Bug 1399990 - Files added for New Categorical telemetry SCRIPT_BLOCK_INCORRECT_MIME_2 and same origin check done
MozReview-Commit-ID: JKHxmIdtzIN
--- a/netwerk/protocol/http/nsHttpChannel.cpp
+++ b/netwerk/protocol/http/nsHttpChannel.cpp
@@ -1451,41 +1451,76 @@ EnsureMIMEOfScript(nsIURI* aURI, nsHttpR
}
if (aLoadInfo->GetExternalContentPolicyType() != nsIContentPolicy::TYPE_SCRIPT) {
// if this is not a script load, then there is nothing to do
return NS_OK;
}
nsAutoCString contentType;
+
aResponseHead->ContentType(contentType);
NS_ConvertUTF8toUTF16 typeString(contentType);
if (nsContentUtils::IsJavascriptMIMEType(typeString)) {
// script load has type script
- Telemetry::Accumulate(Telemetry::SCRIPT_BLOCK_INCORRECT_MIME, 1);
+ AccumulateCategorical(Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_2::javaScript);
return NS_OK;
}
+ nsCOMPtr<nsIURI> requestURI;
+ nsAutoCString requestURIString;
+ aLoadInfo->LoadingPrincipal()->GetURI(getter_AddRefs(requestURI));
+ if (requestURI) {
+ requestURI->GetPrePath(requestURIString);
+ }
+
+ nsIScriptSecurityManager* ssm = nsContentUtils::GetSecurityManager();
+ nsresult rv = ssm->CheckSameOriginURI(requestURI, aURI, false);
+ if (NS_SUCCEEDED(rv)) {
+ //same origin
+ AccumulateCategorical(Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_2::same_origin);
+ } else {
+ bool cors = false;
+ nsAutoCString corsOrigin;
+ rv = aResponseHead->GetHeader(nsHttp::ResolveAtom("Access-Control-Allow-Origin"), corsOrigin);
+ if (NS_SUCCEEDED(rv)) {
+ nsCOMPtr<nsIURI> corsOriginURI;
+ rv = NS_NewURI(getter_AddRefs(corsOriginURI), corsOrigin);
+ if (NS_SUCCEEDED(rv)) {
+ rv = ssm->CheckSameOriginURI(requestURI, corsOriginURI, false);
+ //cors origin
+ if (corsOrigin.Equals("*") || NS_SUCCEEDED(rv)) {
+ AccumulateCategorical(Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_2::CORS_origin);
+ cors = true;
+ }
+ }
+ }
+ if (!cors) {
+ //cross origin
+ AccumulateCategorical(Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_2::cross_origin);
+ }
+ }
+
bool block = false;
if (StringBeginsWith(contentType, NS_LITERAL_CSTRING("image/"))) {
// script load has type image
- Telemetry::Accumulate(Telemetry::SCRIPT_BLOCK_INCORRECT_MIME, 2);
+ AccumulateCategorical(Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_2::image);
block = true;
} else if (StringBeginsWith(contentType, NS_LITERAL_CSTRING("audio/"))) {
// script load has type audio
- Telemetry::Accumulate(Telemetry::SCRIPT_BLOCK_INCORRECT_MIME, 3);
+ AccumulateCategorical(Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_2::audio);
block = true;
} else if (StringBeginsWith(contentType, NS_LITERAL_CSTRING("video/"))) {
// script load has type video
- Telemetry::Accumulate(Telemetry::SCRIPT_BLOCK_INCORRECT_MIME, 4);
+ AccumulateCategorical(Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_2::video);
block = true;
} else if (StringBeginsWith(contentType, NS_LITERAL_CSTRING("text/csv"))) {
// script load has type text/csv
- Telemetry::Accumulate(Telemetry::SCRIPT_BLOCK_INCORRECT_MIME, 6);
+ AccumulateCategorical(Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_2::text_csv);
block = true;
}
if (block) {
// Instead of consulting Preferences::GetBool() all the time we
// can cache the result to speed things up.
