Bug 1415352: Part 5a - Allow extension codebase principals to override CSP. r?bz
We currently use plain extension codebase principals for most of the extension
stylesheets that we inject into content pages. Since we want the content
loaded by those stylesheets to be exempt from CSP, and can't safely use
expanded principals for their loads, we need to make plain extension codebase
principals exempt from CSP.
MozReview-Commit-ID: IIAUWU68nor
--- a/caps/BasePrincipal.h
+++ b/caps/BasePrincipal.h
@@ -135,21 +135,30 @@ public:
// The aAllowIfInheritsPrincipal argument is passed through to CheckMayLoad()
// to determine which consistituent principals may load the requested URI.
nsIPrincipal* PrincipalToInherit(nsIURI* aRequestedURI = nullptr,
bool aAllowIfInheritsPrincipal = true);
/**
* Returns true if this principal's CSP should override a document's CSP for
* loads that it triggers. Currently true only for expanded principals which
- * subsume the document principal.
+ * subsume the document principal, and add-on codebase principals regardless
+ * of whether they subsume the document principal.
*/
bool OverridesCSP(nsIPrincipal* aDocumentPrincipal)
{
- return mKind == eExpandedPrincipal && FastSubsumes(aDocumentPrincipal);
+ // Expanded principals override CSP if and only if they subsume the document
+ // principal.
+ if (mKind == eExpandedPrincipal) {
+ return FastSubsumes(aDocumentPrincipal);
+ }
+ // Extension principals always override CSP. This is primarily for the sake
+ // of their stylesheets, which are usually loaded from channels and cannot
+ // have expanded principals.
+ return AddonPolicy();
}
protected:
virtual ~BasePrincipal();
// Note that this does not check OriginAttributes. Callers that depend on
// those must call Subsumes instead.
virtual bool SubsumesInternal(nsIPrincipal* aOther, DocumentDomainConsideration aConsider) = 0;