Bug 1247464 - Run CSP report URIs through the URL classifier. r?ckerschb
MozReview-Commit-ID: ERoZAbw1nbf
--- a/dom/security/nsCSPContext.cpp
+++ b/dom/security/nsCSPContext.cpp
@@ -846,29 +846,36 @@ nsCSPContext::SendReports(nsISupports* a
CSPCONTEXTLOG(("Could not create nsIURI for report URI %s",
reportURICstring.get()));
logToConsole(MOZ_UTF16("triedToSendReport"), params, ArrayLength(params),
aSourceFile, aScriptSample, aLineNum, 0, nsIScriptError::errorFlag);
continue; // don't return yet, there may be more URIs
}
// try to create a new channel for every report-uri
+ nsLoadFlags loadFlags = nsIRequest::LOAD_NORMAL | nsIChannel::LOAD_CLASSIFY_URI;
if (doc) {
rv = NS_NewChannel(getter_AddRefs(reportChannel),
reportURI,
doc,
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
- nsIContentPolicy::TYPE_CSP_REPORT);
+ nsIContentPolicy::TYPE_CSP_REPORT,
+ nullptr, // aLoadGroup
+ nullptr, // aCallbacks
+ loadFlags);
}
else {
rv = NS_NewChannel(getter_AddRefs(reportChannel),
reportURI,
mLoadingPrincipal,
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
- nsIContentPolicy::TYPE_CSP_REPORT);
+ nsIContentPolicy::TYPE_CSP_REPORT,
+ nullptr, // aLoadGroup
+ nullptr, // aCallbacks
+ loadFlags);
}
if (NS_FAILED(rv)) {
CSPCONTEXTLOG(("Could not create new channel for report URI %s",
reportURICstring.get()));
continue; // don't return yet, there may be more URIs
}