Bug 1330383 - fetch original style sheet text using TYPE_OTHER; r?gl
Using TYPE_INTERNAL_STYLESHEET here is incorrect because we're not
necessarily fetching style sheets -- just some text. This may run
afoul of X-Content-Type-Options.
MozReview-Commit-ID: HB7YfWwq6CI
--- a/devtools/client/styleeditor/test/browser.ini
+++ b/devtools/client/styleeditor/test/browser.ini
@@ -33,16 +33,17 @@ support-files =
sourcemap-css/contained.css
sourcemap-css/sourcemaps.css
sourcemap-css/sourcemaps.css.map
sourcemap-css/media-rules.css
sourcemap-css/media-rules.css.map
sourcemap-css/test-bootstrap-scss.css
sourcemap-css/test-stylus.css
sourcemap-sass/sourcemaps.scss
+ sourcemap-sass/sourcemaps.scss^headers^
sourcemap-sass/media-rules.scss
sourcemap-styl/test-stylus.styl
sourcemaps.html
sourcemaps-inline.html
sourcemaps-large.html
sourcemaps-watching.html
test_private.css
test_private.html
new file mode 100644
--- /dev/null
+++ b/devtools/client/styleeditor/test/sourcemap-sass/sourcemaps.scss^headers^
@@ -0,0 +1,2 @@
+X-Content-Type-Options: nosniff
+Content-Type: text/plain
--- a/devtools/server/actors/stylesheets.js
+++ b/devtools/server/actors/stylesheets.js
@@ -83,17 +83,22 @@ var OriginalSourceActor = protocol.Actor
return promise.resolve(this.text);
}
let content = this.sourceMap.sourceContentFor(this.url);
if (content) {
this.text = content;
return promise.resolve(content);
}
let options = {
- policy: Ci.nsIContentPolicy.TYPE_INTERNAL_STYLESHEET,
+ // Make sure to use TYPE_OTHER - we are not fetching necessarily
+ // even fetching a style sheet, and anyway we're not planning to
+ // use it as a style sheet per se but rather just for its text;
+ // and this avoids problems with X-Content-Type-Options:
+ // nosniff. See bug 1330383.
+ policy: Ci.nsIContentPolicy.TYPE_OTHER,
window: this.window
};
return fetch(this.url, options).then(({content: text}) => {
this.text = text;
return text;
});
},
