Backed out 3 changesets (bug 1409200) as requested by dev

Backed out changeset ea10214aa35f (bug 1409200)
Backed out changeset a66ea7d7f812 (bug 1409200)
Backed out changeset e8a83b1e7e08 (bug 1409200)

devtools/shared/layout/utils.js

@@ -915,10 +915,11 @@ function isFrameBlockedByCSP(node) {
   const res = node.ownerDocument.csp.shouldLoad(
     Ci.nsIContentPolicy.TYPE_SUBDOCUMENT,
     null, // nsICSPEventListener
-    null, // nsILoadInfo
     uri,
     null, // aOriginalURIIfRedirect
-    false // aSendViolationReports
+    false, // aSendViolationReports
+    null, // aNonce
+    false // aParserCreated
   );
 
   return res !== Ci.nsIContentPolicy.ACCEPT;

dom/interfaces/security/nsIContentSecurityPolicy.idl

@@ -344,10 +344,11 @@ interface nsIContentSecurityPolicy : nsISerializable
    */
   short shouldLoad(in nsContentPolicyType aContentType,
                    in nsICSPEventListener aCSPEventListener,
-                   in nsILoadInfo     aLoadInfo,
                    in nsIURI          aContentLocation,
                    in nsIURI          aOriginalURIIfRedirect,
-                   in bool            aSendViolationReports);
+                   in bool            aSendViolationReports,
+                   in AString         aNonce,
+                   in boolean         aParserCreated);
 
 %{ C++
 // nsIObserver topic to fire when the policy encounters a violation.

dom/script/ScriptLoader.cpp

@@ -407,9 +407,6 @@ nsresult ScriptLoader::CheckContentPolicy(Document* aDocument,
       requestingNode, nsILoadInfo::SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK,
       contentPolicyType);
 
-  secCheckLoadInfo->SetIntegrityMetadata(
-      aRequest->mIntegrity.GetIntegrityString());
-
   // snapshot the nonce at load start time for performing CSP checks
   if (contentPolicyType == nsIContentPolicy::TYPE_INTERNAL_SCRIPT ||
       contentPolicyType == nsIContentPolicy::TYPE_INTERNAL_MODULE) {
@@ -626,9 +623,6 @@ nsresult ScriptLoader::StartLoadInternal(
     NS_ENSURE_SUCCESS(rv, rv);
   }
 
-  nsCOMPtr<nsILoadInfo> loadInfo = channel->LoadInfo();
-  loadInfo->SetIntegrityMetadata(aRequest->mIntegrity.GetIntegrityString());
-
   // snapshot the nonce at load start time for performing CSP checks
   if (contentPolicyType == nsIContentPolicy::TYPE_INTERNAL_SCRIPT ||
       contentPolicyType == nsIContentPolicy::TYPE_INTERNAL_MODULE) {
@@ -636,6 +630,7 @@ nsresult ScriptLoader::StartLoadInternal(
       nsString* cspNonce =
           static_cast<nsString*>(context->GetProperty(nsGkAtoms::nonce));
       if (cspNonce) {
+        nsCOMPtr<nsILoadInfo> loadInfo = channel->LoadInfo();
         loadInfo->SetCspNonce(*cspNonce);
       }
     }

dom/security/nsCSPContext.cpp

@@ -130,9 +130,10 @@ static void BlockedContentSourceToString(
 NS_IMETHODIMP
 nsCSPContext::ShouldLoad(nsContentPolicyType aContentType,
                          nsICSPEventListener* aCSPEventListener,
-                         nsILoadInfo* aLoadInfo, nsIURI* aContentLocation,
+                         nsIURI* aContentLocation,
                          nsIURI* aOriginalURIIfRedirect,
-                         bool aSendViolationReports, int16_t* outDecision) {
+                         bool aSendViolationReports, const nsAString& aNonce,
+                         bool aParserCreated, int16_t* outDecision) {
   if (CSPCONTEXTLOGENABLED()) {
     CSPCONTEXTLOG(("nsCSPContext::ShouldLoad, aContentLocation: %s",
                    aContentLocation->GetSpecOrDefault().get()));
@@ -161,10 +162,11 @@ nsCSPContext::ShouldLoad(nsContentPolicyType aContentType,
   bool permitted = permitsInternal(
       dir,
       nullptr,  // aTriggeringElement
-      aCSPEventListener, aLoadInfo, aContentLocation, aOriginalURIIfRedirect,
+      aCSPEventListener, aContentLocation, aOriginalURIIfRedirect, aNonce,
       false,  // allow fallback to default-src
       aSendViolationReports,
-      true);  // send blocked URI in violation reports
+      true,  // send blocked URI in violation reports
+      aParserCreated);
 
   *outDecision =
       permitted ? nsIContentPolicy::ACCEPT : nsIContentPolicy::REJECT_SERVER;
@@ -181,17 +183,18 @@ nsCSPContext::ShouldLoad(nsContentPolicyType aContentType,
 
 bool nsCSPContext::permitsInternal(
     CSPDirective aDir, Element* aTriggeringElement,
-    nsICSPEventListener* aCSPEventListener, nsILoadInfo* aLoadInfo,
+    nsICSPEventListener* aCSPEventListener, nsIURI* aContentLocation,
-    nsIURI* aContentLocation, nsIURI* aOriginalURIIfRedirect, bool aSpecific,
+    nsIURI* aOriginalURIIfRedirect, const nsAString& aNonce, bool aSpecific,
-    bool aSendViolationReports, bool aSendContentLocationInViolationReports) {
+    bool aSendViolationReports, bool aSendContentLocationInViolationReports,
+    bool aParserCreated) {
   EnsureIPCPoliciesRead();
   bool permits = true;
 
   nsAutoString violatedDirective;
   for (uint32_t p = 0; p < mPolicies.Length(); p++) {
-    if (!mPolicies[p]->permits(aDir, aLoadInfo, aContentLocation,
+    if (!mPolicies[p]->permits(aDir, aContentLocation, aNonce,
                                !!aOriginalURIIfRedirect, aSpecific,
-                               violatedDirective)) {
+                               aParserCreated, violatedDirective)) {
       // If the policy is violated and not report-only, reject the load and
       // report to the console
       if (!mPolicies[p]->getReportOnlyFlag()) {
@@ -1687,12 +1690,13 @@ nsCSPContext::PermitsAncestry(nsILoadInfo* aLoadInfo,
         permitsInternal(nsIContentSecurityPolicy::FRAME_ANCESTORS_DIRECTIVE,
                         nullptr,  // triggering element
                         nullptr,  // nsICSPEventListener
-                        nullptr,  // nsILoadInfo
                         ancestorsArray[a],
                         nullptr,  // no redirect here.
+                        u""_ns,   // no nonce
                         true,     // specific, do not use default-src
                         true,     // send violation reports
-                        okToSendAncestor);
+                        okToSendAncestor,
+                        false);  // not parser created
     if (!permits) {
       *outPermitsAncestry = false;
     }
@@ -1722,12 +1726,13 @@ nsCSPContext::Permits(Element* aTriggeringElement,
     }
   }
 