static bool sCachedBlockScriptWithWrongMime = false;
static bool sIsInited = false;
@@ -1501,52 +1536,52 @@ EnsureMIMEOfScript(nsIURI* aURI, nsHttpR
}
ReportTypeBlocking(aURI, aLoadInfo, "BlockScriptWithWrongMimeType");
return NS_ERROR_CORRUPTED_CONTENT;
}
if (StringBeginsWith(contentType, NS_LITERAL_CSTRING("text/plain"))) {
// script load has type text/plain
- Telemetry::Accumulate(Telemetry::SCRIPT_BLOCK_INCORRECT_MIME, 5);
+ AccumulateCategorical(Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_2::text_plain);
return NS_OK;
}
if (StringBeginsWith(contentType, NS_LITERAL_CSTRING("text/xml"))) {
// script load has type text/xml
- Telemetry::Accumulate(Telemetry::SCRIPT_BLOCK_INCORRECT_MIME, 7);
+ AccumulateCategorical(Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_2::text_xml);
return NS_OK;
}
if (StringBeginsWith(contentType, NS_LITERAL_CSTRING("application/octet-stream"))) {
// script load has type application/octet-stream
- Telemetry::Accumulate(Telemetry::SCRIPT_BLOCK_INCORRECT_MIME, 8);
+ AccumulateCategorical(Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_2::app_octet_stream);
return NS_OK;
}
if (StringBeginsWith(contentType, NS_LITERAL_CSTRING("application/xml"))) {
// script load has type application/xml
- Telemetry::Accumulate(Telemetry::SCRIPT_BLOCK_INCORRECT_MIME, 9);
+ AccumulateCategorical(Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_2::app_xml);
return NS_OK;
}
if (StringBeginsWith(contentType, NS_LITERAL_CSTRING("text/html"))) {
// script load has type text/html
- Telemetry::Accumulate(Telemetry::SCRIPT_BLOCK_INCORRECT_MIME, 10);
+ AccumulateCategorical(Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_2::text_html);
return NS_OK;
}
if (contentType.IsEmpty()) {
// script load has no type
- Telemetry::Accumulate(Telemetry::SCRIPT_BLOCK_INCORRECT_MIME, 11);
+ AccumulateCategorical(Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_2::empty);
return NS_OK;
}
// script load has unknown type
- Telemetry::Accumulate(Telemetry::SCRIPT_BLOCK_INCORRECT_MIME, 0);
+ AccumulateCategorical(Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_2::unknown);
return NS_OK;
}
nsresult
nsHttpChannel::CallOnStartRequest()
{
LOG(("nsHttpChannel::CallOnStartRequest [this=%p]", this));
--- a/toolkit/components/telemetry/Histograms.json
+++ b/toolkit/components/telemetry/Histograms.json
@@ -7792,24 +7792,24 @@
},
"SAFE_MODE_USAGE": {
"record_in_processes": ["main", "content"],
"expires_in_version": "never",
"kind": "enumerated",
"n_values": 3,
"description": "Whether the user is in safe mode (No, Yes, Forced)"
},
- "SCRIPT_BLOCK_INCORRECT_MIME": {
+ "SCRIPT_BLOCK_INCORRECT_MIME_2": {
"record_in_processes": ["main", "content"],
"alert_emails": ["ckerschbaumer@mozilla.com"],
- "bug_numbers": [1288361, 1299267],
- "expires_in_version": "56",
- "kind": "enumerated",
- "n_values": 15,
- "description": "Whether the script load has a MIME type of ...? (0=unknown, 1=js, 2=image, 3=audio, 4=video, 5=text/plain, 6=text/csv, 7=text/xml, 8=application/octet-stream, 9=application/xml, 10=text/html, 11=empty)"
+ "bug_numbers": [1288361, 1299267, 1399990],
+ "expires_in_version": "63",
+ "kind": "categorical",
+ "labels": ["unknown","javaScript","image", "audio", "video","text_plain","text_csv","text_xml","app_octet_stream","app_xml","text_html","empty","worker_load","importSript_load","script_load","same_origin","CORS_origin","cross_origin"],
+ "description": "Whether the script load has a MIME type of ...? (unknown, javaScript, image, audio, video, text_plain, text_csv, text_xml, app_octet_stream, app_xml, text_html, empty). Whether the script load is from ...? (worker_load, importSript_load, script_load). Whether the script load is of ...? (same_origin, CORS_origin, cross_origin)"
},
"XCTO_NOSNIFF_BLOCK_IMAGE": {
"record_in_processes": ["main", "content"],
"alert_emails": ["ckerschbaumer@mozilla.com"],
"bug_numbers": [1302539],
"expires_in_version": "56",
"kind": "enumerated",
"n_values": 3,