Bug 1476820 - Convert some VarCache prefs in dom/security/ to use StaticPrefs. r=ckerschb
Specifically:
- "security.csp.enable"
- "security.csp.experimentalEnabled"
- "security.csp.enableStrictDynamic"
- "security.csp.reporting.script-sample.max-length"
- "security.csp.enable_violation_events"
MozReview-Commit-ID: G1ie4ut9QaK
--- a/dom/base/nsDocument.cpp
+++ b/dom/base/nsDocument.cpp
@@ -2838,17 +2838,17 @@ nsIDocument::ApplySettingsFromCSP(bool a
}
}
nsresult
nsIDocument::InitCSP(nsIChannel* aChannel)
{
MOZ_ASSERT(!mScriptGlobalObject,
"CSP must be initialized before mScriptGlobalObject is set!");
- if (!CSPService::sCSPEnabled) {
+ if (!StaticPrefs::security_csp_enable()) {
MOZ_LOG(gCspPRLog, LogLevel::Debug,
("CSP is disabled, skipping CSP init for document %p", this));
return NS_OK;
}
nsAutoCString tCspHeaderValue, tCspROHeaderValue;
nsCOMPtr<nsIHttpChannel> httpChannel;
--- a/dom/html/HTMLMetaElement.cpp
+++ b/dom/html/HTMLMetaElement.cpp
@@ -89,17 +89,18 @@ HTMLMetaElement::BindToTree(nsIDocument*
NS_ENSURE_SUCCESS(rv, rv);
if (aDocument &&
AttrValueIs(kNameSpaceID_None, nsGkAtoms::name, nsGkAtoms::viewport, eIgnoreCase)) {
nsAutoString content;
GetContent(content);
nsContentUtils::ProcessViewportInfo(aDocument, content);
}
- if (CSPService::sCSPEnabled && aDocument && !aDocument->IsLoadedAsData() &&
+ if (StaticPrefs::security_csp_enable() && aDocument &&
+ !aDocument->IsLoadedAsData() &&
AttrValueIs(kNameSpaceID_None, nsGkAtoms::httpEquiv, nsGkAtoms::headerCSP, eIgnoreCase)) {
// only accept <meta http-equiv="Content-Security-Policy" content=""> if it appears
// in the <head> element.
Element* headElt = aDocument->GetHeadElement();
if (headElt && nsContentUtils::ContentIsDescendantOf(this, headElt)) {
nsAutoString content;
--- a/dom/security/nsCSPContext.cpp
+++ b/dom/security/nsCSPContext.cpp
@@ -322,35 +322,22 @@ NS_IMPL_CLASSINFO(nsCSPContext,
nullptr,
nsIClassInfo::MAIN_THREAD_ONLY,
NS_CSPCONTEXT_CID)
NS_IMPL_ISUPPORTS_CI(nsCSPContext,
nsIContentSecurityPolicy,
nsISerializable)
-int32_t nsCSPContext::sScriptSampleMaxLength;
-bool nsCSPContext::sViolationEventsEnabled = false;
-
nsCSPContext::nsCSPContext()
: mInnerWindowID(0)
, mLoadingContext(nullptr)
, mLoadingPrincipal(nullptr)
, mQueueUpMessages(true)
{
- static bool sInitialized = false;
- if (!sInitialized) {
- Preferences::AddIntVarCache(&sScriptSampleMaxLength,
- "security.csp.reporting.script-sample.max-length",
- 40);
- Preferences::AddBoolVarCache(&sViolationEventsEnabled,
- "security.csp.enable_violation_events");
- sInitialized = true;
- }
-
CSPCONTEXTLOG(("nsCSPContext::nsCSPContext"));
}
nsCSPContext::~nsCSPContext()
{
CSPCONTEXTLOG(("nsCSPContext::~nsCSPContext"));
for (uint32_t i = 0; i < mPolicies.Length(); i++) {
delete mPolicies[i];
@@ -1203,17 +1190,17 @@ nsCSPContext::SendReports(
return NS_OK;
}
nsresult
nsCSPContext::FireViolationEvent(
Element* aTriggeringElement,
const mozilla::dom::SecurityPolicyViolationEventInit& aViolationEventInit)
{
- if (!sViolationEventsEnabled) {
+ if (!StaticPrefs::security_csp_enable_violation_events()) {
return NS_OK;
}
if (mEventListener) {
nsAutoString json;
if (aViolationEventInit.ToJSON(json)) {
mEventListener->OnCSPViolationEvent(json);
}
--- a/dom/security/nsCSPContext.h
+++ b/dom/security/nsCSPContext.h