-  *outPermits = permitsInternal(aDir, aTriggeringElement, aCSPEventListener,
+  *outPermits =
-                                nullptr,  // no nsILoadInfo
+      permitsInternal(aDir, aTriggeringElement, aCSPEventListener, aURI,
-                                aURI,
+                      nullptr,  // no original (pre-redirect) URI
-                                nullptr,  // no original (pre-redirect) URI
+                      u""_ns,   // no nonce
-                                aSpecific, aSendViolationReports,
+                      aSpecific, aSendViolationReports,
-                                true);  // send blocked URI in violation reports
+                      true,    // send blocked URI in violation reports
+                      false);  // not parser created
 
   if (CSPCONTEXTLOGENABLED()) {
     CSPCONTEXTLOG(("nsCSPContext::Permits, aUri: %s, aDir: %s, isAllowed: %s",

dom/security/nsCSPContext.h

@@ -154,10 +154,11 @@ class nsCSPContext : public nsIContentSecurityPolicy {
   bool permitsInternal(CSPDirective aDir,
                        mozilla::dom::Element* aTriggeringElement,
                        nsICSPEventListener* aCSPEventListener,
-                       nsILoadInfo* aLoadInfo, nsIURI* aContentLocation,
+                       nsIURI* aContentLocation, nsIURI* aOriginalURIIfRedirect,
-                       nsIURI* aOriginalURIIfRedirect, bool aSpecific,
+                       const nsAString& aNonce, bool aSpecific,
                        bool aSendViolationReports,
-                       bool aSendContentLocationInViolationReports);
+                       bool aSendContentLocationInViolationReports,
+                       bool aParserCreated);
 
   // helper to report inline script/style violations
   void reportInlineViolation(CSPDirective aDirective,

dom/security/nsCSPService.cpp

@@ -111,6 +111,7 @@ bool subjectToCSP(nsIURI* aURI, nsContentPolicyType aContentType) {
   }
 
   nsContentPolicyType contentType = aLoadInfo->InternalContentPolicyType();
+  bool parserCreatedScript = aLoadInfo->GetParserCreatedScript();
 
   nsCOMPtr<nsICSPEventListener> cspEventListener;
   nsresult rv =
@@ -135,6 +136,10 @@ bool subjectToCSP(nsIURI* aURI, nsContentPolicyType aContentType) {
     return NS_OK;
   }
 
+  nsAutoString cspNonce;
+  rv = aLoadInfo->GetCspNonce(cspNonce);
+  NS_ENSURE_SUCCESS(rv, rv);
+
   // 1) Apply speculate CSP for preloads
   bool isPreload = nsContentUtils::IsPreloadType(contentType);
 
@@ -143,9 +148,9 @@ bool subjectToCSP(nsIURI* aURI, nsContentPolicyType aContentType) {
     if (preloadCsp) {
       // obtain the enforcement decision
       rv = preloadCsp->ShouldLoad(
-          contentType, cspEventListener, aLoadInfo, aContentLocation,
+          contentType, cspEventListener, aContentLocation,
           nullptr,  // no redirect, aOriginal URL is null.
-          false, aDecision);
+          false, cspNonce, parserCreatedScript, aDecision);
       NS_ENSURE_SUCCESS(rv, rv);
 
       // if the preload policy already denied the load, then there
@@ -187,9 +192,10 @@ bool subjectToCSP(nsIURI* aURI, nsContentPolicyType aContentType) {
 
     // obtain the enforcement decision
     rv = csp->ShouldLoad(
-        contentType, cspEventListener, aLoadInfo, aContentLocation,
+        contentType, cspEventListener, aContentLocation,
         originalURI,  // no redirect, unless it's a frame navigation.
-        !isPreload && aLoadInfo->GetSendCSPViolationEvents(), aDecision);
+        !isPreload && aLoadInfo->GetSendCSPViolationEvents(), cspNonce,
+        parserCreatedScript, aDecision);
 
     if (NS_CP_REJECTED(*aDecision)) {
       NS_SetRequestBlockingReason(
@@ -344,6 +350,10 @@ nsresult CSPService::ConsultCSPForRedirect(nsIURI* aOriginalURI,
       aLoadInfo->GetCspEventListener(getter_AddRefs(cspEventListener));
   MOZ_ALWAYS_SUCCEEDS(rv);
 
+  nsAutoString cspNonce;
+  rv = aLoadInfo->GetCspNonce(cspNonce);
+  MOZ_ALWAYS_SUCCEEDS(rv);
+
   bool isPreload = nsContentUtils::IsPreloadType(policyType);
 
   /* On redirect, if the content policy is a preload type, rejecting the
@@ -352,6 +362,7 @@ nsresult CSPService::ConsultCSPForRedirect(nsIURI* aOriginalURI,
    */
 
   int16_t decision = nsIContentPolicy::ACCEPT;
+  bool parserCreatedScript = aLoadInfo->GetParserCreatedScript();
 
   // 1) Apply speculative CSP for preloads
   if (isPreload) {
@@ -360,11 +371,12 @@ nsresult CSPService::ConsultCSPForRedirect(nsIURI* aOriginalURI,
       // Pass  originalURI to indicate the redirect
       preloadCsp->ShouldLoad(
           policyType,  // load type per nsIContentPolicy (uint32_t)
-          cspEventListener, aLoadInfo,
+          cspEventListener,
           aNewURI,       // nsIURI
           aOriginalURI,  // Original nsIURI
           true,          // aSendViolationReports
-          &decision);
+          cspNonce,      // nonce
+          parserCreatedScript, &decision);
 
