Bug 1346774: do not check frame-ancestors for non-CSP eligible URLs r?ckerschb
MozReview-Commit-ID: C1602j5j3My
--- a/dom/security/nsCSPContext.cpp
+++ b/dom/security/nsCSPContext.cpp
@@ -5,16 +5,17 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "nsCOMPtr.h"
#include "nsContentPolicyUtils.h"
#include "nsContentUtils.h"
#include "nsCSPContext.h"
#include "nsCSPParser.h"
#include "nsCSPService.h"
+#include "nsCSPUtils.h"
#include "nsError.h"
#include "nsIAsyncVerifyRedirectCallback.h"
#include "nsIClassInfoImpl.h"
#include "nsIDocShell.h"
#include "nsIDocShellTreeItem.h"
#include "nsIDOMHTMLDocument.h"
#include "nsIDOMHTMLElement.h"
#include "nsIDOMNode.h"
@@ -1267,16 +1268,22 @@ nsCSPContext::PermitsAncestry(nsIDocShel
nsIDocument* doc = parentTreeItem->GetDocument();
NS_ASSERTION(doc, "Could not get nsIDocument from nsIDocShellTreeItem in nsCSPContext::PermitsAncestry");
NS_ENSURE_TRUE(doc, NS_ERROR_FAILURE);
currentURI = doc->GetDocumentURI();
if (currentURI) {
+
+ // skip items in ancestor tree if the URI is not CSP eligible
+ if (!CSP_IsRequestSubjectToCSP(currentURI, nsIContentPolicy::TYPE_SUBDOCUMENT)) {
+ continue;
+ }
+
// delete the userpass from the URI.
rv = currentURI->CloneIgnoringRef(getter_AddRefs(uriClone));
NS_ENSURE_SUCCESS(rv, rv);
// We don't care if this succeeds, just want to delete a userpass if
// there was one.
uriClone->SetUserPass(EmptyCString());