Open
Bug 1960904
Opened 2 months ago
Updated 3 days ago
Integrity-Policy header prototype
Categories
(Core :: DOM: Security, task)
Core
DOM: Security
Tracking
()
ASSIGNED
People
(Reporter: tschuster, Assigned: fkilic)
References
(Depends on 1 open bug, Blocks 2 open bugs)
Details
(Whiteboard: [domsecurity-active])
Attachments
(4 files, 45 obsolete files)
No description provided.
|
Assignee | |
Comment 1•2 months ago
|
||
|
Reporter | |
Updated•2 months ago
|
Summary: Integrity-Policy header parsing prototype → Integrity-Policy header prototype
|
|
Assignee | |
Comment 2•2 months ago
|
||
|
|
Assignee | |
Comment 3•2 months ago
|
||
|
|
Assignee | |
Comment 4•2 months ago
|
||
In part 1, I understood the need and could tell when and where to make changes, but in this patch, I'm not sure about it at all. I blindly copied every CSP change/inhertance, but in all honesty, I'm not sure which ones we need and which ones we don't.
I also haven't covered all the codepaths. The following are still missing (and these are the ones I could trace, there could be even more):
- https://searchfox.org/mozilla-central/rev/19764d620c02025bdcc8d1f3c4fcf5a580407a01/docshell/base/nsDocShell.cpp#12897
- https://searchfox.org/mozilla-central/rev/19764d620c02025bdcc8d1f3c4fcf5a580407a01/docshell/base/nsDocShellLoadState.cpp#486
- https://searchfox.org/mozilla-central/rev/19764d620c02025bdcc8d1f3c4fcf5a580407a01/docshell/shistory/SessionHistoryEntry.cpp#269
- https://searchfox.org/mozilla-central/rev/19764d620c02025bdcc8d1f3c4fcf5a580407a01/docshell/shistory/nsSHEntry.cpp#925
- https://searchfox.org/mozilla-central/rev/19764d620c02025bdcc8d1f3c4fcf5a580407a01/docshell/shistory/nsSHistory.cpp#2403
- https://searchfox.org/mozilla-central/rev/19764d620c02025bdcc8d1f3c4fcf5a580407a01/dom/base/LocationBase.cpp#104
- https://searchfox.org/mozilla-central/rev/19764d620c02025bdcc8d1f3c4fcf5a580407a01/dom/base/nsFrameLoader.cpp#687
- https://searchfox.org/mozilla-central/rev/19764d620c02025bdcc8d1f3c4fcf5a580407a01/dom/base/nsFrameLoader.cpp#690
- https://searchfox.org/mozilla-central/rev/19764d620c02025bdcc8d1f3c4fcf5a580407a01/dom/base/nsObjectLoadingContent.cpp#1462
- https://searchfox.org/mozilla-central/rev/19764d620c02025bdcc8d1f3c4fcf5a580407a01/dom/clients/manager/ClientNavigateOpChild.cpp#254
- https://searchfox.org/mozilla-central/rev/19764d620c02025bdcc8d1f3c4fcf5a580407a01/dom/html/HTMLFormElement.cpp#883
- https://searchfox.org/mozilla-central/rev/19764d620c02025bdcc8d1f3c4fcf5a580407a01/netwerk/ipc/DocumentLoadListener.cpp#2543
- https://searchfox.org/mozilla-central/rev/19764d620c02025bdcc8d1f3c4fcf5a580407a01/toolkit/components/windowwatcher/nsWindowWatcher.cpp#1351
- https://searchfox.org/mozilla-central/rev/19764d620c02025bdcc8d1f3c4fcf5a580407a01/docshell/base/nsDocShell.cpp#8384
- https://searchfox.org/mozilla-central/rev/19764d620c02025bdcc8d1f3c4fcf5a580407a01/docshell/base/nsDocShell.cpp#10068
- https://searchfox.org/mozilla-central/rev/19764d620c02025bdcc8d1f3c4fcf5a580407a01/docshell/base/nsDocShell.cpp#10292
- https://searchfox.org/mozilla-central/rev/19764d620c02025bdcc8d1f3c4fcf5a580407a01/docshell/shistory/SessionHistoryEntry.cpp#58
- https://searchfox.org/mozilla-central/rev/19764d620c02025bdcc8d1f3c4fcf5a580407a01/netwerk/ipc/DocumentChannelChild.cpp#242
|
||
Updated•2 months ago
|
Assignee: nobody → fkilic
Status: NEW → ASSIGNED
|
||
Updated•2 months ago
|
Whiteboard: [domsecurity-active]
|
|
||
Updated•1 month ago
|
Attachment #9479376 -
Attachment description: Bug 1960904 -Parse and store Integrity-Policy(-Report-Only) header(s) → WIP: Bug 1960904 -Parse and store Integrity-Policy(-Report-Only) header(s)
|
|
||
Updated•1 month ago
|
Attachment #9479380 -
Attachment description: Bug 1960904 - Check Integrity-Policy when loading external script → WIP: Bug 1960904 - Check Integrity-Policy when loading external script
|
|
Assignee | |
Comment 5•1 month ago
|
||
|
|
Assignee | |
Comment 6•1 month ago
|
||
|
|
Assignee | |
Comment 7•1 month ago
|
||
|
|
Assignee | |
Comment 8•1 month ago
|
||
|
|
Assignee | |
Comment 9•1 month ago
|
||
|
|
Assignee | |
Comment 10•1 month ago
|
||
|
|
Assignee | |
Comment 11•1 month ago
|
||
|
|
Assignee | |
Comment 12•1 month ago
|
||
Well I'm glad no one is cc'd on this bug.. My moz-phab is acting up, sorry for the disturbance.
