@@ -252,6 +252,24 @@ CSPService::AsyncOnChannelRedirect(nsIChannel* oldChannel,
252252
253253 nsCOMPtr<nsILoadInfo> loadInfo = oldChannel->LoadInfo ();
254254
255+ // Check CSP navigate-to
256+ // We need to enforce the CSP of the document that initiated the load,
257+ // which is the CSP to inherit.
258+ nsCOMPtr<nsIContentSecurityPolicy> cspToInherit = loadInfo->GetCspToInherit ();
259+ if (cspToInherit) {
260+ bool allowsNavigateTo = false ;
261+ rv = cspToInherit->GetAllowsNavigateTo (newUri, loadInfo,
262+ true , /* aWasRedirected */
263+ false , /* aEnforceWhitelist */
264+ &allowsNavigateTo);
265+ NS_ENSURE_SUCCESS (rv, rv);
266+
267+ if (!allowsNavigateTo) {
268+ oldChannel->Cancel (NS_ERROR_CSP_NAVIGATE_TO_VIOLATION );
269+ return NS_OK ;
270+ }
271+ }
272+
255273 // No need to continue processing if CSP is disabled or if the protocol
256274 // is *not* subject to CSP.
257275 // Please note, the correct way to opt-out of CSP using a custom
@@ -278,13 +296,12 @@ CSPService::AsyncOnChannelRedirect(nsIChannel* oldChannel,
278296 return rv;
279297 }
280298
281- Maybe<nsresult> cancelCode;
282- rv = ConsultCSPForRedirect (originalUri, newUri, loadInfo, cancelCode);
283- if (cancelCode) {
284- oldChannel->Cancel (*cancelCode);
285- }
286- if (NS_FAILED (rv)) {
299+ int16_t decision = nsIContentPolicy::ACCEPT ;
300+ rv = ConsultCSPForRedirect (originalUri, newUri, loadInfo, &decision);
301+ if (NS_CP_REJECTED (decision)) {
287302 autoCallback.DontCallback ();
303+ oldChannel->Cancel (NS_ERROR_DOM_BAD_URI );
304+ return NS_BINDING_FAILED ;
288305 }
289306
290307 return rv;
@@ -293,34 +310,15 @@ CSPService::AsyncOnChannelRedirect(nsIChannel* oldChannel,
293310nsresult CSPService::ConsultCSPForRedirect (nsIURI* aOriginalURI,
294311 nsIURI* aNewURI,
295312 nsILoadInfo* aLoadInfo,
296- Maybe<nsresult>& aCancelCode) {
297- // Check CSP navigate-to
298- // We need to enforce the CSP of the document that initiated the load,
299- // which is the CSP to inherit.
300- nsCOMPtr<nsIContentSecurityPolicy> cspToInherit =
301- aLoadInfo->GetCspToInherit ();
302- if (cspToInherit) {
303- bool allowsNavigateTo = false ;
304- nsresult rv = cspToInherit->GetAllowsNavigateTo (
305- aNewURI, aLoadInfo, true , /* aWasRedirected */
306- false , /* aEnforceWhitelist */
307- &allowsNavigateTo);
308- NS_ENSURE_SUCCESS (rv, rv);
309-
310- if (!allowsNavigateTo) {
311- aCancelCode = Some (NS_ERROR_CSP_NAVIGATE_TO_VIOLATION );
312- return NS_OK ;
313- }
314- }
315-
313+ int16_t * aDecision) {
316314 nsCOMPtr<nsICSPEventListener> cspEventListener;
317315 nsresult rv =
318316 aLoadInfo->GetCspEventListener (getter_AddRefs (cspEventListener));
319- MOZ_ALWAYS_SUCCEEDS ( rv);
317+ NS_ENSURE_SUCCESS (rv, rv);
320318
321319 nsAutoString cspNonce;
322320 rv = aLoadInfo->GetCspNonce (cspNonce);
323- MOZ_ALWAYS_SUCCEEDS ( rv);
321+ NS_ENSURE_SUCCESS (rv, rv);
324322
325323 nsContentPolicyType policyType = aLoadInfo->InternalContentPolicyType ();
326324 bool isPreload = nsContentUtils::IsPreloadType (policyType);
@@ -332,7 +330,6 @@ nsresult CSPService::ConsultCSPForRedirect(nsIURI* aOriginalURI,
332330 policyType =
333331 nsContentUtils::InternalContentPolicyTypeToExternalOrWorker (policyType);
334332
335- int16_t decision = nsIContentPolicy::ACCEPT ;
336333 nsCOMPtr<nsISupports> requestContext = aLoadInfo->GetLoadingContext ();
337334 // 1) Apply speculative CSP for preloads
338335 if (isPreload) {
@@ -349,13 +346,12 @@ nsresult CSPService::ConsultCSPForRedirect(nsIURI* aOriginalURI,
349346 aOriginalURI, // Original nsIURI
350347 true , // aSendViolationReports
351348 cspNonce, // nonce
352- &decision );
349+ aDecision );
353350
354351 // if the preload policy already denied the load, then there
355352 // is no point in checking the real policy
356- if (NS_CP_REJECTED (decision)) {
357- aCancelCode = Some (NS_ERROR_DOM_BAD_URI );
358- return NS_BINDING_FAILED ;
353+ if (NS_CP_REJECTED (*aDecision)) {
354+ return NS_OK ;
359355 }
360356 }
361357 }
@@ -373,11 +369,7 @@ nsresult CSPService::ConsultCSPForRedirect(nsIURI* aOriginalURI,
373369 aOriginalURI, // Original nsIURI
374370 true , // aSendViolationReports
375371 cspNonce, // nonce
376- &decision);
377- if (NS_CP_REJECTED (decision)) {
378- aCancelCode = Some (NS_ERROR_DOM_BAD_URI );
379- return NS_BINDING_FAILED ;
380- }
372+ aDecision);
381373 }
382374
383375 return NS_OK ;
0 commit comments