KotJohansson/UXP
1
0
Fork 0
mirror of https://github.com/roytam1/UXP.git synced 2026-05-26 14:54:25 +00:00
Code Issues Projects Releases Wiki Activity

Issue #1959 - Don't apply CSPs to explicit data documents and images.

Browse Source 
This resolves #1959
This commit is contained in:
Moonchild
2022-07-12 12:48:06 +00:00
committed by roytam1
parent 1022f11503
commit 8831656c85
1 changed files with 15 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
dom/base/nsDocument.cpp
+15 -1
View File
@@ -2504,6 +2504,21 @@ nsDocument::InitCSP(nsIChannel* aChannel)
return NS_OK;
}
// If this is explicitly loaded as a data document, no need to set a CSP.
if (mLoadedAsData) {
return NS_OK;
}
// If this is an image, no need to set a CSP.
// If we don't do this, SVG images will be parsed as normal XML documents and
// subject to served CSPs, which might block internally applied inline styles.
// See UXP issue #1959.
nsCOMPtr<nsILoadInfo> loadInfo = aChannel->GetLoadInfo();
if (loadInfo->GetExternalContentPolicyType() ==
nsIContentPolicy::TYPE_IMAGE) {
return NS_OK;
}
nsAutoCString tCspHeaderValue, tCspROHeaderValue;
nsCOMPtr<nsIHttpChannel> httpChannel;
@@ -2532,7 +2547,6 @@ nsDocument::InitCSP(nsIChannel* aChannel)
// Check if this is a signed content to apply default CSP.
bool applySignedContentCSP = false;
nsCOMPtr<nsILoadInfo> loadInfo = aChannel->GetLoadInfo();
if (loadInfo && loadInfo->GetVerifySignedContent()) {
applySignedContentCSP = true;
}