@@ -4,16 +4,17 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef nsCSPContext_h___
#define nsCSPContext_h___
#include "mozilla/dom/nsCSPUtils.h"
#include "mozilla/dom/SecurityPolicyViolationEvent.h"
+#include "mozilla/StaticPrefs.h"
#include "nsDataHashtable.h"
#include "nsIChannel.h"
#include "nsIChannelEventSink.h"
#include "nsIClassInfo.h"
#include "nsIContentSecurityPolicy.h"
#include "nsIInterfaceRequestor.h"
#include "nsISerializable.h"
#include "nsIStreamListener.h"
@@ -135,17 +136,19 @@ class nsCSPContext : public nsIContentSe
}
nsWeakPtr GetLoadingContext(){
return mLoadingContext;
}
static uint32_t ScriptSampleMaxLength()
{
- return std::max(sScriptSampleMaxLength, 0);
+ return std::max(
+ mozilla::StaticPrefs::security_csp_reporting_script_sample_max_length(),
+ 0);
}
private:
bool permitsInternal(CSPDirective aDir,
mozilla::dom::Element* aTriggeringElement,
nsIURI* aContentLocation,
nsIURI* aOriginalURI,
const nsAString& aNonce,
@@ -161,20 +164,16 @@ class nsCSPContext : public nsIContentSe
mozilla::dom::Element* aTriggeringElement,
const nsAString& aNonce,
const nsAString& aContent,
const nsAString& aViolatedDirective,
uint32_t aViolatedPolicyIndex,
uint32_t aLineNumber,
uint32_t aColumnNumber);
- static int32_t sScriptSampleMaxLength;
-
- static bool sViolationEventsEnabled;
-
nsString mReferrer;
uint64_t mInnerWindowID; // used for web console logging
nsTArray<nsCSPPolicy*> mPolicies;
nsCOMPtr<nsIURI> mSelfURI;
nsDataHashtable<nsCStringHashKey, int16_t> mShouldLoadCache;
nsCOMPtr<nsILoadGroup> mCallingChannelLoadGroup;
nsWeakPtr mLoadingContext;
// The CSP hangs off the principal, so let's store a raw pointer of the principal
--- a/dom/security/nsCSPParser.cpp
+++ b/dom/security/nsCSPParser.cpp
@@ -1,16 +1,17 @@
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "mozilla/ArrayUtils.h"
#include "mozilla/Preferences.h"
+#include "mozilla/StaticPrefs.h"
#include "nsCOMPtr.h"
#include "nsContentUtils.h"
#include "nsCSPParser.h"
#include "nsCSPUtils.h"
#include "nsIConsoleService.h"
#include "nsIContentPolicy.h"
#include "nsIScriptError.h"
#include "nsIStringBundle.h"
@@ -56,18 +57,16 @@ static const uint32_t kSubHostPathCharac
static const char *const kHashSourceValidFns [] = { "sha256", "sha384", "sha512" };
static const uint32_t kHashSourceValidFnsLen = 3;
static const char* const kStyle = "style";
static const char* const kScript = "script";
/* ===== nsCSPParser ==================== */
-bool nsCSPParser::sCSPExperimentalEnabled = false;
-bool nsCSPParser::sStrictDynamicEnabled = false;
nsCSPParser::nsCSPParser(policyTokens& aTokens,
nsIURI* aSelfURI,
nsCSPContext* aCSPContext,
bool aDeliveredViaMetaTag)
: mCurChar(nullptr)
, mEndChar(nullptr)
, mHasHashOrNonce(false)
@@ -79,22 +78,16 @@ nsCSPParser::nsCSPParser(policyTokens& a
, mScriptSrc(nullptr)
, mParsingFrameAncestorsDir(false)
, mTokens(aTokens)
, mSelfURI(aSelfURI)
, mPolicy(nullptr)
, mCSPContext(aCSPContext)
, mDeliveredViaMetaTag(aDeliveredViaMetaTag)
{
- static bool initialized = false;
- if (!initialized) {
- initialized = true;
- Preferences::AddBoolVarCache(&sCSPExperimentalEnabled, "security.csp.experimentalEnabled");
- Preferences::AddBoolVarCache(&sStrictDynamicEnabled, "security.csp.enableStrictDynamic");
- }
CSPPARSERLOG(("nsCSPParser::nsCSPParser"));
}
nsCSPParser::~nsCSPParser()
{