       // if the preload policy already denied the load, then there
       // is no point in checking the real policy
@@ -380,11 +392,12 @@ nsresult CSPService::ConsultCSPForRedirect(nsIURI* aOriginalURI,
   if (csp) {
     // Pass  originalURI to indicate the redirect
     csp->ShouldLoad(policyType,  // load type per nsIContentPolicy (uint32_t)
-                    cspEventListener, aLoadInfo,
+                    cspEventListener,
                     aNewURI,       // nsIURI
                     aOriginalURI,  // Original nsIURI
                     true,          // aSendViolationReports
-                    &decision);
+                    cspNonce,      // nonce
+                    parserCreatedScript, &decision);
     if (NS_CP_REJECTED(decision)) {
       aCancelCode = Some(NS_ERROR_DOM_BAD_URI);
       return NS_BINDING_FAILED;

dom/security/nsCSPUtils.cpp

@@ -21,16 +21,12 @@
 #include "nsReadableUtils.h"
 #include "nsSandboxFlags.h"
 #include "nsServiceManagerUtils.h"
-#include "nsWhitespaceTokenizer.h"
 
 #include "mozilla/Components.h"
 #include "mozilla/dom/CSPDictionariesBinding.h"
 #include "mozilla/dom/Document.h"
-#include "mozilla/dom/SRIMetadata.h"
 #include "mozilla/StaticPrefs_security.h"
 
-using mozilla::dom::SRIMetadata;
-
 #define DEFAULT_PORT -1
 
 static mozilla::LogModule* GetCspUtilsLog() {
@@ -1080,151 +1076,14 @@ nsCSPDirective::~nsCSPDirective() {
   }
 }
 
-// This check only considers types "script-like"
+bool nsCSPDirective::permits(nsIURI* aUri, const nsAString& aNonce,
-// (https://fetch.spec.whatwg.org/#request-destination-script-like) that can
-// also have integrity metadata.
-static bool IsScriptLikeWithIntegrity(nsContentPolicyType aType) {
-  switch (aType) {
-    case nsIContentPolicy::TYPE_SCRIPT:
-    case nsIContentPolicy::TYPE_INTERNAL_SCRIPT:
-    case nsIContentPolicy::TYPE_INTERNAL_SCRIPT_PRELOAD:
-    case nsIContentPolicy::TYPE_INTERNAL_MODULE:
-    case nsIContentPolicy::TYPE_INTERNAL_MODULE_PRELOAD:
-      return true;
-    default:
-      return false;
-  }
-}
-
-// https://www.w3.org/TR/SRI/#parse-metadata
-// This function is similar to SRICheck::IntegrityMetadata, but also keeps
-// SRI metadata with weaker hashes.
-// CSP treats "no metadata" and empty results the same way.
-static nsTArray<SRIMetadata> ParseSRIMetadata(const nsAString& aMetadata) {
-  // Step 1. Let result be the empty set.
-  // Step 2. Let empty be equal to true.
-  nsTArray<SRIMetadata> result;
-
-  NS_ConvertUTF16toUTF8 metadataList(aMetadata);
-  nsAutoCString token;
-
-  // Step 3. For each token returned by splitting metadata on spaces:
-  nsCWhitespaceTokenizer tokenizer(metadataList);
-  while (tokenizer.hasMoreTokens()) {
-    token = tokenizer.nextToken();
-    // Step 3.1. Set empty to false.
-    // Step 3.3. Parse token per the grammar in integrity metadata.
-    SRIMetadata metadata(token);
-    // Step 3.2. If token is not a valid metadata, skip the remaining steps, and
-    // proceed to the next token.
-    if (metadata.IsMalformed()) {
-      continue;
-    }
-
-    // Step 3.4. Let algorithm be the alg component of token.
-    // Step 3.5. If algorithm is a hash function recognized by the user agent,
-    // add the
-    //  parsed token to result.
-    if (metadata.IsAlgorithmSupported()) {
-      result.AppendElement(metadata);
-    }
-  }
-
-  // Step 4. Return no metadata if empty is true, otherwise return result.
-  return result;
-}
-
-bool nsCSPDirective::permits(CSPDirective aDirective, nsILoadInfo* aLoadInfo,
-                             nsIURI* aUri, const nsAString& aNonce,
                              bool aWasRedirected, bool aReportOnly,
                              bool aUpgradeInsecure, bool aParserCreated) const {
-  MOZ_ASSERT(equals(aDirective) || isDefaultDirective());
-
   if (CSPUTILSLOGENABLED()) {
     CSPUTILSLOG(
         ("nsCSPDirective::permits, aUri: %s", aUri->GetSpecOrDefault().get()));
   }
 
