[WM]: support monetization-src CSP directive

browser/modules/MonetizationLoader.jsm

@@ -72,8 +72,7 @@ class MonetizationFetcher {
       paymentPointerInfo.node.nodePrincipal,
       paymentPointerInfo.node.nodePrincipal,
       securityFlags,
-      // TODO: provide proper nsIContentPolicy
-      Ci.nsIContentPolicy.TYPE_OTHER
+      Ci.nsIContentPolicy.TYPE_MONETIZATION
     );
 
     if (this.channel instanceof Ci.nsIHttpChannel) {

devtools/server/actors/network-monitor/network-observer.js

@@ -1676,6 +1676,7 @@ const LOAD_CAUSE_STRINGS = {
   [Ci.nsIContentPolicy.TYPE_FETCH]: "fetch",
   [Ci.nsIContentPolicy.TYPE_IMAGESET]: "imageset",
   [Ci.nsIContentPolicy.TYPE_WEB_MANIFEST]: "webManifest",
+  [Ci.nsIContentPolicy.TYPE_MONETIZATION]: "monetization",
 };
 
 function causeTypeToString(causeType, loadFlags, internalContentPolicyType) {

dom/base/nsContentPolicyUtils.h

@@ -144,6 +144,7 @@ inline const char* NS_CP_ContentTypeName(uint32_t contentType) {
     CASE_RETURN(TYPE_INTERNAL_CHROMEUTILS_COMPILED_SCRIPT);
     CASE_RETURN(TYPE_INTERNAL_FRAME_MESSAGEMANAGER_SCRIPT);
     CASE_RETURN(TYPE_INTERNAL_FETCH_PRELOAD);
+    CASE_RETURN(TYPE_MONETIZATION);
     default:
       return "<Unknown Type>";
   }

dom/base/nsDataDocumentContentPolicy.cpp

@@ -161,7 +161,8 @@ nsDataDocumentContentPolicy::ShouldLoad(nsIURI* aContentLocation,
       contentType == nsIContentPolicy::TYPE_SCRIPT ||
       contentType == nsIContentPolicy::TYPE_XSLT ||
       contentType == nsIContentPolicy::TYPE_FETCH ||
-      contentType == nsIContentPolicy::TYPE_WEB_MANIFEST) {
+      contentType == nsIContentPolicy::TYPE_WEB_MANIFEST ||
+      contentType == nsIContentPolicy::TYPE_MONETIZATION) {
     *aDecision = nsIContentPolicy::REJECT_TYPE;
   }
 

dom/base/nsIContentPolicy.idl

@@ -422,6 +422,11 @@ interface nsIContentPolicy : nsISupports
      */
     TYPE_INTERNAL_FETCH_PRELOAD = 54,
 
+    /**
+     * Indicates a <link rel=monetization>.
+     */
+    TYPE_MONETIZATION = 55,
+
     /* When adding new content types, please update
      * NS_CP_ContentTypeName, nsCSPContext, CSP_ContentTypeToDirective,
      * DoContentSecurityChecks, all nsIContentPolicy implementations, the

dom/cache/DBSchema.cpp

@@ -339,7 +339,8 @@ static_assert(
         nsIContentPolicy::TYPE_INTERNAL_FONT_PRELOAD == 51 &&
         nsIContentPolicy::TYPE_INTERNAL_CHROMEUTILS_COMPILED_SCRIPT == 52 &&
         nsIContentPolicy::TYPE_INTERNAL_FRAME_MESSAGEMANAGER_SCRIPT == 53 &&
-        nsIContentPolicy::TYPE_INTERNAL_FETCH_PRELOAD == 54,
+        nsIContentPolicy::TYPE_INTERNAL_FETCH_PRELOAD == 54 &&
+        nsIContentPolicy::TYPE_MONETIZATION == 55,
     "nsContentPolicyType values are as expected");
 
 namespace {

dom/chrome-webidl/ChannelWrapper.webidl

@@ -32,6 +32,7 @@ enum MozContentPolicyType {
   "csp_report",
   "imageset",
   "web_manifest",
+  "monetization",
   "speculative",
   "other"
 };

dom/fetch/InternalRequest.cpp

@@ -269,6 +269,8 @@ RequestDestination InternalRequest::MapContentPolicyTypeToRequestDestination(
       return RequestDestination::_empty;
     case nsIContentPolicy::TYPE_WEB_MANIFEST:
       return RequestDestination::Manifest;
+    case nsIContentPolicy::TYPE_MONETIZATION:
+      return RequestDestination::Monetization;
     case nsIContentPolicy::TYPE_SAVEAS_DOWNLOAD:
       return RequestDestination::_empty;
     case nsIContentPolicy::TYPE_SPECULATIVE:

dom/fetch/InternalRequest.h

@@ -47,6 +47,7 @@ namespace dom {
  * "image"           | TYPE_INTERNAL_IMAGE, TYPE_INTERNAL_IMAGE_PRELOAD,
  *                   | TYPE_IMAGE, TYPE_INTERNAL_IMAGE_FAVICON, TYPE_IMAGESET
  * "manifest"        | TYPE_WEB_MANIFEST
+ * "monetization"    | TYPE_MONETIZATION
  * "object"          | TYPE_INTERNAL_OBJECT, TYPE_OBJECT
  * "paintworklet"    | TYPE_INTERNAL_PAINTWORKLET
  * "report"          | TYPE_CSP_REPORT

dom/interfaces/security/nsIContentSecurityPolicy.idl

@@ -56,12 +56,13 @@ interface nsIContentSecurityPolicy : nsISerializable
     BASE_URI_DIRECTIVE             = 13,
     FORM_ACTION_DIRECTIVE          = 14,
     WEB_MANIFEST_SRC_DIRECTIVE     = 15,
-    UPGRADE_IF_INSECURE_DIRECTIVE  = 16,
-    CHILD_SRC_DIRECTIVE            = 17,
-    BLOCK_ALL_MIXED_CONTENT        = 18,
-    SANDBOX_DIRECTIVE              = 19,
-    WORKER_SRC_DIRECTIVE           = 20,
-    NAVIGATE_TO_DIRECTIVE          = 21,
+    MONETIZATION_SRC_DIRECTIVE     = 16,
+    UPGRADE_IF_INSECURE_DIRECTIVE  = 17,
+    CHILD_SRC_DIRECTIVE            = 18,
+    BLOCK_ALL_MIXED_CONTENT        = 19,
+    SANDBOX_DIRECTIVE              = 20,
+    WORKER_SRC_DIRECTIVE           = 21,
+    NAVIGATE_TO_DIRECTIVE          = 22,
   };
 
   /**
@@ -151,15 +152,15 @@ interface nsIContentSecurityPolicy : nsISerializable
    * policy.
    * @param aURI The target URI
    * @param aIsFormSubmission True if the navigation was initiated by a form submission. This
-   *        is important since the form-action directive overrides navigate-to in that case.  
+   *        is important since the form-action directive overrides navigate-to in that case.
    * @param aWasRedirect True if a redirect has happened. Important for path-sensitivity.
-   * @param aEnforceWhitelist True if the whitelist of allowed targets must be enforced. If 
-   *        this is true, the whitelist must be enforced even if 'unsafe-allow-redirects' is 
+   * @param aEnforceWhitelist True if the whitelist of allowed targets must be enforced. If
+   *        this is true, the whitelist must be enforced even if 'unsafe-allow-redirects' is
    *        used. If 'unsafe-allow-redirects' is not used then the whitelist is always enforced
    * @return
    *     Whether or not the effects of the navigation is allowed
    */
-  boolean getAllowsNavigateTo(in nsIURI aURI, 
+  boolean getAllowsNavigateTo(in nsIURI aURI,
                               in boolean aIsFormSubmission,
                               in boolean aWasRedirected,
                               in boolean aEnforceWhitelist);

dom/security/SecFetch.cpp

@@ -99,6 +99,8 @@ nsCString MapInternalContentPolicyTypeToDest(nsContentPolicyType aType) {
       return "empty"_ns;
     case nsIContentPolicy::TYPE_WEB_MANIFEST:
       return "manifest"_ns;
+    case nsIContentPolicy::TYPE_MONETIZATION:
+      return "monetization"_ns;
     case nsIContentPolicy::TYPE_SAVEAS_DOWNLOAD:
       return "empty"_ns;
     case nsIContentPolicy::TYPE_SPECULATIVE:

dom/security/nsCSPUtils.cpp

@@ -297,6 +297,9 @@ CSPDirective CSP_ContentTypeToDirective(nsContentPolicyType aType) {
     case nsIContentPolicy::TYPE_WEB_MANIFEST:
       return nsIContentSecurityPolicy::WEB_MANIFEST_SRC_DIRECTIVE;
 