CSPPARSERLOG(("nsCSPParser::~nsCSPParser"));
}
@@ -483,17 +476,17 @@ nsCSPParser::keywordSource()
}
if (CSP_IsKeyword(mCurToken, CSP_REPORT_SAMPLE)) {
return new nsCSPKeywordSrc(CSP_UTF16KeywordToEnum(mCurToken));
}
if (CSP_IsKeyword(mCurToken, CSP_STRICT_DYNAMIC)) {
// make sure strict dynamic is enabled
- if (!sStrictDynamicEnabled) {
+ if (!StaticPrefs::security_csp_enableStrictDynamic()) {
return nullptr;
}
if (!CSP_IsDirective(mCurDir[0], nsIContentSecurityPolicy::SCRIPT_SRC_DIRECTIVE)) {
// Todo: Enforce 'strict-dynamic' within default-src; see Bug 1313937
const char16_t* params[] = { u"strict-dynamic" };
logWarningErrorToConsole(nsIScriptError::warningFlag, "ignoringStrictDynamic",
params, ArrayLength(params));
return nullptr;
@@ -963,17 +956,17 @@ nsCSPDirective*
nsCSPParser::directiveName()
{
CSPPARSERLOG(("nsCSPParser::directiveName, mCurToken: %s, mCurValue: %s",
NS_ConvertUTF16toUTF8(mCurToken).get(),
NS_ConvertUTF16toUTF8(mCurValue).get()));
// Check if it is a valid directive
if (!CSP_IsValidDirective(mCurToken) ||
- (!sCSPExperimentalEnabled &&
+ (!StaticPrefs::security_csp_experimentalEnabled() &&
CSP_IsDirective(mCurToken, nsIContentSecurityPolicy::REQUIRE_SRI_FOR))) {
const char16_t* params[] = { mCurToken.get() };
logWarningErrorToConsole(nsIScriptError::warningFlag, "couldNotProcessUnknownDirective",
params, ArrayLength(params));
return nullptr;
}
// The directive 'reflected-xss' is part of CSP 1.1, see:
--- a/dom/security/nsCSPParser.h
+++ b/dom/security/nsCSPParser.h
@@ -28,19 +28,16 @@ class nsCSPParser {
bool aDeliveredViaMetaTag);
private:
nsCSPParser(policyTokens& aTokens,
nsIURI* aSelfURI,
nsCSPContext* aCSPContext,
bool aDeliveredViaMetaTag);
- static bool sCSPExperimentalEnabled;
- static bool sStrictDynamicEnabled;
-
~nsCSPParser();
// Parsing the CSP using the source-list from http://www.w3.org/TR/CSP11/#source-list
nsCSPPolicy* policy();
void directive();
nsCSPDirective* directiveName();
void directiveValue(nsTArray<nsCSPBaseSrc*>& outSrcs);
--- a/dom/security/nsCSPService.cpp
+++ b/dom/security/nsCSPService.cpp
@@ -1,41 +1,38 @@
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "mozilla/Logging.h"
+#include "mozilla/Preferences.h"
+#include "mozilla/StaticPrefs.h"
#include "nsString.h"
#include "nsCOMPtr.h"
#include "nsIURI.h"
#include "nsIPrincipal.h"
#include "nsIObserver.h"
#include "nsIContent.h"
#include "nsCSPService.h"
#include "nsIContentSecurityPolicy.h"
#include "nsError.h"
#include "nsIAsyncVerifyRedirectCallback.h"
#include "nsAsyncRedirectVerifyHelper.h"
-#include "mozilla/Preferences.h"
#include "nsIScriptError.h"
#include "nsContentUtils.h"
#include "nsContentPolicyUtils.h"
using namespace mozilla;
-/* Keeps track of whether or not CSP is enabled */
-bool CSPService::sCSPEnabled = true;
-
static LazyLogModule gCspPRLog("CSP");
CSPService::CSPService()
{
- Preferences::AddBoolVarCache(&sCSPEnabled, "security.csp.enable");
}
CSPService::~CSPService()
{
mAppStatusCache.Clear();
}
NS_IMPL_ISUPPORTS(CSPService, nsIContentPolicy, nsIChannelEventSink)
@@ -147,17 +144,18 @@ CSPService::ShouldLoad(nsIURI *aContentL
// default decision, CSP can revise it if there's a policy to enforce
*aDecision = nsIContentPolicy::ACCEPT;
// No need to continue processing if CSP is disabled or if the protocol
// or type is *not* subject to CSP.