-  // https://w3c.github.io/webappsec-csp/#script-pre-request
-  if (aLoadInfo) {
-    // Step 1. If request’s destination is script-like:
-    if (IsScriptLikeWithIntegrity(aLoadInfo->InternalContentPolicyType())) {
-      MOZ_ASSERT(aDirective == CSPDirective::SCRIPT_SRC_ELEM_DIRECTIVE);
-
-      // Step 1.2. Let integrity expressions be the set of source expressions in
-      // directive’s value that match the hash-source grammar.
-      nsTArray<nsCSPHashSrc*> integrityExpressions;
-      for (uint32_t i = 0; i < mSrcs.Length(); i++) {
-        if (mSrcs[i]->isHash()) {
-          integrityExpressions.AppendElement(
-              static_cast<nsCSPHashSrc*>(mSrcs[i]));
-        }
-      }
-
-      // Step 1.3. If integrity expressions is not empty:
-      if (!integrityExpressions.IsEmpty()) {
-        // Step 1.3.1. Let integrity sources be the result of executing the
-        // algorithm defined in [SRI 3.3.3 Parse metadata] on request’s
-        // integrity metadata.
-        nsAutoString integrityMetadata;
-        aLoadInfo->GetIntegrityMetadata(integrityMetadata);
-        nsTArray<SRIMetadata> integritySources =
-            ParseSRIMetadata(integrityMetadata);
-
-        // Step 1.3.2. If integrity sources is "no metadata" or an empty set,
-        // skip the remaining substeps.
-        if (!integritySources.IsEmpty()) {
-          // Step 1.3.3. Let bypass due to integrity match be true.
-          bool bypass = true;
-
-          nsAutoCString sourceAlgorithmUTF8;
-          nsAutoCString sourceHashUTF8;
-          nsAutoString sourceAlgorithm;
-          nsAutoString sourceHash;
-          nsAutoString algorithm;
-          nsAutoString hash;
-
-          // Step 1.3.4. For each source of integrity sources:
-          for (const SRIMetadata& source : integritySources) {
-            source.GetAlgorithm(&sourceAlgorithmUTF8);
-            sourceAlgorithm = NS_ConvertUTF8toUTF16(sourceAlgorithmUTF8);
-            source.GetHash(0, &sourceHashUTF8);
-            sourceHash = NS_ConvertUTF8toUTF16(sourceHashUTF8);
-
-            // Step 1.3.4.1 If directive’s value does not contain a source
-            // expression whose hash-algorithm is an ASCII case-insensitive
-            // match for source’s hash-algorithm, and whose base64-value is
-            // identical to source’s base64-value, then set bypass due to
-            // integrity match to false.
-            bool found = false;
-            for (const nsCSPHashSrc* hashSrc : integrityExpressions) {
-              hashSrc->getAlgorithm(algorithm);
-              hashSrc->getHash(hash);
-
-              // The nsCSPHashSrc constructor lowercases algorithm, so this
-              // is case-insensitive.
-              if (sourceAlgorithm == algorithm && sourceHash == hash) {
-                found = true;
-                break;
-              }
-            }
-
-            if (!found) {
-              bypass = false;
-              break;
-            }
-          }
-
-          // Step 1.3.5. If bypass due to integrity match is true, return
-          // "Allowed".
-          if (bypass) {
-            return true;
-          }
-        }
-      }
-    }
-  }
-
   for (uint32_t i = 0; i < mSrcs.Length(); i++) {
     if (mSrcs[i]->permits(aUri, aNonce, aWasRedirected, aReportOnly,
                           aUpgradeInsecure, aParserCreated)) {
@@ -1540,8 +1399,9 @@ nsCSPPolicy::~nsCSPPolicy() {
   }
 }
 
-bool nsCSPPolicy::permits(CSPDirective aDir, nsILoadInfo* aLoadInfo,
+bool nsCSPPolicy::permits(CSPDirective aDir, nsIURI* aUri,
-                          nsIURI* aUri, bool aWasRedirected, bool aSpecific,
+                          const nsAString& aNonce, bool aWasRedirected,
+                          bool aSpecific, bool aParserCreated,
                           nsAString& outViolatedDirective) const {
   if (CSPUTILSLOGENABLED()) {
     CSPUTILSLOG(("nsCSPPolicy::permits, aUri: %s, aDir: %d, aSpecific: %s",
@@ -1552,13 +1412,6 @@ bool nsCSPPolicy::permits(CSPDirective aDir, nsILoadInfo* aLoadInfo,
   NS_ASSERTION(aUri, "permits needs an uri to perform the check!");
   outViolatedDirective.Truncate();
 
-  bool parserCreated = false;
-  nsAutoString nonce;
-  if (aLoadInfo) {
-    parserCreated = aLoadInfo->GetParserCreatedScript();
-    MOZ_ALWAYS_SUCCEEDS(aLoadInfo->GetCspNonce(nonce));
-  }
-
   nsCSPDirective* defaultDir = nullptr;
 
   // Try to find a relevant directive
@@ -1566,9 +1419,8 @@ bool nsCSPPolicy::permits(CSPDirective aDir, nsILoadInfo* aLoadInfo,
   // hashtable.
   for (uint32_t i = 0; i < mDirectives.Length(); i++) {
     if (mDirectives[i]->equals(aDir)) {
-      if (!mDirectives[i]->permits(aDir, aLoadInfo, aUri, nonce, aWasRedirected,
+      if (!mDirectives[i]->permits(aUri, aNonce, aWasRedirected, mReportOnly,
-                                   mReportOnly, mUpgradeInsecDir,
+                                   mUpgradeInsecDir, aParserCreated)) {
-                                   parserCreated)) {
         mDirectives[i]->getDirName(outViolatedDirective);
         return false;
       }
@@ -1582,8 +1434,8 @@ bool nsCSPPolicy::permits(CSPDirective aDir, nsILoadInfo* aLoadInfo,
   // If the above loop runs through, we haven't found a matching directive.
   // Avoid relooping, just store the result of default-src while looping.
   if (!aSpecific && defaultDir) {
-    if (!defaultDir->permits(aDir, aLoadInfo, aUri, nonce, aWasRedirected,
+    if (!defaultDir->permits(aUri, aNonce, aWasRedirected, mReportOnly,
-                             mReportOnly, mUpgradeInsecDir, parserCreated)) {
+                             mUpgradeInsecDir, aParserCreated)) {
       defaultDir->getDirName(outViolatedDirective);
       return false;
     }
@@ -1670,9 +1522,8 @@ bool nsCSPPolicy::allowsNavigateTo(nsIURI* aURI, bool aWasRedirected,
         return true;
       }
       // Otherwise, check against the allowlist.
-      if (!mDirectives[i]->permits(
+      if (!mDirectives[i]->permits(aURI, u""_ns, aWasRedirected, false, false,
-              nsIContentSecurityPolicy::NAVIGATE_TO_DIRECTIVE, nullptr, aURI,
+                                   false)) {
-              u""_ns, aWasRedirected, false, false, false)) {
         allowsNavigateTo = false;
       }
     }

dom/security/nsCSPUtils.h

@@ -9,7 +9,6 @@
 
 #include "nsCOMPtr.h"
 #include "nsIContentSecurityPolicy.h"
-#include "nsILoadInfo.h"
 #include "nsIURI.h"
 #include "nsLiteralString.h"
 #include "nsString.h"
@@ -237,8 +236,6 @@ class nsCSPBaseSrc {
 
   virtual bool isReportSample() const { return false; }
 
-  virtual bool isHash() const { return false; }
-
  protected:
   // invalidate srcs if 'script-dynamic' is present or also invalidate
   // unsafe-inline' if nonce- or hash-source specified
@@ -391,8 +388,6 @@ class nsCSPHashSrc : public nsCSPBaseSrc {
     // not invalidate hashes.
   }
 
