Bug 1529068 - Implementation of the navigate-to CSP directive as defined in CSP Level 3. r=ckerschb,mccr8

https://www.w3.org/TR/CSP3/#directive-navigate-to

Differential Revision: https://phabricator.services.mozilla.com/D37139

docshell/base/nsDocShell.cpp

@@ -4025,7 +4025,8 @@ nsDocShell::DisplayLoadError(nsresult aError, nsIURI* aURI,
     CopyUTF8toUTF16(host, *formatStrs.AppendElement());
     error = "netTimeout";
   } else if (NS_ERROR_CSP_FRAME_ANCESTOR_VIOLATION == aError ||
-             NS_ERROR_CSP_FORM_ACTION_VIOLATION == aError) {
+             NS_ERROR_CSP_FORM_ACTION_VIOLATION == aError ||
+             NS_ERROR_CSP_NAVIGATE_TO_VIOLATION == aError) {
     // CSP error
     cssClass.AssignLiteral("neterror");
     error = "cspBlocked";
@@ -9867,6 +9868,21 @@ static bool HasHttpScheme(nsIURI* aURI) {
 
   nsCOMPtr<nsIContentSecurityPolicy> csp = aLoadState->Csp();
   if (csp) {
+    // Check CSP navigate-to
+    bool allowsNavigateTo = false;
+    aRv = csp->GetAllowsNavigateTo(aLoadState->URI(), aLoadInfo,
+                                   false, /* aWasRedirected */
+                                   false, /* aEnforceWhitelist */
+                                   &allowsNavigateTo);
+    if (NS_FAILED(aRv)) {
+      return false;
+    }
+
+    if (!allowsNavigateTo) {
+      aRv = NS_ERROR_CSP_NAVIGATE_TO_VIOLATION;
+      return false;
+    }
+
     // Navigational requests that are same origin need to be upgraded in case
     // upgrade-insecure-requests is present.
     bool upgradeInsecureRequests = false;