// Please note, the correct way to opt-out of CSP using a custom
// protocolHandler is to set one of the nsIProtocolHandler flags
// that are whitelistet in subjectToCSP()
- if (!sCSPEnabled || !subjectToCSP(aContentLocation, contentType)) {
+ if (!StaticPrefs::security_csp_enable() ||
+ !subjectToCSP(aContentLocation, contentType)) {
return NS_OK;
}
// Find a principal to retrieve the CSP from. If we don't have a context node
// (because, for instance, the load originates in a service worker), or the
// requesting principal's CSP overrides our document CSP, use the request
// principal. Otherwise, use the document principal.
nsCOMPtr<nsINode> node(do_QueryInterface(requestContext));
@@ -279,17 +277,18 @@ CSPService::AsyncOnChannelRedirect(nsICh
}
// No need to continue processing if CSP is disabled or if the protocol
// is *not* subject to CSP.
// Please note, the correct way to opt-out of CSP using a custom
// protocolHandler is to set one of the nsIProtocolHandler flags
// that are whitelistet in subjectToCSP()
nsContentPolicyType policyType = loadInfo->InternalContentPolicyType();
- if (!sCSPEnabled || !subjectToCSP(newUri, policyType)) {
+ if (!StaticPrefs::security_csp_enable() ||
+ !subjectToCSP(newUri, policyType)) {
return NS_OK;
}
/* Since redirecting channels don't call into nsIContentPolicy, we call our
* Content Policy implementation directly when redirects occur using the
* information set in the LoadInfo when channels are created.
*
* We check if the CSP permits this host for this type of load, if not,
--- a/dom/security/nsCSPService.h
+++ b/dom/security/nsCSPService.h
@@ -21,17 +21,16 @@ class CSPService : public nsIContentPoli
public nsIChannelEventSink
{
public:
NS_DECL_ISUPPORTS
NS_DECL_NSICONTENTPOLICY
NS_DECL_NSICHANNELEVENTSINK
CSPService();
- static bool sCSPEnabled;
protected:
virtual ~CSPService();
private:
// Maps origins to app status.
nsDataHashtable<nsCStringHashKey, uint16_t> mAppStatusCache;
};
--- a/dom/workers/ScriptLoader.cpp
+++ b/dom/workers/ScriptLoader.cpp
@@ -1254,17 +1254,17 @@ private:
// properly set the referrer header on fetch/xhr requests. If bug 1340694
// is ever fixed this can be removed.
rv = mWorkerPrivate->SetPrincipalFromChannel(channel);
NS_ENSURE_SUCCESS(rv, rv);
nsCOMPtr<nsIContentSecurityPolicy> csp = mWorkerPrivate->GetCSP();
// We did inherit CSP in bug 1223647. If we do not already have a CSP, we
// should get it from the HTTP headers on the worker script.
