diff options
| author | janekptacijarabaci <janekptacijarabaci@seznam.cz> | 2017-08-25 09:18:29 +0200 |
|---|---|---|
| committer | wolfbeast <mcwerewolf@gmail.com> | 2018-02-22 11:15:23 +0100 |
| commit | 62d535967977ea64884e4418d78f1dc245e682e1 (patch) | |
| tree | 0b2bc214e7f77ac74a646987d6b22d18e2cdee9f /dom/base | |
| parent | 6f96569b4499be07c210ca6c38739bbbc7ebdee7 (diff) | |
| download | uxp-62d535967977ea64884e4418d78f1dc245e682e1.tar.gz | |
CSP 2 - ignore (x-)frame-options if CSP with frame-ancestors directive exists
Diffstat (limited to 'dom/base')
| -rw-r--r-- | dom/base/nsDocument.cpp | 10 | ||||
| -rw-r--r-- | dom/base/nsDocument.h | 1 |
2 files changed, 10 insertions, 1 deletions
diff --git a/dom/base/nsDocument.cpp b/dom/base/nsDocument.cpp index 8e6920a0e9..4926b6c0a3 100644 --- a/dom/base/nsDocument.cpp +++ b/dom/base/nsDocument.cpp @@ -61,6 +61,7 @@ #include "nsGenericHTMLElement.h" #include "mozilla/dom/CDATASection.h" #include "mozilla/dom/ProcessingInstruction.h" +#include "nsDSURIContentListener.h" #include "nsDOMString.h" #include "nsNodeUtils.h" #include "nsLayoutUtils.h" // for GetFrameForPoint @@ -2456,6 +2457,15 @@ nsDocument::StartDocumentLoad(const char* aCommand, nsIChannel* aChannel, NS_ENSURE_SUCCESS(rv, rv); } + // XFO needs to be checked after CSP because it is ignored if + // the CSP defines frame-ancestors. + if (!nsDSURIContentListener::CheckFrameOptions(aChannel, docShell, NodePrincipal())) { + MOZ_LOG(gCspPRLog, LogLevel::Debug, + ("XFO doesn't like frame's ancestry, not loading.")); + // stop! ERROR page! + aChannel->Cancel(NS_ERROR_CSP_FRAME_ANCESTOR_VIOLATION); + } + return NS_OK; } diff --git a/dom/base/nsDocument.h b/dom/base/nsDocument.h index 17d936055c..fc6749c9f0 100644 --- a/dom/base/nsDocument.h +++ b/dom/base/nsDocument.h @@ -1491,7 +1491,6 @@ private: void PostUnblockOnloadEvent(); void DoUnblockOnload(); - nsresult CheckFrameOptions(); nsresult InitCSP(nsIChannel* aChannel); /** |