-  bool isHash() const final { return true; }
-
  private:
   nsString mAlgorithm;
   nsString mHash;
@@ -452,8 +447,7 @@ class nsCSPDirective {
   explicit nsCSPDirective(CSPDirective aDirective);
   virtual ~nsCSPDirective();
 
-  virtual bool permits(CSPDirective aDirective, nsILoadInfo* aLoadInfo,
+  virtual bool permits(nsIURI* aUri, const nsAString& aNonce,
-                       nsIURI* aUri, const nsAString& aNonce,
                        bool aWasRedirected, bool aReportOnly,
                        bool aUpgradeInsecure, bool aParserCreated) const;
   virtual bool allows(enum CSPKeyword aKeyword, const nsAString& aHashOrNonce,
@@ -560,9 +554,9 @@ class nsBlockAllMixedContentDirective : public nsCSPDirective {
   explicit nsBlockAllMixedContentDirective(CSPDirective aDirective);
   ~nsBlockAllMixedContentDirective();
 
-  bool permits(CSPDirective aDirective, nsILoadInfo* aLoadInfo, nsIURI* aUri,
+  bool permits(nsIURI* aUri, const nsAString& aNonce, bool aWasRedirected,
-               const nsAString& aNonce, bool aWasRedirected, bool aReportOnly,
+               bool aReportOnly, bool aUpgradeInsecure,
-               bool aUpgradeInsecure, bool aParserCreated) const override {
+               bool aParserCreated) const override {
     return false;
   }
 
@@ -618,9 +612,9 @@ class nsUpgradeInsecureDirective : public nsCSPDirective {
   explicit nsUpgradeInsecureDirective(CSPDirective aDirective);
   ~nsUpgradeInsecureDirective();
 
-  bool permits(CSPDirective aDirective, nsILoadInfo* aLoadInfo, nsIURI* aUri,
+  bool permits(nsIURI* aUri, const nsAString& aNonce, bool aWasRedirected,
-               const nsAString& aNonce, bool aWasRedirected, bool aReportOnly,
+               bool aReportOnly, bool aUpgradeInsecure,
-               bool aUpgradeInsecure, bool aParserCreated) const override {
+               bool aParserCreated) const override {
     return false;
   }
 
@@ -647,8 +641,8 @@ class nsCSPPolicy {
   nsCSPPolicy();
   virtual ~nsCSPPolicy();
 
-  bool permits(CSPDirective aDirective, nsILoadInfo* aLoadInfo, nsIURI* aUri,
+  bool permits(CSPDirective aDirective, nsIURI* aUri, const nsAString& aNonce,
-               bool aWasRedirected, bool aSpecific,
+               bool aWasRedirected, bool aSpecific, bool aParserCreated,
                nsAString& outViolatedDirective) const;
   bool allows(CSPDirective aDirective, enum CSPKeyword aKeyword,
               const nsAString& aHashOrNonce, bool aParserCreated) const;

dom/security/test/unit/test_csp_reports.js

@@ -194,10 +194,11 @@ function run_test() {
       csp.shouldLoad(
         Ci.nsIContentPolicy.TYPE_SCRIPT,
         null, // nsICSPEventListener
-        null, // aLoadInfo
         NetUtil.newURI("http://blocked.test/foo.js"),
         null,
-        true
+        true,
+        null,
+        false
       );
     }
   );
@@ -260,10 +261,11 @@ function run_test() {
     csp.shouldLoad(
       Ci.nsIContentPolicy.TYPE_IMAGE,
       null, // nsICSPEventListener
-      null, // nsILoadInfo
       NetUtil.newURI("data:image/png;base64," + base64data),
       null,
-      true
+      true,
+      null,
+      false
     );
   });
 
@@ -273,10 +275,11 @@ function run_test() {
     csp.shouldLoad(
       Ci.nsIContentPolicy.TYPE_SUBDOCUMENT,
       null, // nsICSPEventListener
-      null, // nsILoadInfo
       NetUtil.newURI("intent://mymaps.com/maps?um=1&ie=UTF-8&fb=1&sll"),
       null,
-      true
+      true,
+      null,
+      false
     );
   });
 
@@ -288,10 +291,11 @@ function run_test() {
     csp.shouldLoad(
       Ci.nsIContentPolicy.TYPE_SCRIPT,
       null, // nsICSPEventListener
-      null, // nsILoadInfo
       NetUtil.newURI(selfSpec + "#bar"),
       null,
-      true
+      true,
+      null,
+      false
     );
   });
 }

ipc/glue/BackgroundUtils.cpp

@@ -486,10 +486,6 @@ nsresult LoadInfoToLoadInfoArgs(nsILoadInfo* aLoadInfo,
   nsAutoString cspNonce;
   Unused << NS_WARN_IF(NS_FAILED(aLoadInfo->GetCspNonce(cspNonce)));
 
-  nsAutoString integrityMetadata;
-  Unused << NS_WARN_IF(
-      NS_FAILED(aLoadInfo->GetIntegrityMetadata(integrityMetadata)));
-
   nsCOMPtr<nsICookieJarSettings> cookieJarSettings;
   rv = aLoadInfo->GetCookieJarSettings(getter_AddRefs(cookieJarSettings));
   NS_ENSURE_SUCCESS(rv, rv);
@@ -572,9 +568,8 @@ nsresult LoadInfoToLoadInfoArgs(nsILoadInfo* aLoadInfo,
       aLoadInfo->GetDocumentHasUserInteracted(),
       aLoadInfo->GetAllowListFutureDocumentsCreatedFromThisRedirectChain(),
       aLoadInfo->GetNeedForCheckingAntiTrackingHeuristic(), cspNonce,
-      integrityMetadata, aLoadInfo->GetSkipContentSniffing(),
+      aLoadInfo->GetSkipContentSniffing(), aLoadInfo->GetHttpsOnlyStatus(),
-      aLoadInfo->GetHttpsOnlyStatus(), aLoadInfo->GetHstsStatus(),
+      aLoadInfo->GetHstsStatus(), aLoadInfo->GetHasValidUserGestureActivation(),
-      aLoadInfo->GetHasValidUserGestureActivation(),
       aLoadInfo->GetAllowDeprecatedSystemRequests(),
       aLoadInfo->GetIsInDevToolsContext(), aLoadInfo->GetParserCreatedScript(),
       aLoadInfo->GetIsFromProcessingFrameAttributes(),
@@ -862,9 +857,9 @@ nsresult LoadInfoArgsToLoadInfo(
       loadInfoArgs.documentHasUserInteracted(),
       loadInfoArgs.allowListFutureDocumentsCreatedFromThisRedirectChain(),
       loadInfoArgs.needForCheckingAntiTrackingHeuristic(),
-      loadInfoArgs.cspNonce(), loadInfoArgs.integrityMetadata(),
+      loadInfoArgs.cspNonce(), loadInfoArgs.skipContentSniffing(),
-      loadInfoArgs.skipContentSniffing(), loadInfoArgs.httpsOnlyStatus(),
+      loadInfoArgs.httpsOnlyStatus(), loadInfoArgs.hstsStatus(),
-      loadInfoArgs.hstsStatus(), loadInfoArgs.hasValidUserGestureActivation(),
+      loadInfoArgs.hasValidUserGestureActivation(),
       loadInfoArgs.allowDeprecatedSystemRequests(),
       loadInfoArgs.isInDevToolsContext(), loadInfoArgs.parserCreatedScript(),
       loadInfoArgs.storagePermission(), loadInfoArgs.isMetaRefresh(),

