corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 1304645: Pass individual CSP errors as categories to web console error messages. r=baku

Browse Source
This commit is contained in:
Christoph Kerschbaumer
2018-07-20 10:42:46 +02:00
parent ab874180a9
commit da3b449455
8 changed files with 32 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
dom/html/HTMLFormElement.cpp
View File

@@ -1748,7 +1748,8 @@ HTMLFormElement::GetActionURL(nsIURI** aActionURL,
EmptyString(), // aScriptSample
0, // aLineNumber
0, // aColumnNumber
nsIScriptError::warningFlag, "CSP",
nsIScriptError::warningFlag,
NS_LITERAL_CSTRING("upgradeInsecureRequest"),
document->InnerWindowID(),
!!document->NodePrincipal()->OriginAttributesRef().mPrivateBrowsingId);
}

3
dom/security/FramingChecker.cpp
View File

@@ -196,7 +196,8 @@ ShouldIgnoreFrameOptions(nsIChannel* aChannel, nsIPrincipal* aPrincipal)
0, // no linenumber
0, // no columnnumber
nsIScriptError::warningFlag,
"CSP", innerWindowID,
NS_LITERAL_CSTRING("IgnoringSrcBecauseOfDirective"),
innerWindowID,
privateWindow);
return true;

11
dom/security/nsCSPContext.cpp
View File

@@ -777,6 +777,7 @@ struct ConsoleMsgQueueElem {
uint32_t mLineNumber;
uint32_t mColumnNumber;
uint32_t mSeverityFlag;
nsCString mCategory;
};
void
@@ -797,7 +798,7 @@ nsCSPContext::flushConsoleMessages()
ConsoleMsgQueueElem &elem = mConsoleMsgQueue[i];
CSP_LogMessage(elem.mMsg, elem.mSourceName, elem.mSourceLine,
elem.mLineNumber, elem.mColumnNumber,
elem.mSeverityFlag, "CSP", mInnerWindowID,
elem.mSeverityFlag, elem.mCategory, mInnerWindowID,
privateWindow);
}
mConsoleMsgQueue.Clear();
@@ -813,6 +814,10 @@ nsCSPContext::logToConsole(const char* aName,
uint32_t aColumnNumber,
uint32_t aSeverityFlag)
{
// we are passing aName as the category so we can link to the
// appropriate MDN docs depending on the specific error.
nsDependentCString category(aName);
// let's check if we have to queue up console messages
if (mQueueUpMessages) {
nsAutoString msg;
@@ -824,6 +829,7 @@ nsCSPContext::logToConsole(const char* aName,
elem.mLineNumber = aLineNumber;
elem.mColumnNumber = aColumnNumber;
elem.mSeverityFlag = aSeverityFlag;
elem.mCategory = category;
return;
}
@@ -833,9 +839,10 @@ nsCSPContext::logToConsole(const char* aName,
privateWindow = !!doc->NodePrincipal()->OriginAttributesRef().mPrivateBrowsingId;
}
CSP_LogLocalizedStr(aName, aParams, aParamsLength, aSourceName,
aSourceLine, aLineNumber, aColumnNumber,
aSeverityFlag, "CSP", mInnerWindowID, privateWindow);
aSeverityFlag, category, mInnerWindowID, privateWindow);
}
/**

17
dom/security/nsCSPUtils.cpp
View File

@@ -129,7 +129,7 @@ CSP_LogMessage(const nsAString& aMessage,
uint32_t aLineNumber,
uint32_t aColumnNumber,
uint32_t aFlags,
const char *aCategory,
const nsACString& aCategory,
uint64_t aInnerWindowID,
bool aFromPrivateWindow)
{
@@ -158,20 +158,25 @@ CSP_LogMessage(const nsAString& aMessage,
cspMsg.AppendLiteral(u".");
}
// Since we are leveraging csp errors as the category names which
// we pass to devtools, we should prepend them with "CSP_" to
// allow easy distincution in devtools code. e.g.
// upgradeInsecureRequest -> CSP_upgradeInsecureRequest
nsCString category("CSP_");
category.Append(aCategory);
nsresult rv;
if (aInnerWindowID > 0) {
nsCString catStr;
catStr.AssignASCII(aCategory);
rv = error->InitWithWindowID(cspMsg, aSourceName,
aSourceLine, aLineNumber,
aColumnNumber, aFlags,
catStr, aInnerWindowID);
category, aInnerWindowID);
}
else {
rv = error->Init(cspMsg, aSourceName,
aSourceLine, aLineNumber,
aColumnNumber, aFlags,
aCategory, aFromPrivateWindow);
category.get(), aFromPrivateWindow);
}
if (NS_FAILED(rv)) {
return;
@@ -191,7 +196,7 @@ CSP_LogLocalizedStr(const char* aName,
uint32_t aLineNumber,
uint32_t aColumnNumber,
uint32_t aFlags,
const char* aCategory,
const nsACString& aCategory,
uint64_t aInnerWindowID,
bool aFromPrivateWindow)
{

4
dom/security/nsCSPUtils.h
View File

@@ -33,7 +33,7 @@ void CSP_LogLocalizedStr(const char* aName,
uint32_t aLineNumber,
uint32_t aColumnNumber,
uint32_t aFlags,
const char* aCategory,
const nsACString& aCategory,
uint64_t aInnerWindowID,
bool aFromPrivateWindow);
@@ -50,7 +50,7 @@ void CSP_LogMessage(const nsAString& aMessage,
uint32_t aLineNumber,
uint32_t aColumnNumber,
uint32_t aFlags,
const char* aCategory,
const nsACString& aCategory,
uint64_t aInnerWindowID,
bool aFromPrivateWindow);

3
dom/security/nsMixedContentBlocker.cpp
View File

@@ -803,7 +803,8 @@ nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect,
EmptyString(), // aScriptSample
0, // aLineNumber
0, // aColumnNumber
nsIScriptError::errorFlag, "CSP",
nsIScriptError::errorFlag,
NS_LITERAL_CSTRING("blockAllMixedContent"),
document->InnerWindowID(),
!!document->NodePrincipal()->OriginAttributesRef().mPrivateBrowsingId);
*aDecision = REJECT_REQUEST;

3
dom/websocket/WebSocket.cpp
View File

@@ -1724,7 +1724,8 @@ WebSocketImpl::Init(JSContext* aCx,
EmptyString(), // aScriptSample
0, // aLineNumber
0, // aColumnNumber
nsIScriptError::warningFlag, "CSP",
nsIScriptError::warningFlag,
NS_LITERAL_CSTRING("upgradeInsecureRequest"),
mInnerWindowID,
mPrivateBrowsing);
}

3
netwerk/base/nsNetUtil.cpp
View File

@@ -2930,7 +2930,8 @@ NS_ShouldSecureUpgrade(nsIURI* aURI,
EmptyString(), // aScriptSample
0, // aLineNumber
0, // aColumnNumber
nsIScriptError::warningFlag, "CSP",
nsIScriptError::warningFlag,
NS_LITERAL_CSTRING("upgradeInsecureRequest"),
innerWindowId,
!!aLoadInfo->GetOriginAttributes().mPrivateBrowsingId);
Telemetry::AccumulateCategorical(Telemetry::LABELS_HTTP_SCHEME_UPGRADE_TYPE::CSP);