--- a/netwerk/protocol/http/nsHttpChannel.cpp
+++ b/netwerk/protocol/http/nsHttpChannel.cpp
@@ -1451,41 +1451,72 @@ EnsureMIMEOfScript(nsIURI* aURI, nsHttpR
}
if (aLoadInfo->GetExternalContentPolicyType() != nsIContentPolicy::TYPE_SCRIPT) {
// if this is not a script load, then there is nothing to do
return NS_OK;
}
nsAutoCString contentType;
+ nsCOMPtr<nsIURI> requestURI;
+ nsAutoCString requestURIString;
+ nsAutoCString responseURIString;
+ nsAutoCString corsOrigin;
+
aResponseHead->ContentType(contentType);
NS_ConvertUTF8toUTF16 typeString(contentType);
if (nsContentUtils::IsJavascriptMIMEType(typeString)) {
// script load has type script
- AccumulateCategorical(Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME::javaScript);
+ AccumulateCategorical(Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_2::javaScript);
return NS_OK;
}
+ if (aLoadInfo->LoadingPrincipal()) {
+ aLoadInfo->LoadingPrincipal()->GetURI(getter_AddRefs(requestURI));
+ if (requestURI) {
+ requestURI->GetPrePath(requestURIString);
+ }
+ aURI->GetPrePath(responseURIString);
+ if (requestURIString.Equals(responseURIString)) {
+ //same origin
+ AccumulateCategorical(Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_2::same_origin);
+ } else {
+ bool cors = false;
+ nsresult rv = aResponseHead->GetHeader(nsHttp::ResolveAtom("Access-Control-Allow-Origin"), corsOrigin);
+ if (NS_SUCCEEDED(rv)) {
+ //cors origin
+ if (corsOrigin.Equals("*") || corsOrigin.Equals(requestURIString)) {
+ AccumulateCategorical(Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_2::CORS_same_origin);
+ cors = true;
+ }
+ }
+ if (!cors) {
+ //cross origin
+ AccumulateCategorical(Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_2::cross_origin);
+ }
+ }
+ }
+
bool block = false;
if (StringBeginsWith(contentType, NS_LITERAL_CSTRING("image/"))) {
// script load has type image
- AccumulateCategorical(Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME::image);
+ AccumulateCategorical(Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_2::image);
block = true;
} else if (StringBeginsWith(contentType, NS_LITERAL_CSTRING("audio/"))) {
// script load has type audio
- AccumulateCategorical(Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME::audio);
+ AccumulateCategorical(Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_2::audio);
block = true;
} else if (StringBeginsWith(contentType, NS_LITERAL_CSTRING("video/"))) {
// script load has type video
- AccumulateCategorical(Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME::video);
+ AccumulateCategorical(Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_2::video);
block = true;
} else if (StringBeginsWith(contentType, NS_LITERAL_CSTRING("text/csv"))) {
// script load has type text/csv
- AccumulateCategorical(Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME::text_csv);
+ AccumulateCategorical(Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_2::text_csv);
block = true;
}
if (block) {
// Instead of consulting Preferences::GetBool() all the time we
// can cache the result to speed things up.
static bool sCachedBlockScriptWithWrongMime = false;
static bool sIsInited = false;
@@ -1501,52 +1532,52 @@ EnsureMIMEOfScript(nsIURI* aURI, nsHttpR
}
ReportTypeBlocking(aURI, aLoadInfo, "BlockScriptWithWrongMimeType");
return NS_ERROR_CORRUPTED_CONTENT;
}
if (StringBeginsWith(contentType, NS_LITERAL_CSTRING("text/plain"))) {
// script load has type text/plain
- AccumulateCategorical(Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME::text_plain);
+ AccumulateCategorical(Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_2::text_plain);
return NS_OK;
}
if (StringBeginsWith(contentType, NS_LITERAL_CSTRING("text/xml"))) {
// script load has type text/xml
- AccumulateCategorical(Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME::text_xml);
+ AccumulateCategorical(Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_2::text_xml);
return NS_OK;
}
if (StringBeginsWith(contentType, NS_LITERAL_CSTRING("application/octet-stream"))) {
// script load has type application/octet-stream
- AccumulateCategorical(Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME::app_octet_stream);
+ AccumulateCategorical(Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_2::app_octet_stream);
return NS_OK;
}
if (StringBeginsWith(contentType, NS_LITERAL_CSTRING("application/xml"))) {
// script load has type application/xml
- AccumulateCategorical(Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME::app_xml);
+ AccumulateCategorical(Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_2::app_xml);
return NS_OK;
}
if (StringBeginsWith(contentType, NS_LITERAL_CSTRING("text/html"))) {
// script load has type text/html
- AccumulateCategorical(Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME::text_html);
+ AccumulateCategorical(Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_2::text_html);
return NS_OK;
}
if (contentType.IsEmpty()) {
// script load has no type
- AccumulateCategorical(Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME::empty);
+ AccumulateCategorical(Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_2::empty);
return NS_OK;
}
// script load has unknown type
- AccumulateCategorical(Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME::unknown);
+ AccumulateCategorical(Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_2::unknown);
return NS_OK;
}
nsresult
nsHttpChannel::CallOnStartRequest()
{
LOG(("nsHttpChannel::CallOnStartRequest [this=%p]", this));
--- a/toolkit/components/telemetry/Histograms.json
+++ b/toolkit/components/telemetry/Histograms.json
@@ -7792,24 +7792,24 @@
},
"SAFE_MODE_USAGE": {
"record_in_processes": ["main", "content"],
"expires_in_version": "never",
"kind": "enumerated",
"n_values": 3,
"description": "Whether the user is in safe mode (No, Yes, Forced)"
},
- "SCRIPT_BLOCK_INCORRECT_MIME": {
+ "SCRIPT_BLOCK_INCORRECT_MIME_2": {
"record_in_processes": ["main", "content"],
"alert_emails": ["ckerschbaumer@mozilla.com"],
- "bug_numbers": [1399990],
+ "bug_numbers": [1288361, 1299267, 1399990],
"expires_in_version": "63",
"kind": "categorical",
- "labels": ["unknown","javaScript","image", "audio", "video","text_plain","text_csv","text_xml","app_octet_stream","app_xml","text_html","empty","worker","importSript","script","same_origin","CORS_same_origin","cross_origin"],
- "description": "Whether the script load has a wrong MIME type"
+ "labels": ["unknown","javaScript","image", "audio", "video","text_plain","text_csv","text_xml","app_octet_stream","app_xml","text_html","empty","worker_load","importSript_load","script_load","same_origin","CORS_same_origin","cross_origin"],
+ "description": "Whether the script load has a MIME type of ...? (unknown, javaScript, image, audio, video, text_plain, text_csv, text_xml, app_octet_stream, app_xml, text_html, empty). Whether the script load is from ...? (worker_load, importSript_load, script_load). Whether the script load is of ...? (same_origin, CORS_same_origin, cross_origin)"
},
"XCTO_NOSNIFF_BLOCK_IMAGE": {
"record_in_processes": ["main", "content"],
"alert_emails": ["ckerschbaumer@mozilla.com"],
"bug_numbers": [1302539],
"expires_in_version": "56",
"kind": "enumerated",
"n_values": 3,