netwerk/base/LoadInfo.cpp

@@ -611,7 +611,6 @@ LoadInfo::LoadInfo(const LoadInfo& rhs)
       mNeedForCheckingAntiTrackingHeuristic(
           rhs.mNeedForCheckingAntiTrackingHeuristic),
       mCspNonce(rhs.mCspNonce),
-      mIntegrityMetadata(rhs.mIntegrityMetadata),
       mSkipContentSniffing(rhs.mSkipContentSniffing),
       mHttpsOnlyStatus(rhs.mHttpsOnlyStatus),
       mHstsStatus(rhs.mHstsStatus),
@@ -665,8 +664,7 @@ LoadInfo::LoadInfo(
     bool aServiceWorkerTaintingSynthesized, bool aDocumentHasUserInteracted,
     bool aAllowListFutureDocumentsCreatedFromThisRedirectChain,
     bool aNeedForCheckingAntiTrackingHeuristic, const nsAString& aCspNonce,
-    const nsAString& aIntegrityMetadata, bool aSkipContentSniffing,
+    bool aSkipContentSniffing, uint32_t aHttpsOnlyStatus, bool aHstsStatus,
-    uint32_t aHttpsOnlyStatus, bool aHstsStatus,
     bool aHasValidUserGestureActivation, bool aAllowDeprecatedSystemRequests,
     bool aIsInDevToolsContext, bool aParserCreatedScript,
     nsILoadInfo::StoragePermissionState aStoragePermission, bool aIsMetaRefresh,
@@ -732,7 +730,6 @@ LoadInfo::LoadInfo(
       mNeedForCheckingAntiTrackingHeuristic(
           aNeedForCheckingAntiTrackingHeuristic),
       mCspNonce(aCspNonce),
-      mIntegrityMetadata(aIntegrityMetadata),
       mSkipContentSniffing(aSkipContentSniffing),
       mHttpsOnlyStatus(aHttpsOnlyStatus),
       mHstsStatus(aHstsStatus),
@@ -1806,20 +1803,6 @@ LoadInfo::SetCspNonce(const nsAString& aCspNonce) {
   return NS_OK;
 }
 
-NS_IMETHODIMP
-LoadInfo::GetIntegrityMetadata(nsAString& aIntegrityMetadata) {
-  aIntegrityMetadata = mIntegrityMetadata;
-  return NS_OK;
-}
-
-NS_IMETHODIMP
-LoadInfo::SetIntegrityMetadata(const nsAString& aIntegrityMetadata) {
-  MOZ_ASSERT(!mInitialSecurityCheckDone,
-             "setting the nonce is only allowed before any sec checks");
-  mIntegrityMetadata = aIntegrityMetadata;
-  return NS_OK;
-}
-
 NS_IMETHODIMP
 LoadInfo::GetSkipContentSniffing(bool* aSkipContentSniffing) {
   *aSkipContentSniffing = mSkipContentSniffing;

netwerk/base/LoadInfo.h

@@ -234,8 +234,7 @@ class LoadInfo final : public nsILoadInfo {
       bool aServiceWorkerTaintingSynthesized, bool aDocumentHasUserInteracted,
       bool aAllowListFutureDocumentsCreatedFromThisRedirectChain,
       bool aNeedForCheckingAntiTrackingHeuristic, const nsAString& aCspNonce,
-      const nsAString& aIntegrityMetadata, bool aSkipContentSniffing,
+      bool aSkipContentSniffing, uint32_t aHttpsOnlyStatus, bool aHstsStatus,
-      uint32_t aHttpsOnlyStatus, bool aHstsStatus,
       bool aHasValidUserGestureActivation, bool aAllowDeprecatedSystemRequests,
       bool aIsInDevToolsContext, bool aParserCreatedScript,
       nsILoadInfo::StoragePermissionState aStoragePermission,
@@ -343,7 +342,6 @@ class LoadInfo final : public nsILoadInfo {
   bool mAllowListFutureDocumentsCreatedFromThisRedirectChain = false;
   bool mNeedForCheckingAntiTrackingHeuristic = false;
   nsString mCspNonce;
-  nsString mIntegrityMetadata;
   bool mSkipContentSniffing = false;
   uint32_t mHttpsOnlyStatus = nsILoadInfo::HTTPS_ONLY_UNINITIALIZED;
   bool mHstsStatus = false;

netwerk/base/TRRLoadInfo.cpp

@@ -539,16 +539,6 @@ TRRLoadInfo::SetCspNonce(const nsAString& aCspNonce) {
   return NS_ERROR_NOT_IMPLEMENTED;
 }
 
-NS_IMETHODIMP
-TRRLoadInfo::GetIntegrityMetadata(nsAString& aIntegrityMetadata) {
-  return NS_ERROR_NOT_IMPLEMENTED;
-}
-
-NS_IMETHODIMP
-TRRLoadInfo::SetIntegrityMetadata(const nsAString& aIntegrityMetadata) {
-  return NS_ERROR_NOT_IMPLEMENTED;
-}
-
 NS_IMETHODIMP
 TRRLoadInfo::GetSkipContentSniffing(bool* aSkipContentSniffing) {
   return NS_ERROR_NOT_IMPLEMENTED;

netwerk/base/nsILoadInfo.idl

@@ -1336,9 +1336,6 @@ interface nsILoadInfo : nsISupports
    */
   attribute AString cspNonce;
 