|
|
Assignee | |
Comment 13•1 month ago
|
||
|
|
Assignee | |
Comment 14•1 month ago
|
||
|
|
Assignee | |
Comment 15•1 month ago
|
||
|
|
Assignee | |
Comment 16•1 month ago
|
||
|
|
Assignee | |
Comment 17•1 month ago
|
||
|
|
Assignee | |
Comment 18•1 month ago
|
||
|
|
Assignee | |
Comment 19•1 month ago
|
||
|
|
Assignee | |
Comment 20•1 month ago
|
||
|
|
Assignee | |
Comment 21•1 month ago
|
||
|
|
Assignee | |
Comment 22•1 month ago
|
||
|
|
Assignee | |
Comment 23•1 month ago
|
||
|
|
Assignee | |
Comment 24•1 month ago
|
||
|
|
Assignee | |
Comment 25•1 month ago
|
||
|
|
Assignee | |
Comment 26•1 month ago
|
||
|
|
Assignee | |
Comment 27•1 month ago
|
||
|
|
Assignee | |
Comment 28•1 month ago
|
||
|
|
Assignee | |
Comment 29•1 month ago
|
||
|
|
Assignee | |
Comment 30•1 month ago
|
||
|
|
Assignee | |
Comment 31•1 month ago
|
||
|
|
Assignee | |
Comment 32•1 month ago
|
||
|
|
Assignee | |
Comment 33•1 month ago
|
||
|
|
Assignee | |
Comment 34•1 month ago
|
||
|
|
Assignee | |
Comment 35•1 month ago
|
||
|
|
Assignee | |
Comment 36•1 month ago
|
||
|
|
Assignee | |
Comment 37•1 month ago
|
||
|
|
||
Updated•1 month ago
|
Attachment #9484562 -
Attachment is obsolete: true
|
|
||
Updated•1 month ago
|
Attachment #9484558 -
Attachment is obsolete: true
|
|
||
Updated•1 month ago
|
Attachment #9484557 -
Attachment is obsolete: true
|
|
||
Updated•1 month ago
|
Attachment #9484546 -
Attachment is obsolete: true
|
|
||
Updated•1 month ago
|
Attachment #9484533 -
Attachment is obsolete: true
|
|
||
Updated•1 month ago
|
Attachment #9484532 -
Attachment is obsolete: true
|
|
||
Updated•1 month ago
|
Attachment #9479382 -
Attachment is obsolete: true
|
|
||
Updated•1 month ago
|
Attachment #9479381 -
Attachment is obsolete: true
|
|
||
Updated•1 month ago
|
Attachment #9479376 -
Attachment description: WIP: Bug 1960904 -Parse and store Integrity-Policy(-Report-Only) header(s) → WIP: Bug 1960904 - Parse and store Integrity-Policy(-Report-Only) header(s)
|
|
Assignee | |
Comment 38•24 days ago
|
||
|
|
||
Updated•24 days ago
|
Attachment #9479380 -
Attachment is obsolete: true
|
|
||
Updated•24 days ago
|
Attachment #9486329 -
Attachment description: WIP: Bug 1960904 - Add nsIntegrityPolicy as a content-policy → WIP: Bug 1960904 - Add IntegrityPolicy as a content-policy
|
|
Assignee | |
Comment 39•24 days ago
|
||
|
|
Assignee | |
Comment 40•24 days ago
|
||
|
|
||
Updated•20 days ago
|
Attachment #9486392 -
Attachment is obsolete: true
|
|
||
Updated•20 days ago
|
Attachment #9486349 -
Attachment description: WIP: Bug 1960904 - Make IntegrityPolicy nsISerializable → WIP: Bug 1960904 - Make IntegrityPolicy serializable
|
|
Assignee | |
Comment 41•20 days ago
|
||
|
|
Assignee | |
Comment 42•20 days ago
|
||
|
|
Assignee | |
Comment 43•18 days ago
|
||
|
|
||
Updated•18 days ago
|
Attachment #9484563 -
Attachment is obsolete: true
|
|
||
Updated•18 days ago
|
Attachment #9484564 -
Attachment is obsolete: true
|
|
||
Updated•18 days ago
|
Attachment #9484560 -