- if (CSPService::sCSPEnabled) {
+ if (StaticPrefs::security_csp_enable()) {
if (!csp) {
rv = mWorkerPrivate->SetCSPFromHeaderValues(tCspHeaderValue,
tCspROHeaderValue);
NS_ENSURE_SUCCESS(rv, rv);
} else {
csp->EnsureEventTarget(mWorkerPrivate->MainThreadEventTarget());
}
}
--- a/modules/libpref/init/StaticPrefList.h
+++ b/modules/libpref/init/StaticPrefList.h
@@ -1159,16 +1159,56 @@ VARCACHE_PREF(
// Anti-tracking permission expiration
VARCACHE_PREF(
"privacy.restrict3rdpartystorage.expiration",
privacy_restrict3rdpartystorage_expiration,
uint32_t, 2592000 // 30 days (in seconds)
)
//---------------------------------------------------------------------------
+// Security prefs
+//---------------------------------------------------------------------------
+
+VARCACHE_PREF(
+ "security.csp.enable",
+ security_csp_enable,
+ bool, true
+)
+
+VARCACHE_PREF(
+ "security.csp.experimentalEnabled",
+ security_csp_experimentalEnabled,
+ bool, false
+)
+
+VARCACHE_PREF(
+ "security.csp.enableStrictDynamic",
+ security_csp_enableStrictDynamic,
+ bool, true
+)
+
+#ifdef NIGHTLY_BUILD
+# define PREF_VALUE true
+#else
+# define PREF_VALUE false
+#endif
+VARCACHE_PREF(
+ "security.csp.enable_violation_events",
+ security_csp_enable_violation_events,
+ bool, PREF_VALUE
+)
+#undef PREF_VALUE
+
+VARCACHE_PREF(
+ "security.csp.reporting.script-sample.max-length",
+ security_csp_reporting_script_sample_max_length,
+ int32_t, 40
+)
+
+//---------------------------------------------------------------------------
// View source prefs
//---------------------------------------------------------------------------
VARCACHE_PREF(
"view_source.editor.external",
view_source_editor_external,
bool, false
)
--- a/modules/libpref/init/all.js
+++ b/modules/libpref/init/all.js
@@ -2513,31 +2513,21 @@ pref("font.name-list.monospace.x-math",
pref("font.blacklist.underline_offset", "FangSong,Gulim,GulimChe,MingLiU,MingLiU-ExtB,MingLiU_HKSCS,MingLiU-HKSCS-ExtB,MS Gothic,MS Mincho,MS PGothic,MS PMincho,MS UI Gothic,PMingLiU,PMingLiU-ExtB,SimHei,SimSun,SimSun-ExtB,Hei,Kai,Apple LiGothic,Apple LiSung,Osaka");
pref("security.directory", "");
// security-sensitive dialogs should delay button enabling. In milliseconds.
pref("security.dialog_enable_delay", 1000);
pref("security.notification_enable_delay", 500);
-pref("security.csp.enable", true);
-pref("security.csp.experimentalEnabled", false);
-pref("security.csp.enableStrictDynamic", true);
-
#if defined(DEBUG) && !defined(ANDROID)
// about:welcome has been added until Bug 1448359 is fixed at which time home, newtab, and welcome will all be removed.
pref("csp.content_privileged_about_uris_without_csp", "blank,home,newtab,printpreview,srcdoc,welcome");
#endif
-#ifdef NIGHTLY_BUILD
-pref("security.csp.enable_violation_events", true);
-#else
-pref("security.csp.enable_violation_events", false);
-#endif
-
// Default Content Security Policy to apply to signed contents.
pref("security.signed_content.CSP.default", "script-src 'self'; style-src 'self'");
// Mixed content blocking
pref("security.mixed_content.block_active_content", false);
pref("security.mixed_content.block_display_content", false);
// Upgrade mixed display content before it's blocked
--- a/parser/html/nsHtml5TreeOpExecutor.cpp
+++ b/parser/html/nsHtml5TreeOpExecutor.cpp
@@ -1130,17 +1130,17 @@ nsHtml5TreeOpExecutor::SetSpeculationRef
if (policy != mozilla::net::RP_Unset) {
SetSpeculationReferrerPolicy(policy);
}
}
void
nsHtml5TreeOpExecutor::AddSpeculationCSP(const nsAString& aCSP)
{
- if (!CSPService::sCSPEnabled) {
+ if (!StaticPrefs::security_csp_enable()) {
return;
}
NS_ASSERTION(NS_IsMainThread(), "Wrong thread!");
nsIPrincipal* principal = mDocument->NodePrincipal();
nsCOMPtr<nsIContentSecurityPolicy> preloadCsp;
nsresult rv = principal->EnsurePreloadCSP(mDocument, getter_AddRefs(preloadCsp));