcVisitor : public AllowBuiltinSrcVisitor {
|
||||
public:
|
||||
AddonSrcVisitor(CSPDirective aDirective, nsACString& aURL)
|
||||
: AllowChromeResourceSrcVisitor(aDirective, aURL) {
|
||||
: AllowBuiltinSrcVisitor(aDirective, aURL) {
|
||||
MOZ_ASSERT(aDirective == CSPDirective::DEFAULT_SRC_DIRECTIVE ||
|
||||
aDirective == CSPDirective::SCRIPT_SRC_DIRECTIVE);
|
||||
}
|
||||
@@ -1676,14 +1677,14 @@ class AddonSrcVisitor : public AllowChromeResourceSrcVisitor {
|
||||
if (str == u"'self'"_ns) {
|
||||
return true;
|
||||
}
|
||||
return AllowChromeResourceSrcVisitor::visitHostSrc(src);
|
||||
return AllowBuiltinSrcVisitor::visitHostSrc(src);
|
||||
}
|
||||
|
||||
bool visitHashSrc(const nsCSPHashSrc& src) override {
|
||||
if (mDirective == CSPDirective::SCRIPT_SRC_DIRECTIVE) {
|
||||
return true;
|
||||
}
|
||||
return AllowChromeResourceSrcVisitor::visitHashSrc(src);
|
||||
return AllowBuiltinSrcVisitor::visitHashSrc(src);
|
||||
}
|
||||
};
|
||||
|
||||
@@ -1824,7 +1825,7 @@ void nsContentSecurityUtils::AssertAboutPageHasCSP(Document* aDocument) {
|
||||
|
||||
const nsCSPPolicy* policy = csp->GetPolicy(0);
|
||||
{
|
||||
AllowChromeResourceSrcVisitor visitor(CSPDirective::DEFAULT_SRC_DIRECTIVE,
|
||||
AllowBuiltinSrcVisitor visitor(CSPDirective::DEFAULT_SRC_DIRECTIVE,
|
||||
spec);
|
||||
if (!visitor.visit(policy)) {
|
||||
MOZ_ASSERT(false, "about: page must contain a secure default-src");
|
||||
@@ -1840,7 +1841,7 @@ void nsContentSecurityUtils::AssertAboutPageHasCSP(Document* aDocument) {
|
||||
}
|
||||
}
|
||||
|
||||
CHECK_DIR(SCRIPT_SRC_DIRECTIVE, AllowChromeResourceSrcVisitor);
|
||||
CHECK_DIR(SCRIPT_SRC_DIRECTIVE, AllowBuiltinSrcVisitor);
|
||||
CHECK_DIR(STYLE_SRC_DIRECTIVE, StyleSrcVisitor);
|
||||
CHECK_DIR(IMG_SRC_DIRECTIVE, ImgSrcVisitor);
|
||||
CHECK_DIR(MEDIA_SRC_DIRECTIVE, MediaSrcVisitor);
|
||||
@@ -1902,7 +1903,7 @@ void nsContentSecurityUtils::AssertChromePageHasCSP(Document* aDocument) {
|
||||
const nsCSPPolicy* policy =
|
||||
static_cast<nsCSPContext*>(csp.get())->GetPolicy(0);
|
||||
{
|
||||
AllowChromeResourceSrcVisitor visitor(CSPDirective::DEFAULT_SRC_DIRECTIVE,
|
||||
AllowBuiltinSrcVisitor visitor(CSPDirective::DEFAULT_SRC_DIRECTIVE,
|
||||
spec);
|
||||
if (!visitor.visit(policy)) {
|
||||
MOZ_CRASH_UNSAFE_PRINTF(
|
||||
@@ -1910,7 +1911,7 @@ void nsContentSecurityUtils::AssertChromePageHasCSP(Document* aDocument) {
|
||||
}
|
||||
}
|
||||
|
||||
CHECK_DIR(SCRIPT_SRC_DIRECTIVE, AllowChromeResourceSrcVisitor);
|
||||
CHECK_DIR(SCRIPT_SRC_DIRECTIVE, AllowBuiltinSrcVisitor);
|
||||
// If the policy being checked does not have an explicit |script-src-attr|
|
||||
// directive, nsCSPPolicy::visitDirectiveSrcs will fallback to using the
|
||||
// |script-src| directive, but not default-src.
|
||||
@@ -1918,7 +1919,7 @@ void nsContentSecurityUtils::AssertChromePageHasCSP(Document* aDocument) {
|
||||
// fallback will usually contain at least a chrome: source.
|
||||
// This is not a problem from a security perspective, because inline scripts
|
||||
// are not loaded from an URL and thus still disallowed.
|
||||
CHECK_DIR(SCRIPT_SRC_ATTR_DIRECTIVE, AllowChromeResourceSrcVisitor);
|
||||
CHECK_DIR(SCRIPT_SRC_ATTR_DIRECTIVE, AllowBuiltinSrcVisitor);
|
||||
CHECK_DIR(STYLE_SRC_DIRECTIVE, StyleSrcVisitor);
|
||||
CHECK_DIR(IMG_SRC_DIRECTIVE, ImgSrcVisitor);
|
||||
CHECK_DIR(MEDIA_SRC_DIRECTIVE, MediaSrcVisitor);
|
||||
|
||||
Reference in New Issue
Block a user