-  // Subresource Integrity (SRI) metadata.
-  attribute AString integrityMetadata;
-
   /**
    * List of possible reasons the request associated with this load info
    * may have been blocked, set by various content blocking checkers.

netwerk/ipc/NeckoChannelParams.ipdlh

@@ -164,7 +164,6 @@ struct LoadInfoArgs
   bool allowListFutureDocumentsCreatedFromThisRedirectChain;
   bool needForCheckingAntiTrackingHeuristic;
   nsString                    cspNonce;
-  nsString                    integrityMetadata;
   bool                        skipContentSniffing;
   uint32_t                    httpsOnlyStatus;
   bool                        hstsStatus;

testing/web-platform/meta/content-security-policy/script-src/script-src-report-only-policy-works-with-external-hash-policy.html.ini

@@ -0,0 +1,8 @@
+implementation-status: backlog
+[script-src-report-only-policy-works-with-external-hash-policy.html]
+  [External script in a script tag with matching SRI hash should run.]
+    expected: FAIL
+
+  [Should fire securitypolicyviolation event]
+    expected: FAIL
+

testing/web-platform/meta/content-security-policy/script-src/script-src-sri_hash.sub.html.ini

@@ -0,0 +1,14 @@
+[script-src-sri_hash.sub.html]
+  expected:
+    if (os == "android") and fission: [OK, TIMEOUT]
+  [matching integrity]
+    expected: FAIL
+
+  [multiple matching integrity]
+    expected: FAIL
+
+  [matching plus unsupported integrity]
+    expected: FAIL
+
+  [External script in a script tag with matching SRI hash should run.]
+    expected: FAIL

testing/web-platform/tests/content-security-policy/default-src/default-src-sri_hash.sub.html

@@ -1,109 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-
-<head>
-    <title>External scripts with matching SRI hash (in default-src) should be allowed.</title>
-    <script src='/resources/testharness.js' nonce='dummy'></script>
-    <script src='/resources/testharnessreport.js' nonce='dummy'></script>
-
-    <!-- CSP served: default-src {{domains[www]}}:* 'nonce-dummy' 'sha256-wIc3KtqOuTFEu6t17sIBuOswgkV406VJvhSk79Gw6U0=' 'ShA256-L7/UQ9VWpyG7C9RDEC4ctS5hI3Zcw+ta+haPGlByG9c=' 'sha512-rYCVMxWV5nq8IsMo+UZNObWtEiWGok/vDN8BMoEQi41s0znSes6E1Q2aag3Lw3u2J1w2rqH7uF2ws6FpQhfSOA=='; style-src 'unsafe-inline' -->
-    <!-- ShA256 is intentionally mixed case -->
-</head>
-
-<body>
-    <h1>External scripts with matching SRI hash (in default-src) should be allowed.</h1>
-    <div id='log'></div>
-
-    <script nonce='dummy'>
-        var port = "{{ports[http][0]}}";
-        if (location.protocol === "https:")
-          port = "{{ports[https][0]}}";
-        var crossorigin_base = location.protocol + "//{{domains[www]}}:" + port;
-
-        // Test name, src, integrity, expected to run.
-        var test_cases = [
-          [ 'matching integrity',
-            './simpleSourcedScript.js',
-            'sha256-L7/UQ9VWpyG7C9RDEC4ctS5hI3Zcw+ta+haPGlByG9c=',
-            true ],
-          [ 'matching integrity (case-insensitive algorithm)',
-            './simpleSourcedScript.js',
-            'sha256-L7/UQ9VWpyG7C9RDEC4ctS5hI3Zcw+ta+haPGlByG9c=',
-            true ],
-          [ 'multiple matching integrity',
-            './simpleSourcedScript.js',
-            'sha256-L7/UQ9VWpyG7C9RDEC4ctS5hI3Zcw+ta+haPGlByG9c= sha512-rYCVMxWV5nq8IsMo+UZNObWtEiWGok/vDN8BMoEQi41s0znSes6E1Q2aag3Lw3u2J1w2rqH7uF2ws6FpQhfSOA==',
-            true ],
-          [ 'no integrity',
-            './simpleSourcedScript.js',
-            '',
-            false ],
-          [ 'matching plus unsupported integrity',
-            './simpleSourcedScript.js',
-            'sha256-L7/UQ9VWpyG7C9RDEC4ctS5hI3Zcw+ta+haPGlByG9c= sha999-xyz',
-            true ],
-          [ 'mismatched integrity',
-            './simpleSourcedScript.js',
-            'sha256-xyz',
-            false ],
-          [ 'multiple mismatched integrity',
-            './simpleSourcedScript.js',
-            'sha256-xyz sha256-zyx',
-            false ],
-          [ 'partially matching integrity',
-            './simpleSourcedScript.js',
-            'sha256-L7/UQ9VWpyG7C9RDEC4ctS5hI3Zcw+ta+haPGlByG9c= sha256-xyz',
-            false ],
-          [ 'crossorigin no integrity but allowed host',
-            crossorigin_base + '/content-security-policy/script-src/crossoriginScript.js',
-            '',
-            true ],
-          [ 'crossorigin mismatched integrity but allowed host',
-            crossorigin_base + '/content-security-policy/script-src/crossoriginScript.js',
-            'sha256-kKJ5c48yxzaaSBupJSCmY50hkD8xbVgZgLHLtmnkeAo=',
-            true ],
-        ];
-
-        test(_ => {
-          for (item of test_cases) {
-            async_test(t => {
-              var s = document.createElement('script');
-              s.id = item[0].replace(' ', '-');
-              s.src = item[1];
-              s.integrity = item[2];
-              s.setAttribute('crossorigin', 'anonymous');
-
-              if (item[3]) {
-                s.onerror = t.unreached_func("Script should load! " + s.src);
-                window.addEventListener('message', t.step_func(e => {
-                  if (e.data == s.id)
-                    t.done();
-                }));
-              } else {
-                s.onerror = t.step_func_done();
-                window.addEventListener('message', t.step_func(e => {
-                  if (e.data == s.id)
-                    assert_unreached("Script should not execute!");
-                }));
-              }
-
-              document.body.appendChild(s);
-            }, item[0]);
-          }
-        }, "Load all the tests.");
-    </script>
-
-    <script nonce='dummy'>
-        var externalRan = false;
-    </script>
-    <script src='./externalScript.js'
-        integrity="sha256-wIc3KtqOuTFEu6t17sIBuOswgkV406VJvhSk79Gw6U0="></script>
-    <script nonce='dummy'>
-        test(function() {
-            assert_true(externalRan, 'External script ran.');
-        }, 'External script in a script tag with matching SRI hash should run.');
-    </script>
-
-</body>
-
-</html>

testing/web-platform/tests/content-security-policy/default-src/default-src-sri_hash.sub.html.sub.headers