Attachment is obsolete: true
|
|
||
Updated•18 days ago
|
Attachment #9484567 -
Attachment is obsolete: true
|
|
||
Updated•18 days ago
|
Attachment #9484568 -
Attachment is obsolete: true
|
|
||
Updated•18 days ago
|
Attachment #9484570 -
Attachment is obsolete: true
|
|
||
Updated•18 days ago
|
Attachment #9484571 -
Attachment is obsolete: true
|
|
||
Updated•18 days ago
|
Attachment #9484572 -
Attachment is obsolete: true
|
|
||
Updated•18 days ago
|
Attachment #9484575 -
Attachment is obsolete: true
|
|
||
Updated•18 days ago
|
Attachment #9484577 -
Attachment is obsolete: true
|
|
||
Updated•18 days ago
|
Attachment #9484578 -
Attachment is obsolete: true
|
|
||
Updated•18 days ago
|
Attachment #9484579 -
Attachment is obsolete: true
|
|
||
Updated•18 days ago
|
Attachment #9484580 -
Attachment is obsolete: true
|
|
||
Updated•18 days ago
|
Attachment #9484581 -
Attachment is obsolete: true
|
|
||
Updated•18 days ago
|
Attachment #9484582 -
Attachment is obsolete: true
|
|
||
Updated•18 days ago
|
Attachment #9484584 -
Attachment is obsolete: true
|
|
||
Updated•18 days ago
|
Attachment #9484586 -
Attachment is obsolete: true
|
|
||
Updated•18 days ago
|
Attachment #9484585 -
Attachment is obsolete: true
|
|
||
Updated•18 days ago
|
Attachment #9484587 -
Attachment is obsolete: true
|
|
||
Updated•18 days ago
|
Attachment #9484588 -
Attachment is obsolete: true
|
|
||
Updated•18 days ago
|
Attachment #9484600 -
Attachment is obsolete: true
|
|
||
Updated•18 days ago
|
Attachment #9484601 -
Attachment is obsolete: true
|
|
||
Updated•18 days ago
|
Attachment #9484602 -
Attachment is obsolete: true
|
|
||
Updated•18 days ago
|
Attachment #9484603 -
Attachment is obsolete: true
|
|
||
Updated•18 days ago
|
Attachment #9484605 -
Attachment is obsolete: true
|
|
||
Updated•18 days ago
|
Attachment #9484609 -
Attachment is obsolete: true
|
|
Assignee | |
Comment 44•18 days ago
|
||
This patch is loaded with multiple changes. I couldn't really split it. Sorry :/
In summary
- Added CORSMode to LoadInfo. It is only populated in ScriptLoader. When we want to extend this, we will need to do the same for other destinations.
- About using the request mode instead of CORS mode, I looked into it and it looks like we compute security flags based on CORS mode and pass it into nsIChannel. We could change content policy check method to something similar to ProcessCrossOriginResourcePolicyHeader, and get request mode there, but then we'll lose other properties. I could be wrong, but I think this method is good enough.
- Changed IntegrityPolicy::ShouldLoad a bit. It now matches 100% with the spec and Chrome's implementation.
|
|
||
Updated•17 days ago
|
Attachment #9487839 -
Attachment is obsolete: true
|
|
Assignee | |
Comment 45•16 days ago
|
||
|
|
Assignee | |
Comment 46•16 days ago
|
||
|
|
||
Comment 47•16 days ago
|
||
Comment on attachment 9488363 [details]
WIP: Bug 1960904 - Add RequestMode to LoadInfo
Revision D249807 was moved to bug 1966691. Setting attachment 9488363 [details] to obsolete.