+    case nsIContentPolicy::TYPE_MONETIZATION:
+      return nsIContentSecurityPolicy::MONETIZATION_SRC_DIRECTIVE;
+
     case nsIContentPolicy::TYPE_INTERNAL_WORKER:
     case nsIContentPolicy::TYPE_INTERNAL_SHARED_WORKER:
     case nsIContentPolicy::TYPE_INTERNAL_SERVICE_WORKER:
@@ -1173,6 +1176,11 @@ void nsCSPDirective::toDomCSPStruct(mozilla::dom::CSP& outCSP) const {
       return;
       // not supporting REFLECTED_XSS_DIRECTIVE
 
+    case nsIContentSecurityPolicy::MONETIZATION_SRC_DIRECTIVE:
+      outCSP.mMonetization_src.Construct();
+      outCSP.mMonetization_src.Value() = std::move(srcs);
+      return;
+
     case nsIContentSecurityPolicy::BASE_URI_DIRECTIVE:
       outCSP.mBase_uri.Construct();
       outCSP.mBase_uri.Value() = std::move(srcs);

dom/security/nsCSPUtils.h

@@ -82,6 +82,7 @@ static const char* CSPStrDirectives[] = {
     "base-uri",                   // BASE_URI_DIRECTIVE
     "form-action",                // FORM_ACTION_DIRECTIVE
     "manifest-src",               // MANIFEST_SRC_DIRECTIVE
+    "monetization-src",           // MONETIZATION_SRC_DIRECTIVE
     "upgrade-insecure-requests",  // UPGRADE_IF_INSECURE_DIRECTIVE
     "child-src",                  // CHILD_SRC_DIRECTIVE
     "block-all-mixed-content",    // BLOCK_ALL_MIXED_CONTENT

dom/security/nsContentSecurityManager.cpp

@@ -570,6 +570,11 @@ static nsresult DoContentSecurityChecks(nsIChannel* aChannel,
       break;
     }
 
+    case nsIContentPolicy::TYPE_MONETIZATION: {
+      mimeTypeGuess = "application/spsp4+json"_ns;
+      break;
+    }
+
     case nsIContentPolicy::TYPE_SAVEAS_DOWNLOAD: {
       mimeTypeGuess.Truncate();
       break;

dom/security/nsHTTPSOnlyStreamListener.cpp

@@ -214,6 +214,10 @@ void nsHTTPSOnlyStreamListener::RecordUpgradeTelemetry(nsIRequest* request,
         typeKey = "webmanifest"_ns;
         break;
 
+      case nsIContentPolicy::TYPE_MONETIZATION:
+        typeKey = "monetization"_ns;
+        break;
+
       case nsIContentPolicy::TYPE_PING:
         typeKey = "ping"_ns;
         break;

dom/security/nsMixedContentBlocker.cpp

@@ -551,6 +551,7 @@ nsresult nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect,
     case TYPE_SUBDOCUMENT:
     case TYPE_PING:
     case TYPE_WEB_MANIFEST:
+    case TYPE_MONETIZATION:
     case TYPE_XMLHTTPREQUEST:
     case TYPE_XSLT:
     case TYPE_OTHER:

dom/webidl/CSPDictionaries.webidl

@@ -25,6 +25,7 @@ dictionary CSP {
   sequence<DOMString> form-action;
   sequence<DOMString> referrer;
   sequence<DOMString> manifest-src;
+  sequence<DOMString> monetization-src;
   sequence<DOMString> upgrade-insecure-requests;
   sequence<DOMString> child-src;
   sequence<DOMString> block-all-mixed-content;

dom/webidl/Request.webidl

@@ -70,7 +70,7 @@ dictionary RequestInit {
 enum RequestDestination {
   "",
   "audio", "audioworklet", "document", "embed", "font", "frame", "iframe",
-  "image", "manifest", "object", "paintworklet", "report", "script",
+  "image", "manifest", "monetization", "object", "paintworklet", "report", "script",
   "sharedworker", "style",  "track", "video", "worker", "xslt"
 };
 

ipc/glue/IPCMessageUtilsSpecializations.h

@@ -628,7 +628,7 @@ template <>
 struct ParamTraits<nsContentPolicyType>
     : public ContiguousEnumSerializerInclusive<
           nsContentPolicyType, nsIContentPolicy::TYPE_INVALID,
-          nsIContentPolicy::TYPE_INTERNAL_FETCH_PRELOAD> {};
+          nsIContentPolicy::TYPE_MONETIZATION> {};
 
 template <>
 struct ParamTraits<mozilla::TimeDuration> {