corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 1518454: Part 1, backend changes, add CSP to loadURIOptions dictionary and pass CSP explicitly from frontend to docshell. r=bz

Browse Source
This commit is contained in:
Christoph Kerschbaumer
2019-02-21 16:00:32 +01:00
parent 7867e9df69
commit bd82a2ed63
37 changed files with 495 additions and 89 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
docshell/base/nsDocShellLoadState.h
View File

@@ -13,6 +13,7 @@
#include "nsDocShellLoadTypes.h"
#include "mozilla/net/ReferrerPolicy.h"
class nsIContentSecurityPolicy;
class nsIInputStream;
class nsISHEntry;
class nsIURI;
@@ -78,6 +79,10 @@ class nsDocShellLoadState final {
void SetTriggeringPrincipal(nsIPrincipal* aTriggeringPrincipal);
nsIContentSecurityPolicy* Csp() const;
void SetCsp(nsIContentSecurityPolicy* aCsp);
bool InheritPrincipal() const;
void SetInheritPrincipal(bool aInheritPrincipal);
@@ -226,6 +231,13 @@ class nsDocShellLoadState final {
// SystemPrincipal as the triggeringPrincipal.
nsCOMPtr<nsIPrincipal> mTriggeringPrincipal;
// The CSP of the load, that is, the CSP of the entity responsible for causing
// the load to occur. Most likely this is the CSP of the document that started
// the load. In case the entity starting the load did not use a CSP, then mCsp
// can be null. Please note that this is also the CSP that will be applied to
// the load in case the load encounters a server side redirect.
nsCOMPtr<nsIContentSecurityPolicy> mCsp;
// If a refresh is caused by http-equiv="refresh" we want to set
// aResultPrincipalURI, but we do not want to overwrite the channel's
// ResultPrincipalURI, if it has already been set on the channel by a protocol