Attachment #9488363 -
Attachment is obsolete: true
|
|
||
Comment 48•16 days ago
|
||
Comment on attachment 9488364 [details]
WIP: Bug 1960904 - Set request mode for script loads
Revision D249808 was moved to bug 1966691. Setting attachment 9488364 [details] to obsolete.
Attachment #9488364 -
Attachment is obsolete: true
|
|
Assignee | |
Comment 49•15 days ago
|
||
|
|
Assignee | |
Comment 50•12 days ago
|
||
|
|
Assignee | |
Comment 51•12 days ago
|
||
|
|
||
Updated•12 days ago
|
Attachment #9489476 -
Attachment is obsolete: true
|
|
||
Updated•9 days ago
|
Attachment #9479376 -
Attachment description: WIP: Bug 1960904 - Parse and store Integrity-Policy(-Report-Only) header(s) → Bug 1960904 - Parse and store Integrity-Policy(-Report-Only) header(s) r=tschuster
|
|
||
Updated•9 days ago
|
Attachment #9486329 -
Attachment description: WIP: Bug 1960904 - Add IntegrityPolicy as a content-policy → Bug 1960904 - Add IntegrityPolicy as a content-policy r=tschuster
|
|
||
Updated•9 days ago
|
Attachment #9486349 -
Attachment description: WIP: Bug 1960904 - Make IntegrityPolicy serializable → Bug 1960904 - Make IntegrityPolicy serializable r=tschuster
|
|
||
Updated•9 days ago
|
Attachment #9487042 -
Attachment description: WIP: Bug 1960904 - Prototype PolicyContainer → Bug 1960904 - Prototype PolicyContainer r=tschuster
|
|
||
Updated•9 days ago
|
Attachment #9487101 -
Attachment description: WIP: Bug 1960904 - Populate PolicyContainer in Document → Bug 1960904 - Populate PolicyContainer in Document r=tschuster
|
|
||
Updated•9 days ago
|
Attachment #9487560 -
Attachment description: WIP: Bug 1960904 - Part 1: Copy PolicyContainer Similar to CSP → Bug 1960904 - Part 1: Copy PolicyContainer Similar to CSP r=tschuster
|
|
||
Updated•9 days ago
|
Attachment #9488443 -
Attachment description: WIP: Bug 1960904 - Part 2: Copy PolicyContainer Similar to CSP → Bug 1960904 - Part 2: Copy PolicyContainer Similar to CSP r=tschuster
|
|
Assignee | |
Comment 52•9 days ago
|
||
|
|
||
Updated•9 days ago
|
Attachment #9489093 -
Attachment description: WIP: Bug 1960904 - Part 3: Copy PolicyContainer Similar to CSP → Bug 1960904 - Part 3: Copy PolicyContainer Similar to CSP r=tschuster
|
|
||
Comment 53•5 days ago
|
||
Comment on attachment 9487042 [details]
Bug 1960904 - Prototype PolicyContainer r=tschuster
Revision D248908 was moved to bug 1968607. Setting attachment 9487042 [details] to obsolete.
Attachment #9487042 -
Attachment is obsolete: true
|
|
||
Comment 54•5 days ago
|
||
Comment on attachment 9487101 [details]
Bug 1960904 - Populate PolicyContainer in Document r=tschuster
Revision D248949 was moved to bug 1968607. Setting attachment 9487101 [details] to obsolete.
Attachment #9487101 -
Attachment is obsolete: true
|
|
||
Comment 55•5 days ago
|
||
Comment on attachment 9487560 [details]
Bug 1960904 - Part 1: Copy PolicyContainer Similar to CSP r=tschuster
Revision D249248 was moved to bug 1968607. Setting attachment 9487560 [details] to obsolete.
Attachment #9487560 -
Attachment is obsolete: true
|
|
||
Comment 56•5 days ago
|
||
Comment on attachment 9488443 [details]
Bug 1960904 - Part 2: Copy PolicyContainer Similar to CSP r=tschuster
Revision D249868 was moved to bug 1968607. Setting attachment 9488443 [details] to obsolete.
Attachment #9488443 -
Attachment is obsolete: true
|
|
||
Comment 57•5 days ago
|
||
Comment on attachment 9489093 [details]
Bug 1960904 - Part 3: Copy PolicyContainer Similar to CSP r=tschuster
Revision D250286 was moved to bug 1968607. Setting attachment 9489093 [details] to obsolete.
Attachment #9489093 -
Attachment is obsolete: true
You need to log in
before you can comment on or make changes to this bug.
Description
•