@@ -1,5 +0,0 @@
-Expires: Mon, 26 Jul 1997 05:00:00 GMT
-Cache-Control: no-store, no-cache, must-revalidate
-Cache-Control: post-check=0, pre-check=0, false
-Pragma: no-cache
-Content-Security-Policy: default-src {{domains[www]}}:* 'nonce-dummy' 'sha256-wIc3KtqOuTFEu6t17sIBuOswgkV406VJvhSk79Gw6U0=' 'ShA256-L7/UQ9VWpyG7C9RDEC4ctS5hI3Zcw+ta+haPGlByG9c=' 'sha512-rYCVMxWV5nq8IsMo+UZNObWtEiWGok/vDN8BMoEQi41s0znSes6E1Q2aag3Lw3u2J1w2rqH7uF2ws6FpQhfSOA=='; style-src 'unsafe-inline'

testing/web-platform/tests/content-security-policy/default-src/externalScript.js

@@ -1 +0,0 @@
-externalRan = true;

testing/web-platform/tests/content-security-policy/default-src/simpleSourcedScript.js

@@ -1 +0,0 @@
-window.postMessage(document.currentScript.id, "*");

testing/web-platform/tests/content-security-policy/script-src/script-src-sri_hash.sub.html

@@ -6,8 +6,7 @@
     <script src='/resources/testharness.js' nonce='dummy'></script>
     <script src='/resources/testharnessreport.js' nonce='dummy'></script>
 
-    <!-- CSP served: script-src {{domains[www]}}:* 'nonce-dummy' 'sha256-wIc3KtqOuTFEu6t17sIBuOswgkV406VJvhSk79Gw6U0=' 'ShA256-L7/UQ9VWpyG7C9RDEC4ctS5hI3Zcw+ta+haPGlByG9c=' 'sha512-rYCVMxWV5nq8IsMo+UZNObWtEiWGok/vDN8BMoEQi41s0znSes6E1Q2aag3Lw3u2J1w2rqH7uF2ws6FpQhfSOA==' -->
+    <!-- CSP served: script-src {{domains[www]}}:* 'nonce-dummy' 'sha256-wIc3KtqOuTFEu6t17sIBuOswgkV406VJvhSk79Gw6U0=' 'sha256-L7/UQ9VWpyG7C9RDEC4ctS5hI3Zcw+ta+haPGlByG9c=' 'sha512-rYCVMxWV5nq8IsMo+UZNObWtEiWGok/vDN8BMoEQi41s0znSes6E1Q2aag3Lw3u2J1w2rqH7uF2ws6FpQhfSOA=' -->
-    <!-- ShA256 is intentionally mixed case -->
 </head>
 
 <body>
@@ -26,13 +25,9 @@
             './simpleSourcedScript.js',
             'sha256-L7/UQ9VWpyG7C9RDEC4ctS5hI3Zcw+ta+haPGlByG9c=',
             true ],
-          [ 'matching integrity (case-insensitive algorithm)',
-            './simpleSourcedScript.js',
-            'sha256-L7/UQ9VWpyG7C9RDEC4ctS5hI3Zcw+ta+haPGlByG9c=',
-            true ],
           [ 'multiple matching integrity',
             './simpleSourcedScript.js',
-            'sha256-L7/UQ9VWpyG7C9RDEC4ctS5hI3Zcw+ta+haPGlByG9c= sha512-rYCVMxWV5nq8IsMo+UZNObWtEiWGok/vDN8BMoEQi41s0znSes6E1Q2aag3Lw3u2J1w2rqH7uF2ws6FpQhfSOA==',
+            'sha256-L7/UQ9VWpyG7C9RDEC4ctS5hI3Zcw+ta+haPGlByG9c= sha512-rYCVMxWV5nq8IsMo+UZNObWtEiWGok/vDN8BMoEQi41s0znSes6E1Q2aag3Lw3u2J1w2rqH7uF2ws6FpQhfSOA=',
             true ],
           [ 'no integrity',
             './simpleSourcedScript.js',

testing/web-platform/tests/content-security-policy/script-src/script-src-sri_hash.sub.html.sub.headers

@@ -2,4 +2,4 @@ Expires: Mon, 26 Jul 1997 05:00:00 GMT
 Cache-Control: no-store, no-cache, must-revalidate
 Cache-Control: post-check=0, pre-check=0, false
 Pragma: no-cache
-Content-Security-Policy: script-src {{domains[www]}}:* 'nonce-dummy' 'sha256-wIc3KtqOuTFEu6t17sIBuOswgkV406VJvhSk79Gw6U0=' 'ShA256-L7/UQ9VWpyG7C9RDEC4ctS5hI3Zcw+ta+haPGlByG9c=' 'sha512-rYCVMxWV5nq8IsMo+UZNObWtEiWGok/vDN8BMoEQi41s0znSes6E1Q2aag3Lw3u2J1w2rqH7uF2ws6FpQhfSOA=='
+Content-Security-Policy: script-src {{domains[www]}}:* 'nonce-dummy' 'sha256-wIc3KtqOuTFEu6t17sIBuOswgkV406VJvhSk79Gw6U0=' 'sha256-L7/UQ9VWpyG7C9RDEC4ctS5hI3Zcw+ta+haPGlByG9c=' 'sha512-rYCVMxWV5nq8IsMo+UZNObWtEiWGok/vDN8BMoEQi41s0znSes6E1Q2aag3Lw3u2J1w2rqH7uF2ws6FpQhfSOA='